Hey!
I am configuring my firewall to ensure all Ubuntu Pro traffic can travel through it. For example, I am whitelisting esm.ubuntu.com/* for sudo apt updates/upgrades.
On the Ubuntu Pro website, when I go to my subscriptions next to “Active Machines” there’s text that says “The number of machines with this token that contacted Ubuntu Pro in the last 24 hours (Beta)”. A picture of this is attached below.
What FQDN is do I need to whitelist to allow Ubuntu Pro Client to do this pinging? I have looked through the documentation and /etc/apt/apt.conf.d and don’t seem to see anything relating to this.
Thank you! I appreciate any help 
Ubuntu Version:
20.04 Desktop LTS
Hi, @arraysmartrack 
I’ve found the web page “Ubuntu Pro Client network requirements” - https://documentation.ubuntu.com/pro-client/en/docs/references/network_requirements/ - that may help you.
From that web page:
"(…)
Authentication
pro needs to authenticate with Canonical servers to provision the credentials that will grant access to the individual Ubuntu Pro services.
Necessary endpoints:
contracts.canonical.com:443
APT package-based services
Many services are delivered via authenticated APT repositories. These include:
esm-infra and esm-appsfips and fips-updatescis and usgcc-ealros and ros-updatesrealtime-kernel
Necessary endpoints:
Livepatch
livepatch requires a snap-packaged client, so snap-related endpoints are necessary. The Livepatch client itself also requires network access to download the patches from the Livepatch server.
Note
The snap documentation page may have more up-to-date information on snap-related network requirements.
Necessary endpoints for snap
api.snapcraft.io:443dashboard.snapcraft.io:443login.ubuntu.com:443*.snapcraftcontent.com:443
Necessary endpoints for livepatch:
livepatch.canonical.com:443livepatch-files.canonical.com:443
Fix
pro fix needs to fetch information about USNs and/or CVEs from the Ubuntu Security APIs.
Necessary endpoints:
(…)"
I hope this helps
1 Like
