Using Time Doctor Behind Corporate Firewalls

Time Doctor uses several key components that allow it to track your workers' productivity. If you are using Time Doctor behind a corporate firewall or if your local network employs multiple levels of routers with firewalls enabled, URL filtering, and very stringent web access restrictions, this article will provide some tips that your team can use in order to ensure that Time Doctor will work behind your firewall or walled garden.

Major Components
Time Doctor is comprised of a desktop application (the time tracker and task manager), a web interface/dashboard (presentation and reporting), and an API framework (back-end communications between the application and the servers).

The desktop application must be able to communicate with the servers running the API in order to be able to synchronize the tracked work time and other information. Similarly, the Time Doctor servers must be able to communicate with the desktop application unimpeded in order to send push notifications and updates.

Opening the Firewall
Some administrators and network engineers may be wary of arbitrarily opening ports. If you are in a corporate network, this task must only be performed by your network administrator, network engineer, or any designated security specialist in order to make sure that your corporate network will not be open to possible compromise by malicious individuals.

Time Doctor uses standard ports and strictly adheres to this. The desktop application communicates to servers only via port 80 (HTTP) and port 443 (HTTPS), respectively. Most firewalls already allow port 80 by default, so this should already be taken care of. Access to the following domains via port 443 must be allowed outbound (egress):

  • api.timedoctor.com
  • login.timedoctor.com
  • aa.timedoctor.com*

* NOTE: The aa must be replaced with the Time Doctor subdomain assigned to your team when the company account was first created.

Here are more tips to make sure that Time Doctor works within your corporate network:

  1. If your network uses a transparent proxy or any other type of proxy with or without authentication, allow direct connection to the subdomains listed above.
  2. If your firewall employs a URL filter, add the subdomains listed above to your whitelist.
  3. If your firewalls have granular access control lists, users who are using Time Doctor must be the only ones allowed to connect to the listed subdomains. This is an optional, but good, practice.
  4. Make sure that DNS name resolution works properly and that port 53 outbound is not filtered from your network.

Specific steps to accomplish these tips differ between different firewall brands, firmware versions, and manufacturers. Kindly coordinate with your network administrators regarding these tips.