Automation Remote

Automation Remote is an on-premises virtual appliance that enables your workflows to communicate with resources inside your network that do not have access to the public internet. Because many on-premises devices are not exposed to the internet, Automation Remote bridges the gap between those devices and the cloud so that they can be incorporated into your workflows.

Automation Remote can be used in many instances where a device you need to access is not available from the public internet. This keeps your on-premises devices safely behind internal network protections and also available as targets for Automation workflows. For example:

  • On-premises ISE deployments - You can use the Automation Remote to relay API calls to the ISE deployment on the local network. This is useful for tasks such as using a workflow activity to quarantine a device.
  • On-premises Secure Firewall Management Center deployments - You can use the Automation Remote to relay API calls from the Automation cloud so that workflow activities can run on the local Secure Firewall Management Center.
  • On-premises terminal or Unix/Linux systems - You can use the Automation Remote to automate shell/terminal commands to a specific identified host within your network.

The following minimum requirements must be met for an Automation Remote virtual appliance:

  • VMware ESXi version 5.5 or newer
  • 2 vCPU
  • 2 GB RAM
  • 30 GB Disk
Note: Setting up the Automation Remote virtual appliance requires advanced understanding of how to create and manage resources in VMware. If you encounter issues within the vSphere client, contact an administrator in your organization or VMware support.

For the Automation Remote to reach the Cisco XDR cloud, outbound TCPS connectivity on port 8883 is required to the following endpoints (depending on your region):

  • North America: automate-remote.us.security.cisco.com
  • Europe: automate-remote.eu.security.cisco.com
  • Asia Pacific, Japan, and China: automate-remote.apjc.security.cisco.com
Note: To verify an IP address in the following table, we recommend that you perform an nslookup on the URLs before adding an IP address to your security configuration.
Region Source IP Addresses
North America (NAM) 52.55.127.225
52.70.148.202
54.161.88.3
Europe (EU) 52.51.152.29
34.249.103.5
34.246.59.230
Asia Pacific, Japan, and China (APJC) 52.196.74.21
52.192.183.139
54.178.93.69

To set up an Automation Remote virtual appliance, here are the summary steps:

  1. In Automation, create a new Remote and download its configuration file.
  2. Download the virtual appliance and use VMware vSphere to deploy it.
  3. In Automation, verify that the status of the Remote is now connected.
  4. Create or configure targets to use the Remote.

For a detailed walkthrough of the steps above, see the Remote Setup and Deployment Help topic.

By default, certificates in K3s expire after 12 months. So when the certificate expires on the VM, the Remote will be disconnected from it. You'll need to set up a new replacement virtual appliance for the Remote to connect to. Here are the summary steps:

  1. Shut down the previously installed virtual appliance and delete it to free up network resources such as the IP address.

  2. In Automation, go to the disconnected Remote and choose the Revoke action to void the existing connection details, which changes the status to Revoked.

  3. Refresh the page, and choose the Regenerate action to download a new configuration file.

  4. Refer to the Remote Setup and Deployment Help topic and complete the Configure and Deploy the Virtual Appliance section.

  5. In Automation, verify that the status of the Remote is now connected.

Note: On May 31, 2025, Ubuntu 20.04 LTS will reach the end of its standard five-year support window. Your existing Remote configuration will continue to work. However, we recommend that you redeploy your Remote VM by completing the steps above with our most recent OVA to maintain support using the newer Ubuntu 24.04 LTS.