Automation Remote

Automation Remote is an on-premises deployment that enables your workflows to communicate with resources inside your network that do not have access to the public internet. Because many on-premises devices are not exposed to the internet, Automation Remote bridges the gap between those devices and the cloud so that they can be incorporated into your workflows.

Automation Remote can be deployed as an OVA virtual appliance or as a Docker package. Choose the package format that matches your infrastructure when you create and download the Remote.

Automation Remote can be used in many instances where a device you need to access is not available from the public internet. This keeps your on-premises devices safely behind internal network protections and also available as targets for Automation workflows. For example:

  • On-premises ISE deployments - You can use the Automation Remote to relay API calls to the ISE deployment on the local network. This is useful for tasks such as using a workflow activity to quarantine a device.

  • On-premises Secure Firewall Management Center deployments - You can use the Automation Remote to relay API calls from the Automation cloud so that workflow activities can run on the local Secure Firewall Management Center.
  • On-premises terminal or Unix/Linux systems - You can use the Automation Remote to automate shell/terminal commands to a specific identified host within your network.

OVA Package

The following minimum requirements must be met for an Automation Remote virtual appliance:

  • VMware vSphere or vCenter
  • VMware ESXi version 8 or newer
  • 2 vCPU
  • 2 GB RAM
  • 30 GB Disk Setting up an OVA-based Automation Remote virtual appliance requires advanced understanding of how to create and manage resources in VMware. If you encounter issues within the vSphere client, contact an administrator in your organization or VMware support.

v3 OVA-based Automation Remote Connectivity

For v3 OVA-based Automation Remotes to reach the Cisco XDR cloud, outbound TCPS connectivity on port 5671 is required to the following endpoints (depending on your region):

  • North America: automate-remote-v3.us.security.cisco.com
  • Europe: automate-remote-v3.eu.security.cisco.com
  • Asia Pacific, Japan, and China: automate-remote-v3.apjc.security.cisco.com
Note: To verify an IP address in the following table, we recommend that you perform an nslookup on the URLs before adding an IP address to your security configuration.
Region Source IP Addresses
North America (NAM)

3.233.211.155

34.199.110.239

100.30.115.2
Europe (EU)

52.50.65.119

34.243.51.166

54.195.125.191
Asia Pacific, Japan, and China (APJC)

35.72.84.129

57.181.54.53

13.192.127.178

v2 OVA-based Automation Remote Connectivity (Deprecated)

Caution: v2.16 and older OVA-based Automation Remotes are deprecated. For continued support, users should replace v2.16 and older OVA virtual appliances with v3.0 and newer OVA. (See Replace an Automation Remote Deployment)

For v2 OVA-based Automation Remotes to reach the Cisco XDR cloud, outbound TCPS connectivity on port 8883 is required to the following endpoints (depending on your region):

  • North America: automate-remote.us.security.cisco.com
  • Europe: automate-remote.eu.security.cisco.com
  • Asia Pacific, Japan, and China: automate-remote.apjc.security.cisco.com
Note: To verify an IP address in the following table, we recommend that you perform an nslookup on the URLs before adding an IP address to your security configuration.
Region Source IP Addresses
North America (NAM) 52.55.127.225
52.70.148.202
54.161.88.3
Europe (EU) 52.51.152.29
34.249.103.5
34.246.59.230
Asia Pacific, Japan, and China (APJC) 52.196.74.21
52.192.183.139
54.178.93.69

Docker Package

The following minimum requirements must be met for a Docker-based Automation Remote:

  • Linux x86_64/AMD64 host, such as CentOS, RHEL, Ubuntu, or a compatible Linux distribution

  • Docker installed and running

  • Docker Compose support

  • Root or sudo access to register the Remote and manage containers

To set up an Automation Remote virtual appliance, here are the summary steps:

  1. In Automation, create a new Remote and choose the Remote type that matches your deployment package.

  2. Generate and download the Remote configuration package.

  3. Download the OVA or Docker appliance package that matches your infrastructure.

  4. Deploy the Remote using VMware vSphere for OVA or Docker Compose for Docker.

  5. In Automation, verify that the status of the Remote is now connected.

  6. Create or configure targets to use the Remote.

For a detailed walkthrough of the steps above, see the Remote Setup and Deployment Help topic.

The Remote type is selected when the Remote is created and cannot be changed later. To move a Remote from one deployment type to another, create a new Remote and download the package for that deployment type.

Caution: The Remote certificate validity period is selected when the Remote is created. When a certificate expires, the Remote disconnects and must be replaced or regenerated. Automation creates certificate expiration notifications before expiration so you can replace the deployment before it disconnects.

Replace an Automation Remote Deployment

It is sometimes necessary to replace a Remote deployment when certificates expire, when a package is deprecated, or when you need to move to a different deployment type.

To replace a Remote deployment:

  1. Navigate to Automate > Targets > Remotes, and choose the Revoke action for the disconnected Remote to void the existing connection details. The status for the Remote will change to Revoked.

  2. Remove the previously installed deployment:

    • For OVA, shut down and delete the virtual appliance to free up network resources such as the IP address.

    • For Docker, run sudo ./register-remote -d from the extracted Docker package directory to deregister the existing deployment and remove running containers, certificates, and environment files.

  3. Refresh the Remotes page, and choose the Regenerate action to download a new configuration package.

  4. Refer to the Remote Setup and Deployment Help topic Help topic and complete the deployment section for the Remote type.

  5. Verify that the status of the Remote on the Automate > Targets > Remotes page is now connected.

Note: On May 31, 2025, Ubuntu 20.04 LTS will reach the end of its standard five-year support window. Your existing Remote configuration will continue to work. However, we recommend that you redeploy your Remote VM by completing the steps above with our most recent OVA to maintain support using Ubuntu 24.04 LTS or newer.