Mabl Link FAQs

What does mabl Link Agent traffic look like?

Mabl Link connects to the mabl cloud over a TLS encrypted websocket connection (port 443) at <agent-host> where <agent-host> is dynamically generated based on your workspace and agent name. To orchestrate the connection process and provisioning, as well as install automatic updates, mabl Link will also connect to the mabl APIs (

See Secure tunneling with mabl Link for a detailed description of the architecture.

We have strict firewall rules, what should we allowlist to use mabl Link?

The Link Agent will only connect to two endpoints of the mabl cloud:

  • * which is a wildcard DNS name

Therefore, all you need to allowlist (or permitlist) is an egress (outbound) connection to the above two DNS names, or IP addresses. If you run into issues, please review together with your IT team the mabl Link docs and contact the mabl support team at [email protected]. We will be happy to help you.

Does the Link Agent receive any incoming connections from the Internet?

No. The secure tunnel is established as an outgoing (egress) connection to mabl, so the Link Agent can run behind firewalls with strict rules that block incoming connections. In fact the Link Agent does not create any listening sockets.

Is mabl Link a VPN service?

Mabl Link is an encrypted reverse proxy tunnel, not a VPN (Virtual Private Network).

Mabl Link is designed for point and click deployment within a private network or VPC. Because of its simplicity, mabl Link can be set up in five to 10 minutes, rather than the time consuming process of configuring VPN appliances, peering networks, and coping with IPs and routes.

Will mabl Link be able to resolve DNS addresses on my private network?

Yes. All hostnames will be resolved on the respective mabl Link Agent, which is running inside your network. As long as the host running the Link Agent can resolve the DNS address (including entries in the hosts file), your tests running inside mabl will be able to resolve it. There is a slight caveat for link-local addresses such as localhost,, etc. because most browsers have put security restrictions in place that limit our ability to route these connections through the Link Agent. See the note below for more information.


Using mabl Link with localhost URLs

Please see Using mabl Link to run tests against localhost to learn how to configure mabl tests to work with localhost URLs via mabl Link.

Will mabl Link be able to resolve RFC1918 private IP addresses and localhost?

Yes. See above.

What if my company blocks egress on port 443?

The Link Agent must be able to making outgoing connections to port 443 in order to communicate with the mabl APIs. If your corporate network is blocking outgoing connections to port 443, please contact your network infrastructure team about putting an exemption in place for the Link Agent.

Is there a limit of how many Link Agents I can use?

There is no fundamental limitation to the number of Link Agents you can use, but you should only use the number of agents you need for your respective environments. Using a large number of agents will be more complex to wire up in your environments and plans.

Because mabl Link provisions dedicated firewalls, routes, IPs, and servers on a per Link Agent basis, reusing an agent will have a significantly faster startup time (seconds), compared to the few minutes (2-5min) required to provision this infrastructure.

Can multiple Link Agent instances share the same name?

Yes. You can start multiple Link Agents with the same --name argument. If multiple agents are running with the same name they will automatically form a high availability cluster such that if one of the agents were to become disconnected, future tests would begin to use one of the agents that is still running.
In general, mabl will execute tests using any available link agent sharing the same name. You can achieve load balancing this way.

Is there a change log for Link Agent updates?

Yes. See the CHANGELOG.txt file found in the installer and the agent installation directory.

What should I name my Link Agent?

If you need redundancy then pick a general name that can be used across multiple machines.
For testing against a local build you want it to be unique. Include your specific machine name or your name as part of the Link Agent name to identify that Link Agent later when adding it to an environment.

What are Link Agent hardware / provisioning requirements?

The Link Agent will run in many different hardware configurations. Though there are no strict minimum requirements, we recommend at least 1 vCPU, 1GB RAM and 2GB storage.

How do I run the Link Agent? It just says "Bad Command or File Name"

On a Mac (OSX) or Linux machine, you may need to add the Link Agent/bin folder to your PATH.

Alternatively, you can run the agent command from the link-agent/bin directory, or provided the full path to the link-agent/bin/link-agent file.

Starting the Link Agent returns the error "unrecognized option: --add-opens"

You are running an unsupported Java version. Run java --version to see what version you are using.

You should upgrade to a Java version supported by the Link Agent, or use the Docker Link Agent container.

Does the Link agent support SSL inspection?


Does the Link agent support forward proxies?

Yes, you will need the host name and port number of the forward proxy and - if needed - the credentials to authenticate thru the proxy. More information is available here.