Why Is My Device Showing as Offline When It's Actually Online?
If you're experiencing issues where the Level Agent indicates a device is offline despite the device being operational, follow these troubleshooting steps to resolve the connection problem.
Step 1: Check for Antivirus/EDR Interference
Antivirus and EDR (Endpoint Detection and Response) solutions often flag RMM tools like Level as Potentially Unwanted Programs (PUPs) or Potentially Unwanted Applications (PUAs). This is expected behavior since RMMs function as authorized remote access tools with significant system privileges.
Why This Happens
Security vendors have increased scrutiny of RMM tools following several high-profile security incidents involving compromised RMM platforms. From a security perspective, this caution is warranted—if Level isn't your chosen RMM, it should be flagged as suspicious.
How to Resolve
Step 2: Check Firewall or Network Interference
To ensure reliable peer-to-peer communications and overcome potential connectivity issues in highly restricted networks, Level utilizes Twilio's Network Traversal Service. Please note that these modifications should ONLY be implemented on highly restricted networks where establishing a peer-to-peer connection becomes problematic or time-consuming. In most cases, Level operates without the need for firewall changes.
You may want to modify your network infrastructure to allow connections to and from the below addresses.
Network Requirements
Port | Protocol | Purpose | Direction | Priority |
80 | TCP | HTTP | Outbound | High |
443 | TCP | HTTPS | Outbound | High |
3478 | TCP & UDP | TURN | Outbound | Medium |
5349 | TCP | TURN TLS | Outbound | Low (fallback) |
10,000-60,000 | UDP | Twilio's TURN servers will allocate peer relay ports in this range. | Outbound | Medium |
Required URLs
URL | Purpose |
agents.level.io | Agent communication with Level |
online.level.io | Connectivity status checks |
builds.level.io | Agent updates |
downloads.level.io | Initial agent installation |
realtime.ably.io | Real-time WebSocket for Level API |
global.turn.twilio.com | Used when peer-to-peer connections fail |
global.stun.twilio.com | Used when peer-to-peer connections fail |
For firewalls supporting wildcard URLs, consider allowing *.level.io and *.twilio.com.
Understanding TURN Connectivity
Level's connection strategy works in the following order:
Direct peer-to-peer connection (most efficient)
STUN (Simple Traversal of UDP through NATs)
TURN over UDP (port 3478)
TURN over TCP (port 3478)
TURN over TLS (port 5349) as last resort
Important notes:
TURN services primarily require outbound connections only
Port 5349 (TURN TLS) is a fallback mechanism when other methods fail
PnP/UPnP protocols typically won't help with TURN TLS connections
These are designed for scenarios where direct connections aren't possible
Start by allowing only outbound connections on the specified ports and monitor connection success before making additional firewall changes.
Step 3: Run the Diagnostic Check Command
If issues persist, run the --check command while the device is online to diagnose connectivity problems:
Windows Command
Windows Command |
|
macOS Command | |
Linux Command | |
This command provides detailed insight into where the connection issue might be occurring.
Step 4: Contact Support
If you're still experiencing issues after following these steps, please contact our support team with:
The hostname of the affected device
A screenshot of the
--checkcommand results