Dela via


Install and use Visual Studio and Azure Services behind a firewall or proxy server

Applies to: yesVisual Studio noVisual Studio for Mac

Note

This article applies to Visual Studio 2017. If you're looking for the latest Visual Studio documentation, see Visual Studio documentation. We recommend upgrading to the latest version of Visual Studio. Download it here

If you or your organization uses security measures such as a firewall or a proxy server, then there are domain URLs that you might want to add to an "allowlist" and ports and protocols that you might want to open so that you have the best experience when you install and use Visual Studio and Azure Services.

  • Install Visual Studio: These tables include the domain URLs to add to an allowlist so that you have access to all the components and workloads that you want.

  • Use Visual Studio and Azure Services: This table includes the domain URLs to add to an allowlist and the ports and protocols to open so that you have access to all the features and services that you want.

Note

This article was written for Visual Studio on Windows, but certain information is also applicable to installing Visual Studio for Mac behind a firewall or proxy server.

Install Visual Studio

URLs to add to an allowlist

Because the Visual Studio Installer downloads files from various domains and their download servers, here are the domain URLs that you might want to add to an allowlist as trusted in the UI or in your deployment scripts.

Microsoft domains

Domain Purpose
go.microsoft.com Setup URL resolution
aka.ms Setup URL resolution
download.visualstudio.microsoft.com Setup packages download location
download.microsoft.com Setup packages download location
download.visualstudio.com Setup packages download location
dl.xamarin.com Setup packages download location
marketplace.visualstudio.com Visual Studio Extensions download location
*.gallerycdn.vsassets.io Visual Studio Extensions download location
visualstudio.microsoft.com Documentation location
docs.microsoft.com Documentation location
msdn.microsoft.com Documentation location
www.microsoft.com Documentation location
*.windows.net Sign-in location
*.microsoftonline.com Sign-in location
*.live.com Sign-in location
github-releases.githubusercontent.com Linux Development
az837173.vo.msecnd.net Development with Azure Storage

Non-Microsoft domains

Domain Installs these workloads
archive.apache.org Mobile development with JavaScript (Cordova)
cocos2d-x.org Game development with C++ (Cocos)
download.epicgames.com Game development with C++ (Unreal Engine)
download.oracle.com Mobile development with JavaScript (Java SDK)

Mobile Development with .NET (Java SDK)
download.unity3d.com Game development with Unity (Unity)
netstorage.unity3d.com Game development with Unity (Unity)
dl.google.com Mobile development with JavaScript (Android SDK and NDK, Emulator)

Mobile Development with .NET (Android SDK and NDK, Emulator)
www.incredibuild.com Game development with C++ (IncrediBuild)
www.python.org Python development (Python)

Data science and analytical applications (Python)
developerservices2.apple.com Xamarin.iOS provisioning
developer.apple.com Xamarin.iOS provisioning
appstoreconnect.apple.com Xamarin.iOS provisioning
idmsa.apple.com Xamarin.iOS provisioning
akamaized.net Content Delivery Network (Akamai Technologies)

Use Visual Studio and Azure Services

URLs to add to an allowlist and ports and protocols to open

To make sure that you have access to everything you want when you use Visual Studio or Azure Services behind a firewall or proxy server, here are the URLs you should add to an allowlist and the ports and protocols that you might want to open.

Service or scenario DNS endpoint Protocol/Port Description
URL
resolution
go.microsoft.com

aka.ms
Used to shorten URLs, which then resolve into longer URLs
Start Page vsstartpage.blob.core.windows.net 443 Used to display Developer News shown on the start page (Visual Studio 2017 only)
Targeted
Notification
Service
targetednotifications-tm.trafficmanager.net

www.research.net
443

443
Used to filter a global list of notifications to a list that is applicable only to specific types of machines/usage scenarios
Extension
update check
marketplace.visualstudio.com

*.windows.net
*.microsoftonline.com
*.live.com
443 Used to provide notifications when an installed extension has an update available

Used as a sign-in location
AI Project
Integration
az861674.vo.msecnd.net 443
Used to configure new projects to send usage data to your registered Application Insights account
Code Lens codelensprodscus1su0.app.
codelens.visualstudio.com
443 Used to provide information in the editor about when a file was last updated, the timeline of changes, the work items that changes are associated with, the authors, and more
Experimental
feature enabling
visualstudio-devdiv-c2s.msedge.net 80 Used to activate experimental new features or feature changes
Identity "badge"
(user name and avatar)
and
Roaming settings
app.vssps.visualstudio.com

app.vsspsext.visualstudio.com

app.vssps.visualstudio.com

ns-sb2-prod-ch1-002.cloudapp.net

az700632.vo.msecnd.net

api.vstsusers.visualstudio.com/profiles/*
443 Used to display the user's name and avatar in the IDE

