Install and use Visual Studio and Azure Services behind a firewall or proxy server
Applies to: Visual Studio Visual Studio for Mac
Note
This article applies to Visual Studio 2017. If you're looking for the latest Visual Studio documentation, see Visual Studio documentation. We recommend upgrading to the latest version of Visual Studio. Download it here
If you or your organization uses security measures such as a firewall or a proxy server, then there are domain URLs that you might want to add to an "allowlist" and ports and protocols that you might want to open so that you have the best experience when you install and use Visual Studio and Azure Services.
Install Visual Studio: These tables include the domain URLs to add to an allowlist so that you have access to all the components and workloads that you want.
Use Visual Studio and Azure Services: This table includes the domain URLs to add to an allowlist and the ports and protocols to open so that you have access to all the features and services that you want.
Note
This article was written for Visual Studio on Windows, but certain information is also applicable to installing Visual Studio for Mac behind a firewall or proxy server.
Install Visual Studio
URLs to add to an allowlist
Because the Visual Studio Installer downloads files from various domains and their download servers, here are the domain URLs that you might want to add to an allowlist as trusted in the UI or in your deployment scripts.
Microsoft domains
Domain | Purpose |
---|---|
go.microsoft.com | Setup URL resolution |
aka.ms | Setup URL resolution |
download.visualstudio.microsoft.com | Setup packages download location |
download.microsoft.com | Setup packages download location |
download.visualstudio.com | Setup packages download location |
dl.xamarin.com | Setup packages download location |
marketplace.visualstudio.com | Visual Studio Extensions download location |
*.gallerycdn.vsassets.io | Visual Studio Extensions download location |
visualstudio.microsoft.com | Documentation location |
docs.microsoft.com | Documentation location |
msdn.microsoft.com | Documentation location |
www.microsoft.com | Documentation location |
*.windows.net | Sign-in location |
*.microsoftonline.com | Sign-in location |
*.live.com | Sign-in location |
github-releases.githubusercontent.com | Linux Development |
az837173.vo.msecnd.net | Development with Azure Storage |
Non-Microsoft domains
Domain | Installs these workloads |
---|---|
archive.apache.org | Mobile development with JavaScript (Cordova) |
cocos2d-x.org | Game development with C++ (Cocos) |
download.epicgames.com | Game development with C++ (Unreal Engine) |
download.oracle.com | Mobile development with JavaScript (Java SDK) Mobile Development with .NET (Java SDK) |
download.unity3d.com | Game development with Unity (Unity) |
netstorage.unity3d.com | Game development with Unity (Unity) |
dl.google.com | Mobile development with JavaScript (Android SDK and NDK, Emulator) Mobile Development with .NET (Android SDK and NDK, Emulator) |
www.incredibuild.com | Game development with C++ (IncrediBuild) |
www.python.org | Python development (Python) Data science and analytical applications (Python) |
developerservices2.apple.com | Xamarin.iOS provisioning |
developer.apple.com | Xamarin.iOS provisioning |
appstoreconnect.apple.com | Xamarin.iOS provisioning |
idmsa.apple.com | Xamarin.iOS provisioning |
akamaized.net | Content Delivery Network (Akamai Technologies) |
Use Visual Studio and Azure Services
URLs to add to an allowlist and ports and protocols to open
To make sure that you have access to everything you want when you use Visual Studio or Azure Services behind a firewall or proxy server, here are the URLs you should add to an allowlist and the ports and protocols that you might want to open.
