Skip to content
English
Contact us
  • There are no suggestions because the search field is empty.

Using Time Doctor Behind Corporate Firewalls

 

TL;DR: 

Time Doctor relies on several key components to track workforce productivity reliably. In environments with corporate firewalls, multiple routers, URL filtering, or highly restricted web access (“walled gardens”), configure network rules so that Time Doctor desktop applications can communicate with Time Doctor servers without interruption.

 

Major Components of Time Doctor

Time Doctor consists of the following components:

  1. Desktop application – Tracks time and tasks on each workstation.

  2. Web interface / dashboard – Provides reporting, configuration, and presentation of tracked data.

  3. API framework – Manages secure communication between desktop applications and Time Doctor servers.

The desktop application must be able to send data to the servers running the API to synchronize tracked time and other information. Time Doctor servers must also be able to deliver push notifications and updates back to the desktop application without interference.

 

Open Required Ports Safely

Only qualified personnel such as a network administrator, network engineer, or designated security specialist should modify firewall rules to avoid exposing the corporate network to unnecessary risk.

Time Doctor uses standard web ports and adheres strictly to these:

  1. Port 80 (HTTP) – Outbound communication to Time Doctor servers (where allowed).

  2. Port 443 (HTTPS) – Primary outbound communication for secure data transfer.

Most firewalls already allow outbound traffic on port 80, so this is typically enabled by default. Ensure that outbound port 443 is also allowed for the required Time Doctor domains.

 

Allow Required Time Doctor Domains

Allow outbound (egress) access on port 443 (HTTPS) to the following domains:

  1. api.timedoctor.com

  2. login.timedoctor.com

  3. aa.timedoctor.com*

Tip: Replace aa with the specific Time Doctor subdomain assigned to the company account when the account was first created (for example, acme.timedoctor.com).

 

 

Configure Proxies and URL Filters

To keep Time Doctor working correctly in restricted environments, apply these additional configuration steps:

  1. Transparent or authenticated proxies

    • Allow direct outbound connections from Time Doctor desktop applications to the domains listed above.

    • Bypass SSL inspection or deep packet inspection for these domains when possible to prevent connection issues.

  2. URL filters or web filters

    • Add the listed Time Doctor domains to the firewall or proxy whitelist (allow list).

    • Ensure that HTTPS traffic to these domains is not blocked or downgraded.

  3. Granular access control lists (ACLs)

    • Optionally, restrict access so that only workstations running the Time Doctor desktop application can connect to the listed domains.

    • Use this as an additional security measure while still allowing Time Doctor to function correctly.

 

Ensure Reliable DNS Resolution

DNS must resolve Time Doctor domains correctly for connections to succeed.

  1. Confirm that DNS name resolution is working as expected for all Time Doctor domains in the network.

  2. Ensure that outbound port 53 (DNS) is not blocked or filtered in a way that prevents DNS queries from reaching the configured DNS servers.

 

Coordinate with Network Administrators

Firewall configuration steps vary between firewall vendors, firmware versions, and models.

  1. Review the organization’s security policies and standards before applying changes.

  2. Coordinate all changes with the responsible network or security team to ensure that Time Doctor access is enabled without weakening the overall security posture of the corporate network.

 

 

 

 

Should there be any inconsistencies or concerns regarding the article, contact support@timedoctor.com for prompt assistance.