Note: The Gateway agent communicates over HTTPS with the management console and must be able to establish this connection directly. You must configure your organization's network to allow connections to the appropriate domains. For example, to allow the Gateway agent to activate and periodically authenticate, you must allow access to idp.blackberry.com and the domain for your region. If your environment uses an authentication proxy, you must allow the traffic on the proxy server. If the appropriate domains are not allowed, the Gateway agent will not be able to open the browser to complete the authentication process. For more information on the domains that must be allowed for Gateway, see KB 42221223173659. For information on the network requirements for Aurora Endpoint Security, see Aurora Endpoint Security network prerequisites.