Deep Security as a Service IP addresses
If you are using a firewall or AWS security groups, you may need to make some configuration changes to allow outbound and inbound traffic for Deep Security as a Service.
- Allow outbound traffic to Deep Security as a Service
- Allow inbound traffic from Deep Security as a Service
If a firewall or AWS security group restricts outbound traffic from your network, and you want to use Deep Security as a Service, you must configure the firewall to allow traffic outbound on port 443 to these Deep Security as a Service IPv4 addresses.
By default, Deep Security as a Service uses our global Smart Protection Network which does not have static IP addresses. If you want to use the Smart Protection Network but need to restrict your outbound communication, we suggest that you deploy a Smart Protection Server in your environment. For information on how to do this, see Deploy a Smart Protection server in AWS.
Deep Security as a Service will be undergoing an infrastructure upgrade on June 24, 2017. An unavoidable consequence is that the IP Addresses of the services will be changing. If you have restricted outbound traffic, you will need to update your rules to allow access to the new IP addresses, otherwise traffic may be blocked and the service disrupted.
|Source||Purpose||Destination IP Addresses
(until June 24, 2017)
|Destination IP Addresses
(after June 24, 2017)
|Administrator's computer and Agents||GUI for Deep Security as a Service||
|Agents and Relays||Security package updates||
For a list of the server URLs that Deep Security as a Service requires outbound access to, see Deep Security as a Service server URLs.
There are two situations where you must allow inbound traffic from Deep Security as a Service:
- If your Deep Security Agents are configured to use bi-directional communication, your inbound rules must allow communication from the manager to agents.
- If you want to use Deep Security as a Service with a syslog server or SIEM that is protected by a firewall or AWS security group that restricts inbound traffic, you must configure the firewall to allow inbound traffic.
In both cases, Deep Security as a Service sends data from its job nodes on subnet 126.96.36.199/24 (until June 24, 2017) or 188.8.131.52/27 (after June 24, 2017).
For more information about configuring a syslog server or SIEM, see Forward Deep Security events to an external syslog or SIEM server .