I am configuring my firewall to ensure all Ubuntu Pro traffic can travel through it. For example, I am whitelisting esm.ubuntu.com/* for sudo apt updates/upgrades.
On the Ubuntu Pro website, when I go to my subscriptions next to “Active Machines” there’s text that says “The number of machines with this token that contacted Ubuntu Pro in the last 24 hours (Beta)”. A picture of this is attached below.
What FQDN is do I need to whitelist to allow Ubuntu Pro Client to do this pinging? I have looked through the documentation and /etc/apt/apt.conf.d and don’t seem to see anything relating to this.
pro needs to authenticate with Canonical servers to provision the credentials that will grant access to the individual Ubuntu Pro services.
Necessary endpoints:
contracts.canonical.com:443
APT package-based services
Many services are delivered via authenticated APT repositories. These include:
esm-infra and esm-apps
fips and fips-updates
cis and usg
cc-eal
ros and ros-updates
realtime-kernel
Necessary endpoints:
esm.ubuntu.com:443
Livepatch
livepatch requires a snap-packaged client, so snap-related endpoints are necessary. The Livepatch client itself also requires network access to download the patches from the Livepatch server.
Note
The snap documentation page may have more up-to-date information on snap-related network requirements.
Necessary endpoints for snap
api.snapcraft.io:443
dashboard.snapcraft.io:443
login.ubuntu.com:443
*.snapcraftcontent.com:443
Necessary endpoints for livepatch:
livepatch.canonical.com:443
livepatch-files.canonical.com:443
Fix
pro fix needs to fetch information about USNs and/or CVEs from the Ubuntu Security APIs.
