Skip to main content

Configuring Inventory Beacons for Connection to the Application Server

Those inventory beacons installed with the cloud-based solution that access a central application server use five different URLs, one each for:

  1. Operator authentication
  2. Operator redirection on successful authentication
  3. Normal operation for beacon policy and third-party inventory
  4. Normal operation for FlexNet inventory
  5. Certificate checking for https:// communication.

This page addresses only these outbound URLs from the inventory beacon to the application server. There are many other kinds of connections possible for inventory beacons. For more details about all URLs and ports used in the system, see Ports and URLs for Inventory Beacons.

If you wish to set up security firewall rules for your inventory beacons, configure the appropriate five of the following URLs.

tip

There are several cloud instances, including:

  • Multiple North American production instances (accessed through a common set of URLs as shown below)

  • North American User Acceptance Testing (UAT) instance

  • European production instance

  • European Acceptance Testing (UAT) instance

  • APAC production instance

  • APAC Acceptance Testing (UAT) instance

Each inventory beacon accesses exactly one of the cloud instances. The addresses (including ports) are all symmetrical, and vary only by the domain. Either a North American, European or APAC production instance was assigned to you as part of your order acknowledgment.

For Configuration

When you first install the inventory beacon (see Downloading and Installing the FlexNet Beacon Software) and register it (see Creating and Registering an Inventory Beacon to Upload Inventory to Flexera One), you need to log in to the central application server in the cloud.

InstanceOperator authenticationPost-authentication redirection
US Productionhttps://app.flexera.com/loginhttps://app.flexera.com
US UAThttps://app.flexera.com/loginhttps://app.flexera.com
European Productionhttps://app.flexera.eu/loginhttps://app.flexera.eu
European UAThttps://app.flexera.eu/loginhttps://app.flexera.eu
APAC Productionhttps://app.flexera.au/loginhttps://app.flexera.au
APAC UAThttps://app.flexera.au/loginhttps://app.flexera.au
Note : For performance and reliability monitoring, browser access to the North American, European or APAC web application servers also triggers access to the following URLs:

  • https://js-agent.newrelic.com

  • https://bam.nr-data.net

For Operations

In operation, the inventory beacon communicates to the following URLs:

note

Security certificate check URLs are issued by Amazon, DigiCert or Let's Encrypt and can be changed at any time. URLs issued by Amazon (not applicable to URLs issued by DigiCert or Let's Encrypt) can be verified from a browser, using the certificate viewer available on https://app.flexera.com/login.

InstanceNormal operationSecurity certificate check (see note)
US Productionhttps://beacon.flexnetmanager.com (port 443) https://data.flexnetmanager.com (port 443)Any of the following (port 80):
  • http://*.amazontrust.com
  • http://crl.sca1b.amazontrust.com/sca1b.crl
  • http://*.digicert.com
  • http://*.lencr.org
US UAThttps://beacon.uat.flexnetmanager.com (port 443) https://data.uat.flexnetmanager.com (port 443)Any of the following (port 80):
  • http://*.amazontrust.com
  • http://crl.sca1b.amazontrust.com/sca1b.crl
  • http://*.digicert.com
  • http://*.lencr.org
European Productionhttps://beacon.flexnetmanager.eu (port 443) https://data.flexnetmanager.eu (port 443)Any of the following (port 80):
  • http://*.amazontrust.com
  • http://crl.sca1b.amazontrust.com/sca1b.crl
  • http://*.digicert.com
  • http://*.lencr.org
European UAThttps://beacon.uat.flexnetmanager.eu (port 443) https://data.uat.flexnetmanager.eu (port 443)Any of the following (port 80):
  • http://*.amazontrust.com
  • http://crl.sca1b.amazontrust.com/sca1b.crl
  • http://*.digicert.com
  • http://*.lencr.org
APAC Productionhttps://beacon.flexnetmanager.au (port 443) https://data.flexnetmanager.au (port 443)Any of the following (port 80):
  • http://*.amazontrust.com
  • http://crl.sca1b.amazontrust.com/sca1b.crl
  • http://*.digicert.com
  • http://*.lencr.org
APAC UAThttps://beacon.uat.flexnetmanager.au (port 443) https://data.uat.flexnetmanager.au (port 443)Any of the following (port 80):
  • http://*.amazontrust.com
  • http://crl.sca1b.amazontrust.com/sca1b.crl
  • http://*.digicert.com
  • http://*.lencr.org
note

The security certificate check is for uploads of inventory collected by FlexNet Inventory Agent. It is possible (but not recommended) to disable the security certificate check by setting the string value CheckCertificateRevocation to False in the following registry location: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ManageSoft Corp\ManageSoft\Common

Revocation URLs for signed self-extracting EXE packages

When configuring your proxy or gateway, ensure that the beacon can successfully validate the signatures of self-extracting packages.

The certificate authority used to sign self-extracting EXE packages uses the following URL for revocation checks:

  • http://*.digicert.com

Network IP range settings when not using DNS hostname

It is recommended you use DNS hostnames for network configuration of firewalls between your inventory beacon and IT Asset Management , as IP addresses can change without notice or with only limited notice. If you require the actual IP address range for your firewall or proxy server settings, please refer to the Knowledge Base article https://flexeracommunity.force.com/customer/articles/en_US/INFO/FlexNet-Manager-Suite-Cloud-IP-address-settings

note

Access to the Knowledge Base requires a login to the Customer Community.