Deep Security as a Service IP addresses

If you are using a firewall or AWS security groups, you may need to make some configuration changes to allow outbound and inbound traffic for Deep Security as a Service.

Allow outbound traffic to Deep Security as a Service

If a firewall or AWS security group restricts outbound traffic from your network, and you want to use Deep Security as a Service, you must configure the firewall to allow traffic outbound on port 443 to these Deep Security as a Service IPv4 addresses.

By default, Deep Security as a Service uses our global Smart Protection Network which does not have static IP addresses. If you want to use the Smart Protection Network but need to restrict your outbound communication, we suggest that you deploy a Smart Protection Server in your environment. For information on how to do this, see Deploy a Smart Protection server in AWS.

Deep Security as a Service will be undergoing an infrastructure upgrade on June 24, 2017. An unavoidable consequence is that the IP Addresses of the services will be changing. If you have restricted outbound traffic, you will need to update your rules to allow access to the new IP addresses, otherwise traffic may be blocked and the service disrupted.

Source Purpose Destination IP Addresses
(until June 24, 2017)
Destination IP Addresses
(after June 24, 2017)
Administrator's computer and Agents GUI for Deep Security as a Service

54.243.37.245

54.243.50.59

107.20.200.65

107.21.100.197

184.73.202.255

184.73.243.23

34.198.27.224

34.205.210.199

34.205.239.162

50.17.162.194

52.0.124.201

52.0.33.128

52.72.111.249

52.72.211.36

52.87.46.150

52.207.138.122

54.80.120.113

54.175.211.84

Agents and Relays Security package updates

23.21.142.112

54.243.96.216

75.101.140.179

107.20.198.101

107.21.214.254

107.22.159.239

184.73.233.134

184.73.233.186

34.194.74.60

34.196.197.189

34.204.219.38

34.205.83.195

52.2.63.133

52.21.149.243

52.44.144.238

52.55.188.35

52.201.199.128

52.206.54.30

54.86.152.157

54.87.173.241

Agents Heartbeat

23.21.211.102

54.243.220.175

107.20.158.200

107.21.216.100

107.21.239.47

107.22.222.250

34.192.67.219

34.196.25.105

34.199.44.254

34.204.244.61

34.206.23.113

34.206.95.140

34.206.146.6

34.206.215.233

52.23.102.52

52.54.141.100

52.54.240.176

54.86.2.200

Agents Fast heartbeat

54.243.72.61

107.20.139.238

107.20.169.111

107.20.220.16

184.73.208.129

204.236.232.126

54.225.147.116

174.129.37.90

54.243.252.249

54.83.199.138

184.73.179.244

54.243.86.64

34.192.145.157

34.199.111.255

34.204.221.63

34.206.179.241

52.44.129.132

52.45.95.227

52.55.183.116

52.73.88.81

52.202.143.169

52.206.208.21

54.208.106.230

54.152.108.196

For a list of the server URLs that Deep Security as a Service requires outbound access to, see Deep Security as a Service server URLs.

Allow inbound traffic from Deep Security as a Service

There are two situations where you must allow inbound traffic from Deep Security as a Service:

  • If your Deep Security Agents are configured to use bi-directional communication, your inbound rules must allow communication from the manager to agents.
  • If you want to use Deep Security as a Service with a syslog server or SIEM that is protected by a firewall or AWS security group that restricts inbound traffic, you must configure the firewall to allow inbound traffic.

In both cases, Deep Security as a Service sends data from its job nodes on subnet 54.221.196.0/24 (until June 24, 2017) or 34.205.5.0/27 (after June 24, 2017).

For more information about configuring a syslog server or SIEM, see Forward Deep Security events to an external syslog or SIEM server .