Deep Security as a Service IP addresses
Applies to Deep Security as a Service only
If you are using a firewall or AWS security groups, you may need to make some configuration changes to allow outbound and / or inbound traffic for Deep Security as a Service.
- Allow outbound traffic to Deep Security as a Service
- Allow inbound traffic to a syslog server / SIEM
If a firewall or AWS security group restricts outbound traffic from your network, and you want to use Deep Security as a Service, you must configure the firewall to allow traffic outbound on port 443 to these Deep Security as a Service IPv4 addresses.
By default, Deep Security as a Service uses our global Smart Protection Network which does not have static IP addresses. If you want to use the Smart Protection Network but need to restrict your outbound communication, we suggest that you deploy a Smart Protection Server in your environment. For information on how to do this, see Deploy a Smart Protection server in AWS.
|Source||Purpose||Destination IP Addresses|
|Administrator's computer||GUI for Deep Security as a Service||
|Agents / Relays||Security package updates||
For a list of the server URLs that Deep Security as a Service requires outbound access to, see Deep Security as a Service server URLs.
Deep Security as a Service sends syslog data from its job nodes on the subnet 22.214.171.124/24. If you want to use Deep Security as a Service with a syslog server / SIEM that is protected by a firewall or AWS security group that restricts inbound traffic, you must configure the firewall to allow inbound traffic from the 126.96.36.199/24 IP range. For more information about configuring a syslog server / SIEM, see Forward Deep Security events to an external syslog or SIEM server