Which URLs/Protocols need to be allowed for Autodesk Subscription Licensing

Autodesk Support

Jan 14, 2025


Products and versions covered


Issue:

Users reported that how to allow specific URLs or protocols for Autodesk subscription licensing to pass through a firewall or proxy system and operate correctly.

Solution:

How does Autodesk Subscription work?

Members who purchase a single-user subscription can install their products from the Autodesk Account. After installation, login is required to use the software. Logging in determines the member’s software entitlements. The licensing component collects and sends product usage data to Autodesk servers daily in compliance with the Autodesk Privacy Policy Statement.

 

Does it require two way communication or one way out to server? 

It requires two way communication between Autodesk Servers and Client PCs.

 

Which are the supported proxy configurations for Named User Licensing?

See: Proxy Settings Requirements: Supported proxy configurations for Single-User Access license

 

Are there any third-party application or firewall solutions known to interfere with the Autodesk Subscription/Named User Licensing?

See Autodesk Licensing Service: Known Conflicting Applications.
 

I am using a Firewall and/or proxy in my organization. Which are the domains/protocols that I need to allow for the Autodesk Named User Licensing to work properly?

If the computer connects to the internet through a firewall or a proxy server, ensure that the proxy is configured to allow unrestricted and anonymous access to the below domains. The default port numbers used are 80 for HTTP and 443 for HTTPS


Important Preliminary Checks:


URLs in Gray are example domains under * for the third party Certificate download and verification sites.
The entire list needs to be allowed on the firewall/proxy server for optimal functionality.

Protocol

                URL

Purpose

HTTP
HTTPS

*.autodesk.com

www.autodesk.com
access.clic.autodesk.com
clm.clic.autodesk.com
accounts.autodesk.com
ipm-aem.autodesk.com
cdn.accounts.autodesk.com
cur.autodesk.com

Note: Need to have Content-Type: multipart/form-data enabled for cur.autodesk.com, otherwise payload sending would fail)

registeronce.autodesk.com
developer.api.autodesk.com
auth.autodesk.com
native.auth.autodesk.com
profile.autodesk.com
api.userprofile.autodesk.com


Content Delivery:
cdn.web-platform.io

Captcha (that is, Security):
newassets.hcaptcha.com
js.hcaptcha.com
hcaptcha.com
imgs.hcaptcha.com


For E-SSO:
autologon.microsoftazuread-sso.com
autodesk-prod.okta.com
authn.autodesk.com 

Login, License Entitlement

HTTP
HTTPS

js-agent.newrelic.com

bam.nr-data.net

Application monitoring

HTTP

urs.microsoft.com

Microsoft SmartScreen Filter

HTTP
HTTPS

ssl.google-analytics.com
smetrics.autodesk.com

api.demandbase.com
munchkin.marketo.net
918-fod-433.mktoresp.com
dpm.demdex.net
autodesk.demdex.net
tags.tiqcdn.com
j.6sc.co
c.wa.autodesk.com

www.googletagmanager.com
www.google-analytics.com






Web Analytics



 

HTTP
HTTPS 

cm.eversttech.net
autodesk.tt.omtrdc.net

Web Analytics

HTTP

For Certificate Links, add asterisk wildcard, for example, *.domain as certificate domains normally own many subdomains which may change with time and different regions.

Some errors are caused by revocation checking failure from non-Autodesk sites' own certificate issue. For this, you can use IE to open that site to check with that warning enabled, so you may need set a registry key to enable warnings for certificate revocation failure as per this Microsoft msdn article.

*.symcb.com

s1.symcb.com
s2.symcb.com
sh.symcb.com
s.symcb.com
ss.symcb.com

...
*.ws.symantec.com

ocsp.ws.symantec.com
crl.ws.symantec.com

*.symcd.com

sh.symcd.com
g.symcd.com
ss.symcd.com

...
*.geotrust.com

crl.geotrust.com

*.pki.goog

ocsp.pki.goog

*.verisign.com
*.ss2.us

x.ss2.us
o.ss2.us

*.digicert.com

http://crl3.digicert.com/
http://crl4.digicert.com/
http://ocsp.digicert.com/

*.amazontrust.com

crl.sca1b.amazontrust.com/sca1b.crl
crl.rootca1.amazontrust.com/rootca1.crl
ocsp.sca1b.amazontrust.com/
ocsp.rootg2.amazontrust.com

 

crl.microsoft.com (Microsoft Certificate Revocation List)

Third party Certificate download and verification sites
HTTPS 

 *.pubnubapi.com
           autodesk.pubnubapi.com
api.pserver.sou.autodesk.com

Subscription Monitoring
HTTPS ipm-aem.autodesk.comMarketing
HTTPS stats.g.doubleclick.netMarketing (AdSSO)
HTTPS 

gateway.bluesnap.com
nexus.ensighten.com
d1rvg4h59z7jah.cloudfront.net

In Product Purchase
HTTP download.autodesk.comAutoCAD series products certificated hardware list downloading
HTTPS *.akamaiedge.net ReCap sign in.
HTTPS s3.amazonaws.com;No longer used from AdSSO 11.0.0.1800

 

Which are the minimum open ports and URL settings required for the license service to operate without problems?

These are the domains indicated above as Login, License Entitlement and Third party Certificate download and verification sites to be allowed through the proxy/firewall. Make sure you have verified also the points highlighted under Important Preliminary Checks from the above section.

To verify the required URL access state, install the Licensing Support Tool and run the following command: AdskLicensingSupportTool -u (or AdskLicensingSupportTool --checkurls)

For frequently asked questions related to data security and license authorization refer to:

Products:

All Cloud and Desktop Products;


Was this information helpful?


Need help? Ask the Autodesk Assistant!

The Assistant can help you find answers or contact an agent.


What level of support do you have?

Different subscription plans provide distinct categories of support. Find out the level of support for your plan.

View levels of support