Used to make sure that setting changes roam from one machine to another
Remote Settings az700632.vo.msecnd.net 443 Used to turn off extensions that are known to cause problems in Visual Studio
Windows Tools developer.microsoft.com

dev.windows.com

appdev.microsoft.com
https/443 Used for Windows app store scenarios
JSON Schema
Discovery

JSON Schema
Definition

JSON Schema
Support for
Azure Resources
json.schemastore.org
schemastoreorg.azurewebsites.net

json-schema.org

schema.management.azure.com
http/80
https/443

http/80

https/443
Used to discover and download JSON schemas that the user might use when editing JSON documents

Used to obtain the meta-validation schema for JSON

Used to obtain the current schema for Azure Resource Manager deployment templates
NPM package
discovery
Skimdb.npmjs.com

Registry.npmjs.org

Api.npms.io
https/443

http/80 &
https/443
https/443
Required for searching for NPM packages, and used for client-side script package installation in web projects
Bower package
icons

Bower package
search
Bower.io

bowercache.azurewebsites.net
go.microsoft.com
Registry.bower.io
http/80

https/443
http/80
https/443
Provides the default bower package icon

Provides the ability to search for Bower packages
NuGet

NuGet package
discovery
api.nuget.org
www.nuget.org
nuget.org
azuresearch-usnc.nuget.org
azuresearch-ussc.nuget.org
licenses.nuget.org
nuget.cdn.azure.cn
azuresearch-ea.nuget.org
azuresearch-sea.nuget.org

crl3.digicert.com
crl4.digicert.com
ocsp.digicert.com
cacerts.digicert.com
https/443

http/80 &
https/443
Used to verify signed NuGet packages.

Required for searching for NuGet packages and versions
GitHub repository information api.github.com https/443 Required for getting additional information about bower packages
Web Linters Eslint.org

www.Bing.com

www.coffeelint.org
http/80
Cookiecutter
Explorer template
discovery

Cookiecutter
Explorer project
creation
api.github.com
raw.githubusercontent.com
go.microsoft.com

pypi.org
pypi.python.org
https/443
Used to discover online templates from our recommended feed and from GitHub repositories

Used to create a project from a cookiecutter template that requires a one-time on-demand installation of a cookiecutter Python package from the Python package index (PyPI)
Python package
discovery

Python package
management

New
Python
project
templates
pypi.org

pypi.python.org
bootstrap.pypa.io

go.microsoft.com
https/443 Provides the ability to search for pip packages

Used to install pip automatically if it is missing

Used to resolve the following new Python project templates to cookiecutter template URLs:
- Classifier Project
- Clustering Project
- Regression Project
- PyGame using PyKinect
- Pyvot Project
Office web
add-in
Manifest
Verification
Service
verificationservice.osi.office.net https/443 Used to validate manifests for Office web add-ins
SharePoint and
Office Add-ins
sharepoint.com
microsoft.com/microsoft-365
microsoftonline.com
outlook.com
https/443 Used to publish and test SharePoint and Office Add-ins to SharePoint Online and Microsoft 365
Workflow Manager
Test Service
Host
http/12292 A firewall rule that is created automatically for testing SharePoint add-ins with workflows
Automatically collected
reliability statistics
and other
Customer Experience
Improvement Programs (CEIP)
for Azure SDK and
for SQL Tools

vortex.data.microsoft.com

dc.services.visualstudio.com
https/443 Used to send reliability statistics (crash/unresponsive data) from the user to Microsoft. Actual crash/unresponsive dumps will still be uploaded if Windows Error Reporting is enabled; only statistical information will be suppressed;
Used to reveal usage patterns for the Azure Tools SDK extension to Visual Studio, and for usage patterns for the SQL tooling to Visual Studio
Visual Studio
Customer Experience
Improvement Program (CEIP)

PerfWatson.exe
vortex.data.microsoft.com
dc.services.visualstudio.com
visualstudio-devdiv-c2s.msedge.net
az667904.vo.msecnd.net
scus-breeziest-in.cloudapp.net
https/443 Used to collect usage patterns and error logs

