Deep Security as a Service IP addresses

Applies to Deep Security as a Service only

If you are using a firewall or AWS security groups, you may need to make some configuration changes to allow outbound and / or inbound traffic for Deep Security as a Service.

Allow outbound traffic to Deep Security as a Service

If a firewall or AWS security group restricts outbound traffic from your network, and you want to use Deep Security as a Service, you must configure the firewall to allow traffic outbound on port 443 to these Deep Security as a Service IPv4 addresses.

By default, Deep Security as a Service uses our global Smart Protection Network which does not have static IP addresses. If you want to use the Smart Protection Network but need to restrict your outbound communication, we suggest that you deploy a Smart Protection Server in your environment. For information on how to do this, see Deploy a Smart Protection server in AWS.

Source Purpose Destination IP Addresses
Administrator's computer GUI for Deep Security as a Service

54.243.37.245

54.243.50.59

107.20.200.65

107.21.100.197

184.73.202.255

184.73.243.23

Agents / Relays Security package updates

23.21.142.112

54.243.96.216

75.101.140.179

107.20.198.101

107.21.214.254

107.22.159.239

184.73.233.134

184.73.233.186

Agents Heartbeat

23.21.211.102

54.243.220.175

107.20.158.200

107.21.216.100

107.21.239.47

107.22.222.250

Agents Fast heartbeat

54.243.72.61

107.20.139.238

107.20.169.111

107.20.220.16

184.73.208.129

204.236.232.126

54.225.147.116

174.129.37.90

54.243.252.249

54.83.199.138

184.73.179.244

54.243.86.64

For a list of the server URLs that Deep Security as a Service requires outbound access to, see Deep Security as a Service server URLs.

Allow inbound traffic to a syslog server / SIEM

Deep Security as a Service sends syslog data from its job nodes on the subnet 54.221.196.0/24. If you want to use Deep Security as a Service with a syslog server / SIEM that is protected by a firewall or AWS security group that restricts inbound traffic, you must configure the firewall to allow inbound traffic from the 54.221.196.0/24 IP range. For more information about configuring a syslog server / SIEM, see Forward Deep Security events to an external syslog or SIEM server