To ensure proper functionality of the Swif.ai platform, devices must be able to communicate with Swif services over HTTPS. This article outlines the required domains, ports, and network configurations needed for successful deployment and ongoing operation.
Overview
Swif.ai requires outbound HTTPS access to specific domains for:
Device enrollment
Policy synchronization
Command execution
Software updates
Agent downloads
Compliance reporting
Remote support features
All communication is initiated outbound from the device. No inbound firewall rules are required.
Required Domains
Your firewall or network security appliance must allow outbound HTTPS and GRPC traffic to the following domains:
Primary Application Domains
US:
api.swifteam.com
cdn.swifteam.com
dep.swifteam.com
device-processor.swifteam.com
gorilla.swifteam.com
linuxmdm.swifteam.com
mdm.swifteam.com
munki.swifteam.com
munki-manager.swifteam.com
winmdm.swifteam.com
macosmdmgrpc.swifteam.com:7641
windowsmdmgrpc.swifteam.com:7641
gorillagrpc.swifteam.com:7641
linuxmdmgrpc.swifteam.com:7641
EU:
api.eu.swifteam.com
cdn.eu.swifteam.com
dep.eu.swifteam.com
device-processor.eu.swifteam.com
gorilla.eu.swifteam.com
linuxmdm.eu.swifteam.com
mdm.eu.swifteam.com
munki.eu.swifteam.com
munki-manager.eu.swifteam.com
winmdm.eu.swifteam.com
macosmdmgrpc.eu.swifteam.com:7641
windowsmdmgrpc.eu.swifteam.com:7641
gorillagrpc.eu.swifteam.com:7641
linuxmdmgrpc.eu.swifteam.com:7641
Protocol:
HTTPS: Port 443
GRPC: Port 7641
Direction: Outbound
These domains handle:
Device check-ins
Policy updates
Security reporting
Dashboard communication
API interactions
Agent Download (AWS S3)
The Swif agent installer and certain updates are delivered via AWS S3.
Required Endpoint
st-agent.s3.us-west-2.amazonaws.com
Port Requirements
Protocol: HTTPS
Port: Dynamic high ports (typically 60000β69999 range)
Direction: Outbound
Because AWS S3 uses load-balanced infrastructure, the exact port may vary. Ensure outbound HTTPS traffic to this domain is allowed without strict port restrictions.
Important: If your firewall enforces strict port controls, allow ephemeral outbound ports in the 6xxxx range for this S3 endpoint.
Summary of Network Requirements
Purpose | Domain | Protocol | Port | Direction |
APIs for the US |
| HTTPS | 443 | Outbound |
APIs for the EU |
| HTTPS | 443 | Outbound |
Agent Download (S3) |
| HTTPS | 60000β69999 (dynamic) | Outbound |
GRPC for the US |
| GRPC | 7641 | Outbound |
GRPC for the EU |
| GRPC | 7641 | Outbound |
Additional Notes
Swif does not require inbound firewall rules.
TLS inspection or SSL interception may interfere with agent communication. If issues occur, consider excluding Swif domains from SSL inspection.
If using a proxy, ensure system-level services can access the allowed domains.
IP allowlisting is not recommended due to AWS's dynamic infrastructure. Domain-based allowlisting is preferred.
Troubleshooting
If devices cannot enroll or check in:
Verify outbound HTTPS and GRPC access to the above {.swifteam.com} domains
Confirm access to
st-agent.s3.us-west-2.amazonaws.comCheck that SSL inspection is not blocking traffic
Ensure no egress filtering blocks high-numbered ephemeral ports
If issues persist, contact support@swif.ai with firewall logs and device details.