Automation Remote

Automation Remote is an on-premises virtual appliance that enables your workflows to communicate with resources inside your network that do not have access to the public internet. Because many on-premises devices are not exposed to the internet, Automation Remote bridges the gap between those devices and the cloud so that they can be incorporated into your workflows.

Automation Remote can be used in many instances where a device you need to access is not available from the public internet. This keeps your on-premises devices safely behind internal network protections and also available as targets for Automation workflows. For example:

  • On-premises ISE deployments - You can use the Automation Remote to relay API calls to the ISE deployment on the local network. This is useful for tasks such as using a workflow activity to quarantine a device.
  • On-premises Secure Firewall Management Center deployments - You can use the Automation Remote to relay API calls from the Automation cloud so that workflow activities can run on the local Secure Firewall Management Center.
  • On-premises terminal or Unix/Linux systems - You can use the Automation Remote to automate shell/terminal commands to a specific identified host within your network.

The following minimum requirements must be met for an Automation Remote virtual appliance:

  • VMware ESXi version 5.5 or newer
  • 2 vCPU
  • 2 GB RAM
  • 30 GB Disk
Note: Setting up the Automation Remote virtual appliance requires advanced understanding of how to create and manage resources in VMware. If you encounter issues within the vSphere client, contact an administrator in your organization or VMware support.

For the Automation Remote to reach the Cisco XDR cloud, outbound TCPS connectivity on port 8883 is required to the following endpoints (depending on your region):

  • North America: automate-remote.us.security.cisco.com
  • Europe: automate-remote.eu.security.cisco.com
  • Asia Pacific, Japan, and China: automate-remote.apjc.security.cisco.com
Note: To verify an IP address in the following table, we recommend that you perform an nslookup on the URLs before adding an IP address to your security configuration.
Region Source IP Addresses
North America (NAM) 52.55.127.225
52.70.148.202
54.161.88.3
Europe (EU) 52.51.152.29
34.249.103.5
34.246.59.230
Asia Pacific, Japan, and China (APJC) 52.196.74.21
52.192.183.139
54.178.93.69

To set up an Automation Remote virtual appliance, you need to do the following:

  1. Create a new Remote in Automation and download its configuration file.
  2. Download the virtual appliance and deploy it using VMware vSphere.
  3. Create or configure targets to use the Remote.
Note: By default, certificates in K3s expire in 12 months. So when the certificate expires on the VM, the Remote will be disconnected, and you'll need to create a new Remote.

For a full walkthrough, see the Remote Setup and Deployment Help topic.