Service or scenario | DNS endpoint | Protocol/Port | Description |
---|---|---|---|
URL resolution |
go.microsoft.com aka.ms |
Used to shorten URLs, which then resolve into longer URLs | |
Start Page | vsstartpage.blob.core.windows.net | 443 | Used to display Developer News shown on the start page (Visual Studio 2017 only) |
Targeted Notification Service |
targetednotifications-tm.trafficmanager.net www.research.net |
443 443 |
Used to filter a global list of notifications to a list that is applicable only to specific types of machines/usage scenarios |
Extension update check |
marketplace.visualstudio.com *.windows.net *.microsoftonline.com *.live.com |
443 | Used to provide notifications when an installed extension has an update available Used as a sign-in location |
AI Project Integration |
az861674.vo.msecnd.net | 443 |
Used to configure new projects to send usage data to your registered Application Insights account |
Code Lens | codelensprodscus1su0.app. codelens.visualstudio.com |
443 | Used to provide information in the editor about when a file was last updated, the timeline of changes, the work items that changes are associated with, the authors, and more |
Experimental feature enabling |
visualstudio-devdiv-c2s.msedge.net | 80 | Used to activate experimental new features or feature changes |
Identity "badge" (user name and avatar) and Roaming settings |
app.vssps.visualstudio.com app.vsspsext.visualstudio.com app.vssps.visualstudio.com ns-sb2-prod-ch1-002.cloudapp.net az700632.vo.msecnd.net api.vstsusers.visualstudio.com/profiles/* |
443 | Used to display the user's name and avatar in the IDE Used to make sure that setting changes roam from one machine to another |
Remote Settings | az700632.vo.msecnd.net | 443 | Used to turn off extensions that are known to cause problems in Visual Studio |
Windows Tools | developer.microsoft.com dev.windows.com appdev.microsoft.com |
https/443 | Used for Windows app store scenarios |
JSON Schema Discovery JSON Schema Definition JSON Schema Support for Azure Resources |
json.schemastore.org schemastoreorg.azurewebsites.net json-schema.org schema.management.azure.com |
http/80 https/443 http/80 https/443 |
Used to discover and download JSON schemas that the user might use when editing JSON documents Used to obtain the meta-validation schema for JSON Used to obtain the current schema for Azure Resource Manager deployment templates |
NPM package discovery |
Skimdb.npmjs.com Registry.npmjs.org Api.npms.io |
https/443 http/80 & https/443 https/443 |
Required for searching for NPM packages, and used for client-side script package installation in web projects |
Bower package icons Bower package search |
Bower.io bowercache.azurewebsites.net go.microsoft.com Registry.bower.io |
http/80 https/443 http/80 https/443 |
Provides the default bower package icon Provides the ability to search for Bower packages |
NuGet NuGet package discovery |
api.nuget.org www.nuget.org nuget.org azuresearch-usnc.nuget.org azuresearch-ussc.nuget.org licenses.nuget.org nuget.cdn.azure.cn azuresearch-ea.nuget.org azuresearch-sea.nuget.org crl3.digicert.com crl4.digicert.com ocsp.digicert.com cacerts.digicert.com |
https/443 http/80 & https/443 |
Used to verify signed NuGet packages. Required for searching for NuGet packages and versions |
GitHub repository information | api.github.com | https/443 | Required for getting additional information about bower packages |
Web Linters | Eslint.org www.Bing.com www.coffeelint.org |
http/80 | |
Cookiecutter Explorer template discovery Cookiecutter Explorer project creation |
api.github.com raw.githubusercontent.com go.microsoft.com pypi.org pypi.python.org |
https/443 |
Used to discover online templates from our recommended feed and from GitHub repositories Used to create a project from a cookiecutter template that requires a one-time on-demand installation of a cookiecutter Python package from the Python package index (PyPI) |
Python package discovery Python package management New Python project templates |
pypi.org pypi.python.org bootstrap.pypa.io go.microsoft.com |
https/443 | Provides the ability to search for pip packages Used to install pip automatically if it is missing Used to resolve the following new Python project templates to cookiecutter template URLs: - Classifier Project - Clustering Project - Regression Project - PyGame using PyKinect - Pyvot Project |
Office web add-in Manifest Verification Service |
verificationservice.osi.office.net | https/443 | Used to validate manifests for Office web add-ins |
SharePoint and Office Add-ins |
sharepoint.com microsoft.com/microsoft-365 microsoftonline.com outlook.com |
https/443 | Used to publish and test SharePoint and Office Add-ins to SharePoint Online and Microsoft 365 |
Workflow Manager Test Service Host |
http/12292 | A firewall rule that is created automatically for testing SharePoint add-ins with workflows | |
Automatically collected reliability statistics and other Customer Experience Improvement Programs (CEIP) for Azure SDK and for SQL Tools |
vortex.data.microsoft.com dc.services.visualstudio.com |