Used to track UI freeze issues
Creation and
Management of
Azure resources
management.azure.com
management.core.windows.net
https/443 Used for creating Azure Websites or other resources to support the publishing of web applications, Azure Functions, or WebJobs
Updated web publish tooling
checks and extension
recommendations
marketplace.visualstudio.com https/443 Used for checking for the availability of updated publish tooling. If disabled, a potential recommended extension for web publishing may not be shown
Updated Azure Resource
Creation Endpoint Information
*.blob.core.windows.net https/443 Used to update the endpoints used for the creation of Azure Resources for certain Azure Services. If disabled, the last downloaded or built in endpoint locations are used instead
Remote debugging and
Remote profiling of
Azure Websites
*.cloudapp.net
*.azurewebsites.net
4022 Used for attaching the remote debugger to Azure Websites. If disabled, attaching the remote debugger to Azure Websites will not work
Active Directory
Graph
graph.windows.net https/443 Used to provision new Azure Active Directory applications. Also used by the Microsoft 365 MSGraph- connected service provider
Azure Functions
CLI Update
Check
functionscdn.azureedge.net https/443 Used for checking for updated versions of the Azure Functions CLI. If disabled, a cached copy (or the copy carried by the Azure Functions component) of the CLI will be used instead
Cordova npmjs.org
gradle.org
http/80 &
https/443
HTTP is used for Gradle downloads during build; HTTPS is used to include Cordova plug-ins in projects
Cloud explorer 1. <clusterendpoint>
Service Fabric
2. <management endpoint>
General Cloud Exp
3. <graph endpoint>
General Cloud Exp
4. <storage account endpoint>
Storage Nodes
5. <Azure portal URLs>
General Cloud Exp
6. <key vault endpoints>
Azure Resource Manager VM Nodes
7. <PublicIPAddressOfCluster>
Service Fabric Remote debugging and ETW Traces

1.https/19080
2. https/443
3. https/443
4. https/443
5. https/443
6. https/443
7.tcp/dynamic
1. Example: test12.eastus.cloudapp.com
2. Retrieves subscriptions and retrieves/manages Azure resources
3. Retrieves Azure Stack subscriptions
4. Manages Storage resources (example: mystorageaccount.blob.core.windows.net)
5. "Open in Portal" context menu option (opens a resource in the Azure portal)
6. Creates and uses key vaults for VM debugging (Example: myvault.vault.azure.net)

7. Dynamically allocates block of ports based on number of nodes in the cluster and the available ports. 

A port block will try to get three times the number of nodes with minimum of 10 ports.

For Streaming traces, an attempt is made to get the port block from 810. If any of that port block is already used, then an attempt is made to get the next block, and so on. (It the load balancer is empty, then ports from 810 are most likely used)

Similarly for debugging, four sets of the ports blocks are reserved:
- connectorPort: 30398, 
- forwarderPort: 31398, 
- forwarderPortx86: 31399,
- fileUploadPort: 32398
Cloud Services 1. RDP

2. core.windows.net

3. management.azure.com
management.core.windows.net

4. *.blob.core.windows.net
*.queue.core.windows.net
*.table.core.windows.net

5. portal.azure.com

6. <user's cloud service>.cloudapp.net
<user's VM>.<region>.azure.com
1. rdp/3389

2. https/443

3. https/443

4. https/443

5. https/443

6. tcp
a) 30398
b) 30400
c) 31398
d) 31400
e) 32398
f) 32400
1. Remote Desktop to Cloud Services VM

2. Storage account component of the private diagnostics configuration

3. Azure portal

4. Server Explorer - Azure Storage * is customer named storage account

5. Links to open the portal / Download the subscription certificate / Publish settings file

6. a) Connector local port for remote debug for cloud service and VM
6. b) Connector public port for remote debug for cloud service and VM
6. c) Forwarder local port for remote debug for cloud service and VM
6. d) Forwarder public port for remote debug for cloud service and VM
6. e) File uploader local port for remote debug for cloud service and VM
6. f) File uploader public port for remote debug for cloud service and VM
Service Fabric 1.
docs.Microsoft.com
aka.ms
go.microsoft.com

2.
vssftools.blob.core.windows.net
Vault.azure.com
Portal.azure.com

3. * vault.azure.net

4.
app.vsaex.visualstudio.com
* .vsspsext.visualstudio.com
clouds.vsrm.visualstudio.com
clouds.visualstudio.com
app.vssps.visualstudio.com
* .visualstudio.com
https/443 1. Documentation

