Firewall and White List Information

This information covers nearly all destinations VTS will need to communicate with to give exams

The following ports, IPs, and domains are required for VTS to function:

We use Ports 443 and 80  

Ports 80 and 443 must be open for full outbound traffic, with no packet filtering.

Ports 443 and 2488 must also be open internally between the server and the deliveries for the site services agent to run. 

IP Address range for our Gatekeeper:

159.182.111.0 - 159.182.111.255 
159.182.211.0 - 159.182.211.255  

The Gatekeepers work on SLL technology in a round robin configuration. No one IP address remains up continuously. 

The other IPs outside of the gatekeeper for the Host.p12 to authenticate to are as follows:

Server:  bgtmndcncsp2.ncsp.peroot.com

Address:  159.182.250.198

Name:    caic1-dmz.pearsonvue.com

Address:  159.182.111.175    159.182.111.150

Aliases:  crl.pearsonvue.com, https://vtssoftware-vue.pearson.com

Unrestricted access to http://*.pearson.com , https://*.pearson.com, http://*.pearsonvue.com, & https://*.pearsonvue.com

Below are the network requirements for delivering A-BE/IBT exams:

This information is only used for sites giving online exams such as Microsoft, CompTIA, FSOT.

Port 443 (HTTPS) – open continuous, unrestricted connection
IP range 159.182.0.0/16 open
For A-BE exams running through AWS:
52.214.248.160
US East - testdelivery-hs-prd-1.pearsonvue.com / 52.5.238.233
Ireland - testdelivery-hs-prd-2.pearsonvue.com / 52.214.248.160
US West - testdelivery-hs-prd-3.pearsonvue.com / 34.216.43.69
Port 80 TCP
443 TCP
Allow ping (ICMP)
Unrestricted access to http://*.pearson.com , https://*.pearson.com, http://*.pearsonvue.com, & https://*.pearsonvue.com
Pearson Strongly Recommends avoiding network configurations involving Proxy Servers, Advanced Firewall Security Configurations and other network security measures, including, but not limited to: Packet Filtering or Packet Inspection.  These advanced security configurations are known to cause moderate to severe degradation in test delivery performance

To test the test center connectivity to AWS cluster, please open the following link at the center https://testdelivery-hs-prd-2.pearsonvue.com/Minerva/version ITS Connectivity

64.27.100.27
64.27.64.232
64.106.193.0/24
64.106.220.0/24
206.188.17.0/24
191.232.139.0/24 - Akamai/Microsoft
The following Domains have been approved and given unrestricted access:

http://*.starttest.com
https://*.starttest.com
http://*.starttest2.com
https://*.starttest2.com
http://*.startpractice.com
https://*.startpractice.com
http://*.programworkshop.com
https://*.programworkshop.com
NOTE - Sometimes it works better on certain systems if you add them in one of these fashions:

(1) http://starttest.com
(2) http://starttest2.com
(3) *.starttest.com*
(4) *.starttest2.com*
(5) *.programworkshop.com*

GIAC:

Port: 443
IP Addresses:
66.35.45.207
66.35.45.113
66.35.45.114
204.51.94.105
204.51.94.106
204.51.94.203
204.51.94.111

Oracle:

64.27.64.232  

Port 443, 80
www.starttest*.com

VM Ware:

Port 443

Certification.vmware.com

Kaplan:

Port 80

Jasper.kaptest.com

KBR:

Port 443

www.selectionsage.com



Article ID: 18
Last updated: 27 Oct, 2020
Revision: 1
KBPublisher Introduction -> Firewall and White List Information
https://pearson.makekb.com/entry/18/