https/443 | Used to send reliability statistics (crash/unresponsive data) from the user to Microsoft. Actual crash/unresponsive dumps will still be uploaded if Windows Error Reporting is enabled; only statistical information will be suppressed; Used to reveal usage patterns for the Azure Tools SDK extension to Visual Studio, and for usage patterns for the SQL tooling to Visual Studio |
Visual Studio Customer Experience Improvement Program (CEIP) PerfWatson.exe |
vortex.data.microsoft.com dc.services.visualstudio.com visualstudio-devdiv-c2s.msedge.net az667904.vo.msecnd.net scus-breeziest-in.cloudapp.net |
https/443 | Used to collect usage patterns and error logs Used to track UI freeze issues |
Creation and Management of Azure resources |
management.azure.com management.core.windows.net |
https/443 | Used for creating Azure Websites or other resources to support the publishing of web applications, Azure Functions, or WebJobs |
Updated web publish tooling checks and extension recommendations |
marketplace.visualstudio.com | https/443 | Used for checking for the availability of updated publish tooling. If disabled, a potential recommended extension for web publishing may not be shown |
Updated Azure Resource Creation Endpoint Information |
*.blob.core.windows.net | https/443 | Used to update the endpoints used for the creation of Azure Resources for certain Azure Services. If disabled, the last downloaded or built in endpoint locations are used instead |
Remote debugging and Remote profiling of Azure Websites |
*.cloudapp.net *.azurewebsites.net |
4022 | Used for attaching the remote debugger to Azure Websites. If disabled, attaching the remote debugger to Azure Websites will not work |
Active Directory Graph |
graph.windows.net | https/443 | Used to provision new Azure Active Directory applications. Also used by the Microsoft 365 MSGraph- connected service provider |
Azure Functions CLI Update Check |
functionscdn.azureedge.net | https/443 | Used for checking for updated versions of the Azure Functions CLI. If disabled, a cached copy (or the copy carried by the Azure Functions component) of the CLI will be used instead |
Cordova | npmjs.org gradle.org |
http/80 & https/443 |
HTTP is used for Gradle downloads during build; HTTPS is used to include Cordova plug-ins in projects |
Cloud explorer | 1. <clusterendpoint> Service Fabric 2. <management endpoint> General Cloud Exp 3. <graph endpoint> General Cloud Exp 4. <storage account endpoint> Storage Nodes 5. <Azure portal URLs> General Cloud Exp 6. <key vault endpoints> Azure Resource Manager VM Nodes 7. <PublicIPAddressOfCluster> Service Fabric Remote debugging and ETW Traces |
1.https/19080 2. https/443 3. https/443 4. https/443 5. https/443 6. https/443 7.tcp/dynamic |
1. Example: test12.eastus.cloudapp.com 2. Retrieves subscriptions and retrieves/manages Azure resources 3. Retrieves Azure Stack subscriptions 4. Manages Storage resources (example: mystorageaccount.blob.core.windows.net) 5. "Open in Portal" context menu option (opens a resource in the Azure portal) 6. Creates and uses key vaults for VM debugging (Example: myvault.vault.azure.net) 7. Dynamically allocates block of ports based on number of nodes in the cluster and the available ports. A port block will try to get three times the number of nodes with minimum of 10 ports. For Streaming traces, an attempt is made to get the port block from 810. If any of that port block is already used, then an attempt is made to get the next block, and so on. (It the load balancer is empty, then ports from 810 are most likely used) Similarly for debugging, four sets of the ports blocks are reserved: - connectorPort: 30398, - forwarderPort: 31398, - forwarderPortx86: 31399, - fileUploadPort: 32398 |
Cloud Services | 1. RDP 2. core.windows.net 3. management.azure.com management.core.windows.net 4. *.blob.core.windows.net *.queue.core.windows.net *.table.core.windows.net 5. portal.azure.com 6. <user's cloud service>.cloudapp.net <user's VM>.<region>.azure.com |
1. rdp/3389 2. https/443 3. https/443 4. https/443 5. https/443 6. tcp a) 30398 b) 30400 c) 31398 d) 31400 e) 32398 f) 32400 |
1. Remote Desktop to Cloud Services VM 2. Storage account component of the private diagnostics configuration 3. Azure portal 4. Server Explorer - Azure Storage * is customer named storage account 5. Links to open the portal / Download the subscription certificate / Publish settings file 6. a) Connector local port for remote debug for cloud service and VM 6. b) Connector public port for remote debug for cloud service and VM 6. c) Forwarder local port for remote debug for cloud service and VM 6. d) Forwarder public port for remote debug for cloud service and VM 6. e) File uploader local port for remote debug for cloud service and VM 6. f) File uploader public port for remote debug for cloud service and VM |
Service Fabric | 1. docs.Microsoft.com aka.ms go.microsoft.com 2. vssftools.blob.core.windows.net Vault.azure.com Portal.azure.com 3. * vault.azure.net 4. app.vsaex.visualstudio.com * .vsspsext.visualstudio.com clouds.vsrm.visualstudio.com clouds.visualstudio.com app.vssps.visualstudio.com * .visualstudio.com |
https/443 | 1. Documentation 2. Create Cluster feature 3. The * is the Azure key vault name (Example:- test11220180112110108.vault.azure.net 4. The * is dynamic (Example: vsspsextprodch1su1.vsspsext.visualstudio.com) |