2. Create Cluster feature

3. The * is the Azure key vault name (Example:- test11220180112110108.vault.azure.net

4. The * is dynamic (Example: vsspsextprodch1su1.vsspsext.visualstudio.com)
Snapshot
Debugger
1. go.microsoft.com
2. management.azure.com
3. *.azurewebsites.net
4. *.scm.azurewebsites.net
5. api.nuget.org/v3/index.json
6. Remote Service/Servers IP address/FQDN
1. https/443
2. https/443
3. http/80
4. https/443
5. https/443
6. Concord/
4022 (Visual Studio version dependent)
1. Query .json file for app service SKU size
2. Various Azure RM calls
3. Site warmup call via
4. Customer's targeted App Service Kudu endpoint
5. Query Site Extension version published in nuget.org
6. Remote debugging
Azure Stream Analytics

HDInsight
Management.azure.com https/443 Used to view, submit, run, and manage ASA jobs

Used to browse HDI clusters, and to submit, diagnose, and debug HDI jobs
Azure Data Lake *.azuredatalakestore.net
*.azuredatalakeanalytics.net
https/443 Used to compile, submit, view, diagnose, and debug jobs; used to browse ADLS files; used to upload and download files
Packaging Service [account].visualstudio.com
[account].*.visualstudio.com
*.blob.core.windows.net
registry.npmjs.org
nodejs.org
dist.nuget.org
nuget.org
https/443 The *.npmjs.org, *.nuget.org, and *.nodejs.org are only required for certain build task scenarios (for example: NuGet Tool Installer, Node Tool Installer) or if you intend to use public upstream with your Feeds. The other three domains are required for core functionality of the Packaging service.
Azure DevOps Services *.vsassets.io
static2.sharepointonline.com
dev.azure.com
Used to connect with Azure DevOps Services
Azure Service Bus *.servicebus.windows.net ampq/5671 and 5672,
sbmp/9350-9354,
http/80,
https/443
Used to create queues, topics, and subscriptions.
Also used to send/receive messages to/from Service Bus queues and topics.
Azure Cosmos DB *.documents.azure.com https/443 Used to call core document database APIs.
Developer Community sendvsfeedback2.azurewebsites.net/api https/443 Used to call Developer Community Feedback Tool APIs (my issues, search, vote, comment, submit, upload, resume)
Intellicode *.intellicode.vsengsaas.visualstudio.com https/443 Used to call Intellicode APIs
Live Share *.liveshare.vsengsaas.visualstudio.com https/443 Used to call Live Share APIs
GitHub Codespaces *.online.visualstudio.com https/443 Used to call GitHub Codespaces APIs
JavaScript Automatic Type Acquisition registry.npmjs.org https/443 Used to install TypeScript type definitions to provide IntelliSense for popular JavaScript libraries
Visual Studio Subscriptions Licensing Service app.vssps.visualstudio.com/apis/
Licensing/ClientRights
https/443 Licensing for online activation
Debugger 1.
vsdebugger.blob.core.windows.net
vsdebugger.azureedge.net

2.
download.visualstudio.com/*/
onecore.msvsmon.*.zip

3. referencesource.microsoft.com/symbols

4.
symbols.nuget.org/download/symbols

5. visualstudio.com

6. msdl.microsoft.com/download/symbols
https/443 1.
Used for downloading debugger bits for .NET Core debugging on Unix / macOS over SSH

2.
Used for downloading debugger bits for remote Windows Docker container debugging

3. Used for .NET framework source stepping

4.
(If user opts-in) Used for downloading symbols published to nuget.org symbol server.

5. (If user opts-in) Used for downloading MS symbols and binaries, might also be needed for debugging managed code in dumps
GitHub Codespaces *.online.visualstudio.com https/443 Used to call GitHub Codespaces APIs
Xamarin Android App Publishing *.googleapis.com
play.google.com
accounts.google.com
https/443 Used to interact with Google Play Store service to publish/upload Xamarin Android Applications directly from Visual Studio.
Visual Studio Search Service data-ai.microsoft.com/search https/443 Used to provide AI-enabled Visual Studio Search Service in Ctrl+Q search box
Azure Container Registry *.azurecr.io https/443 Access container registries hosted on Azure, for configuration of CICD pipelines
Visual Studio for Mac Updater software.xamarin.com https/443 Used to get the list of available updates
Visual Studio for Mac Error Reporting nw-umwatson.events.data.microsoft.com https/443 Used to collect reliability reports for crashes, unresponsiveness, and delays

Sometimes, you might run in to network- or proxy-related errors when you install or use Visual Studio behind a firewall or a proxy server. For more information about solutions for such error messages, see the Troubleshooting network-related errors when you install or use Visual Studio page.

Get support

We offer an installation chat (English only) support option for installation-related issues.

Here are a few more support options:

See also