Cisco Catalyst Center Third-Generation Appliance Installation Guide, Release 3.2.x

Required internet URLs and fully qualified domain names

Updated: May 12, 2026

Want to summarize with AI?

Overview

Lists the internet addresses Catalyst Center must be able to access.

You must provide secure access to the required URLs and Fully Qualified Domain Names (FQDNs) for the appliance to function.

This table describes the features that make use of each URL and FQDN. You must configure either your network firewall or a proxy server so that IP traffic can travel to and from the appliance and these resources.

Caution

If you do not provide access to the listed URLs and FQDNs, the associated features will not work as intended.

Note

The appliance interface configured to route internet-bound traffic serves as the source for all communications.

Since the destination domain names for third-party vendors may change without notice, it is mandatory to specify them using wildcards.

For more information about internet proxy access requirements, see Provide secure access to the internet.

Table 1. Required URLs and FQDN access
In order to...	...Catalyst Center must access these URLs and FQDNs
Download updates for system software and application packages, and submit user feedback to the product team.	Recommended: https://.ciscoconnectdna.com/ ¹ To avoid wildcards, specify these URLs instead. https://www.ciscoconnectdna.com https://catalogsvc-cdn.ciscoconnectdna.com https://catalogsvc-reg.ciscoconnectdna.com https://catalogsvc-reg-cdn.ciscoconnectdna.com https://catalogsvc-cm.ciscoconnectdna.com https://app-cdn.ciscoconnectdna.com
Submit user feedback to the product team.	https://dnacenter.uservoice.com
Smart Account and SWIM software downloads.	https://apx.cisco.com https://cloudsso.cisco.com/as/token.oauth2 https://.cisco.com/ https://download-ssc.cisco.com/
Authenticate with the cloud domain.	https://dnaservices.cisco.com
Integrate with ThousandEyes.	app.thousandeyes.com This URL uses AWS and might map to *.awsglobalaccelerator.com. Other services that might use AWS could also map to the AWS domain. api.thousandeyes.com
Allow API calls to enable access to Cisco CX Cloud Success Tracks. Otherwise, the enhancements made to extended configuration-based scanning for the Security Advisories, Bug Identifier, and EOX features that Machine Reasoning Engine (MRE) supports will not operate as expected.	https://api-cx.cisco.com
Integrate with Webex.	http://analytics.webexapis.com https://webexapis.com
User feedback.	https://dnacenter.uservoice.com
Connectivity with Cisco Catalyst Cloud and apps hosted there (e.g. AppX MS Teams Integration, Talos integration).	*.cisco.com:443 Otherwise, specific FQDNs are: neoffers.cisco.com neoffers-de.cisco.com neoffers-sg.cisco.com dnaservices.cisco.com
Integrate with Cisco Meraki.	Recommended: *.meraki.com:443 Customers who want to avoid wildcards can specify these URLs instead: dashboard.meraki.com:443 api.meraki.com:443
Check SSL/TLS certificate revocation status using OCSP/CRL.	http://validation.identrust.com http://commercial.ocsp.identrust.com Note These URLs must be reachable both directly and through the proxy server configured for Catalyst Center.
Allow Cisco authorized specialists to collect troubleshooting data when Catalyst Center Remote Support functionality is enabled.	wss://prod.radkit-cloud.cisco.com:443
Integrate with cisco.com and Cisco Smart Licensing.	*.cisco.com:443 To avoid wildcards, specify these URLs instead: software.cisco.com cloudsso.cisco.com cloudsso1.cisco.com cloudsso2.cisco.com apiconsole.cisco.com api.cisco.com apx.cisco.com smartreceiver.cisco.com sso.cisco.com apmx-prod1-vip.cisco.com apmx-prod2-vip.cisco.com tools.cisco.com tools1.cisco.com tools2.cisco.com
Connect to the Network-Based Application Recognition (NBAR) cloud.	prod.sdavc-cloud-api.com:443
Enable the Rogue Management application to detect rogue vendor names.	https://standards-oui.ieee.org/
Render accurate information in site and location maps.	www.mapbox.com .tiles.mapbox.com/ :443. For a proxy, the destination is .tiles.mapbox.com/ Note These URLs are required by the browser to render maps. Browsers must support WebGL (https://webglreport.com/?v=1).
For Cisco AI Network Analytics data collection, configure your network or HTTP proxy to allow outbound HTTPS (TCP 443) access to the cloud hosts.	https://api.use1.prd.kairos.ciscolabs.com (US East Region) https://api.euc1.prd.kairos.ciscolabs.com (EU Central Region)
Access a menu of interactive help flows that let you complete specific tasks from the GUI.	https://ec.walkme.com
Access the licensing service.	https://swapi.cisco.com
Integrate with Cisco Spaces.	https://ciscospaces.io https://ciscospaces.eu https://ciscospaces.sg

¹ Cisco owns and maintains ciscoconnectdna.com and its subdomains. The Cisco Connect DNA infrastructure meets Cisco Security and Trust guidelines. It is tested for security on a continuous basis. This infrastructure is robust, with built-in load balancing and automation capabilities. A cloud operations team monitors and maintains the infrastructure to ensure continuous availability.

Need help?

Open a support case

(Requires a Cisco Service Contract)

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.