Below is the list of domains/URLs that need to be whitelisted in your firewall for Fleet to work properly from a browser.
These are essential — Fleet will not function without them.
| Domain | Port | Reason |
|---|
fleet.binalyze.ai | 443 | The Fleet application (UI, API, auth) |
*.binalyze.ai | 443 | Sandbox API (agent sessions, files, workspace) |
*.binalyze.ai | 443 | Sandbox WebSocket (in-browser terminal, over WSS) |
*.r2.cloudflarestorage.com | 443 | File attachment uploads via presigned URLs |
*.onkernel.com | 8443 | Browser live-view (remote desktop stream) |
Plus at least one OAuth provider set, depending on which login method you use:
| Domain | Port | Reason |
|---|
accounts.google.com | 443 | Google sign-in consent screen |
oauth2.googleapis.com | 443 | Google OAuth token exchange |
| Domain | Port | Reason |
|---|
login.microsoftonline.com | 443 | Microsoft sign-in consent screen |
| Domain | Port | Reason |
|---|
www.linkedin.com | 443 | LinkedIn sign-in consent screen |
api.linkedin.com | 443 | LinkedIn OAuth token/profile exchange |
Fleet works without these. The impact of blocking each one is noted.
| Domain | Port | Impact If Blocked |
|---|
*.sentry.io | 443 | Error reporting stops (no user-facing impact) |
lh3.googleusercontent.com | 443 | Google profile avatars won’t load (placeholder shown) |
media.licdn.com | 443 | LinkedIn profile avatars won’t load (placeholder shown) |
kb.binalyze.ai | 443 | ”Knowledge Base” sidebar link won’t open (new tab only) |
| Binalyze corporate website | 443 | ”Contact Support” link won’t open (new tab only) |
cdn.skypack.dev | 443 | Sandbox landing page animation won’t load (cosmetic only) |
