Help Center

How can we help?

Using Time Doctor behind corporate firewalls

Time Doctor comprises several key components that allow it to weave its magic in tracking your workers' productivity. If you are using Time Doctor behind a corporate firewall, or if your local network employs multiple levels of routers with firewalls enabled and includes URL filtering and very stringent web access restrictions, this article provides some tips that your team can use in order to make sure that Time Doctor works behind your firewall or walled garden.

Major Components
Time Doctor is comprised of a desktop application (the time tracker and task manager), a web interface /dashboard (presentation and reporting), and an API framework (back-end communications between the application and the servers).

The desktop application must be able to communicate with the servers running the API in order to be able to synchronize the tracked work times, and other information. In the same manner, the Time Doctor servers must be able to communicate with the desktop application unimpeded in order to push notifications and updates.

Opening the Firewall
Some Administrators and Network Engineers may be wary about arbitrarily opening ports. If you are in a corporate network, this must only be performed by your network administrator, network engineer, or any designated security specialist in order to make sure that your corporate network will not be open to possible compromise by malicious individuals.

Time Doctor uses standard ports and adhere to this strictly. The desktop application communicates to servers only via port 80 (HTTP) and port 443 (HTTPS) respectively. Most firewalls already allow port 80 by default so this is already taken care of. Accesses to the following domains via port 443 must be allowed on outbound (egress).

  • **

** must be replaced with the Time Doctor subdomain assigned to your team when the company account was first created.

Here is a list of some more tips to make sure that Time Doctor works within your corporate network.

  1. If your network uses a transparent proxy or any type of proxy with or without authentication, allow direct connection to the listed subdomains above.
  2. If your firewall employs a URL filter, add the subdomains listed above into your whitelist.
  3. If your firewalls have granular access control lists, users who are using Time Doctor must be the only ones allowed to connect to the listed subdomains. This is optional but will be a good practice.
  4. Make sure that DNS name resolution works properly and port 53 outbound is not filtered from your network.

Specific steps to accomplish these differ between firewall brands, firmware versions, and manufacturers. Kindly coordinate with your network administrators regarding these.

For questions, comments or feedback regarding this topic, please send an email to

Did you find it helpful?