Firewall Settings for MyWorkDrive Server
- OneDrive external file sharing will not function ( a publicly accessible Web File Manager URL is needed for Microsoft to copy files to OneDrive) unless the server can access https://*.live.com and https://wp-onedrive-api.wanpath.net for OneDrive external sharing.
- An internal host name must be used to reference the site for internal file sharing – for example: https://share.mycompany.local if referenced on the internal LAN only.
- Office 365 Editing must be enabled on the MyWorkDrive Server Admin Panel.
Please note Office online editing will function even if the Web File Manager client site is locked down since it is made available during Office online editing transactions on a session basis through our MyWorkDrive reverse proxy in Azure locked down to Microsoft Office online hosts only. Full details are in this article.
Outgoing firewall requirements
To function correctly the MyWorkDrive Server needs outgoing access to the following hosts and TCP ports:
MyWorkDrive license servers at my.nalpeiron.com & my.wanpath.net on ports 80 & 443
Port 443 to *.live.com, *.myworkdrive.net and *.wanpath.net for OneDrive external sharing along with Office 365 URL’s and IP address ranges per Microsoft article here.
MyWorkDrive Relays ( for *.myworkdrive.net and Office 365 Editing relays) TCP ports 443, 9350 through 9354, 5671 & 5672 to all hosts.
Also, we do not recommend locking down your firewall to individual IP addresses, since these may change over time to maintain our service’s high availability.
MyWorkDrive requires a direct internet connection – outgoing proxy services (typically web filtering) will break Office 365 online editing features and MyWorkDrive.net usage.
Warning: Antivirus software installed on the server can interfere with the ability for your MyWorkDrive to communicate with Microsoft Azure for our Office 365 and Cloud Connectors if any firewall features are enabled.
Troubleshooting Office 365 and Cloud Connector firewall issues
Begin by ensure the Office 365 Editing feature and/or the cloud connectors are enabled on the MWD Server admin panel under settings. If enabled, check services.msc on your server for “MyWorkDrive Portbridge Service” . It should be running. If the service is running and has been for at least 1 hour to replicate across our global relays, next test outbound firewall access.
From a command prompt, type “Netstat -b”. Note any connection for portbridge. A healthy service should show something like below with https, 5671 and 9350 series ports open and in and “ESTABLISHED” state. If these are missing, check our outgoing firewall rules, remove any Antivirus software from the MWD server and ensure your MWD server has full internet connectivity. Then run netstat -b again to see if outbound connections are established.
Netstat -b healthy outbound connections:
TCP 10.10.101.6:60469 126.96.36.199:5671
TCP 10.10.101.6:60475 188.8.131.52:9352
TCP 10.10.101.6:60488 184.108.40.206:9352
TCP 10.10.101.6:60515 220.127.116.11:9352
TCP 10.10.101.6:60535 18.104.22.168:9352
TCP 10.10.101.6:60538 22.214.171.124:9352