Onboarding Checklist: Networking and Client Software Access
- Phil Rodrigues
March 23, 2023
Summary
PreVeil provides end-to-end encrypted communication between protected devices using the PreVeil client software installed on supported devices. The PreVeil software running on your user client devices must be able to communicate with the PreVeil cloud servers in order for the service to operate.
Network Access
Below is the list of endpoints that are contacted by the PreVeil client-side software. Please confirm these DNS entries have been enabled.
Server Endpoint | Protocol | Port | Description |
HTTPS (http over TLS 1.2/1.3) | 443 | PreVeil website | |
HTTPS (http over TLS 1.2/1.3) | 443 | Web-based version of PreVeil | |
HTTPS (http over TLS 1.2) | 443 | PreVeil application server | |
HTTPS (http over TLS 1.2) | 443 | PreVeil software update management | |
HTTPS (http over TLS 1.2) | 443 | PreVeil software update management | |
| HTTPS (http over TLS 1.2) | 443 | Required for initial (one time) org creation session |
Proxies
PreVeil is compatible with most proxy configurations. Network devices that perform deep packet inspection or other MITM detection may require additional settings to permit communications.
In the absence of proxies, the PreVeil client will make direct connections to Amazon S3 using the default route provided by the system. The PreVeil server will issue pre-signed URLs to the clients so they can download the files faster without additional client-server roundtrip.
Additional Network Communications
PreVeil’s local interface can be accessed to by going to https://www.preveil.com/app which will detect whether or not PreVeil is installed and either redirect the user to http://127.0.0.1:4003 or, if PreVeil is not installed, to the download page at https://www.preveil.com/download .
This check is performed securely and non-invasively by the PreVeil website making a request to https://local-collections-proxy.preveil.com:5000/ping, domain whose DNS has been configured to resolve to 127.0.0.1. The request is only successful if the PreVeil agent process running on 127.0.0.1:5000 responds to the process. This architecture ensures that the chain of trust as established in the HTTPs certificates stays valid.
Client Software Diagnostic Tool and Troubleshooting Logs
In order to confirm that network access has been enabled, we recommend that a member of the security / network / firewall team install the PreVeil software and use the Windows or OSX PreVeil software to perform an automated diagnostic check. This will verify local services are running as expected, and that the PreVeil client software has connectivity with the PreVeil servers. In the event the diagnostic indicates issues, the diagnostic can generate log files for troubleshooting.
Enabling of PreVeil’s Client Software via Antivirus / EDR
PreVeil’s client software agent installs multiple background daemons and local services, including a local-only webserver. As a result, PreVeil services may be flagged and/or blocked by your AV/EDR software.
Spam Filter Settings
Spam filters can block the emails that PreVeil sends during activation, enabling access may be required.
Native Mail Client Integration
PreVeil integrates natively with Outlook on Windows and Apple Mail on OSX.
Supported platforms
Desktop Browsers | Windows | Auto-Add to Mail Clients* | Android | macOS | iOS |
Google Chrome | 11 | Outlook 2019 | Tiramisu (13+) | Ventura (10.18) | 16.x |
Mozilla Firefox | 10 | Outlook 2016 | Snow Cone (12+) | Monterey (10.17 | 15.x |
Microsoft Edge | 8.1 | gmail.com | Red Velvet Cake (11+) | Big Sur (10.16) | 14.x |
|
| Apple Mail 10.x | Quince Tart (10+) | Catalina (10.15) | 13.x |
|
|
| Pie (9.0+) | Mojave (10.14) | 12.x |
|
|
| Oreo (8.0+) | High Sierra (10.13) |
|