Information:

Environment

Private Last Mile

 

Symptoms

I want to know the port number, domain names, etc. that the Private Last Mile application uses.
I have to follow our company security policy to set firewall software on my machine.

Solution

When setting up Private Last Mile software on an internal machine, the following domain names and IP addresses should be permitted by the firewall (and any other content filtering tools within the company) on the standard ports 80 (HTTP) and 443 (HTTPS):

lastmile.gomez.com
glm-ssl-s.gomez.com
glm-ssl-a.gomez.com

63.251.134.192
63.251.134.193
63.251.134.196

The following applications also need to be added as approved to the firewall software for the Peer to communicate:

Java.exe
PrivatePeer.exe

Notes:

On Thursday March 16, 2017 at 9:00 EST, we will perform scheduled maintenance on the Last Mile infrastructure. During the maintenance window the Last Mile, Private Last Mile and Mobile platforms will be assigned new external IP addresses.  The portal will remain available and measurements and alerts will continue to function.  However, there may be a slight reduction in fill rates during the maintenance window. 

Customers who are using white listing will need to update their lists to reflect the new IP assignments. They are as follows: 
GLM-SSL-A.GOMEZ.COM change from 63.251.134.193 to 69.84.209.208 
GLM-SSL-S.GOMEZ.COM change from 63.251.134.192 to 69.84.209.207 
LASTMILE.GOMEZ.COM change from 63.251.134.196 to 69.84.209.209 

We apologize for any inconvenience this may cause. Ref: CMR-2577

 

Icon

  1. Anonymous (login to see details)

    Hi,

     

    For some sites, when trying to troubleshoot the connectivity to the 3 mentioned servers by setting up a browser session to them, we receive an error that the connection was either unsuccessful (secure connection failed) or we get back the following error for HTTP based requests:

    This Page Cannot Be Displayed


    The system cannot communicate with the external server ( glm-ssl-s.gomez.com ). The Internet server may be busy, may be permanently down, or may be unreachable because of network problems.

    Please check the spelling of the Internet address entered. If it is correct, try this request later.

    If you have questions, or feel this is an error, please contact IT Helpdesk and provide the codes shown below.


    Notification codes: (1, GATEWAY_TIMEOUT, glm-ssl-s.gomez.com)

     

    This behaviour is seen on workstations with a working agent but also without a working agent. For HTTPs requests I guess this has to do with browser vs the agent SSL settings but I would expect to get some results back for normal HTTP requests? Any idea how we could test connectivity through a proxy by using a webbrowser?

     

    regards, Mike

    1. Anonymous (login to see details)

      Hi Mike,

      Directly putting the server url in a browser , it is supposed to return an SSL handshake. Does not return HTML that can be rendered by a browser. You should see a server certificate warning. ( From community page: Diagnosing Private Last Mile Runtime Issues).

      Alternatively, you can use the Windows command Interpreter to run ping command to the servers:

      ping glm-ssl-s.gomez.com

      If Ping command runs through, then the machine has connection to the server, if not then it is blocked. And you may want to contact your IT team to have it whitelisted.

      Hope it helps.

      Nyna

      1. Anonymous (login to see details)

        hi Wang,

        Ok, thanks for sending the link.

        Using PING to check the availability of a website through a proxy server is not possible. Without a proxy server a firewall may block outbound pings but may allow outbound HTTP/HTTPs or vice versa.

         

        regards, Mike

         

         

  2. Anonymous (login to see details)

    I think it should be mentioned whether or not the connectivity to the mentioned hosts is needed on TCP or HTTP layer. If it is HTTP then I it is my understanding that it should be possible to go through a HTTP proxy and there is no need to have firewall rules in place that allow direct TCP connections, can you confirm?