Snapshot Debugger |
1. go.microsoft.com 2. management.azure.com 3. *.azurewebsites.net 4. *.scm.azurewebsites.net 5. api.nuget.org/v3/index.json 6. Remote Service/Servers IP address/FQDN |
1. https/443 2. https/443 3. http/80 4. https/443 5. https/443 6. Concord/ 4022 (Visual Studio version dependent) |
1. Query .json file for app service SKU size 2. Various Azure RM calls 3. Site warmup call via 4. Customer's targeted App Service Kudu endpoint 5. Query Site Extension version published in nuget.org 6. Remote debugging |
Azure Stream Analytics HDInsight |
Management.azure.com | https/443 | Used to view, submit, run, and manage ASA jobs Used to browse HDI clusters, and to submit, diagnose, and debug HDI jobs |
Azure Data Lake | *.azuredatalakestore.net *.azuredatalakeanalytics.net |
https/443 | Used to compile, submit, view, diagnose, and debug jobs; used to browse ADLS files; used to upload and download files |
Packaging Service | [account].visualstudio.com [account].*.visualstudio.com *.blob.core.windows.net registry.npmjs.org nodejs.org dist.nuget.org nuget.org |
https/443 | The *.npmjs.org, *.nuget.org, and *.nodejs.org are only required for certain build task scenarios (for example: NuGet Tool Installer, Node Tool Installer) or if you intend to use public upstream with your Feeds. The other three domains are required for core functionality of the Packaging service. |
Azure DevOps Services | *.vsassets.io static2.sharepointonline.com dev.azure.com |
Used to connect with Azure DevOps Services | |
Azure Service Bus | *.servicebus.windows.net | ampq/5671 and 5672, sbmp/9350-9354, http/80, https/443 |
Used to create queues, topics, and subscriptions. Also used to send/receive messages to/from Service Bus queues and topics. |
Azure Cosmos DB | *.documents.azure.com | https/443 | Used to call core document database APIs. |
Developer Community | sendvsfeedback2.azurewebsites.net/api | https/443 | Used to call Developer Community Feedback Tool APIs (my issues, search, vote, comment, submit, upload, resume) |
Intellicode | *.intellicode.vsengsaas.visualstudio.com | https/443 | Used to call Intellicode APIs |
Live Share | *.liveshare.vsengsaas.visualstudio.com | https/443 | Used to call Live Share APIs |
GitHub Codespaces | *.online.visualstudio.com | https/443 | Used to call GitHub Codespaces APIs |
JavaScript Automatic Type Acquisition | registry.npmjs.org | https/443 | Used to install TypeScript type definitions to provide IntelliSense for popular JavaScript libraries |
Visual Studio Subscriptions Licensing Service | app.vssps.visualstudio.com/apis/ Licensing/ClientRights |
https/443 | Licensing for online activation |
Debugger | 1. vsdebugger.blob.core.windows.net vsdebugger.azureedge.net 2. download.visualstudio.com/*/ onecore.msvsmon.*.zip 3. referencesource.microsoft.com/symbols 4. symbols.nuget.org/download/symbols 5. visualstudio.com 6. msdl.microsoft.com/download/symbols |
https/443 | 1. Used for downloading debugger bits for .NET Core debugging on Unix / macOS over SSH 2. Used for downloading debugger bits for remote Windows Docker container debugging 3. Used for .NET framework source stepping 4. (If user opts-in) Used for downloading symbols published to nuget.org symbol server. 5. (If user opts-in) Used for downloading MS symbols and binaries, might also be needed for debugging managed code in dumps |
GitHub Codespaces | *.online.visualstudio.com | https/443 | Used to call GitHub Codespaces APIs |
Xamarin Android App Publishing | *.googleapis.com play.google.com accounts.google.com |
https/443 | Used to interact with Google Play Store service to publish/upload Xamarin Android Applications directly from Visual Studio. |
Visual Studio Search Service | data-ai.microsoft.com/search | https/443 | Used to provide AI-enabled Visual Studio Search Service in Ctrl+Q search box |
Azure Container Registry | *.azurecr.io | https/443 | Access container registries hosted on Azure, for configuration of CICD pipelines |
Visual Studio for Mac Updater | software.xamarin.com | https/443 | Used to get the list of available updates |
Visual Studio for Mac Error Reporting | nw-umwatson.events.data.microsoft.com | https/443 | Used to collect reliability reports for crashes, unresponsiveness, and delays |
Troubleshoot network-related errors
Sometimes, you might run in to network- or proxy-related errors when you install or use Visual Studio behind a firewall or a proxy server. For more information about solutions for such error messages, see the Troubleshooting network-related errors when you install or use Visual Studio page.
Get support
We offer an installation chat (English only) support option for installation-related issues.
Here are a few more support options:
- Report product issues to us via the Report a Problem tool that appears both in the Visual Studio Installer and in the Visual Studio IDE.
- Suggest a feature, track product issues, and find answers in the Visual Studio Developer Community.
- Use your GitHub account to talk to us and other Visual Studio developers in the Visual Studio conversation in the Gitter community.