F5 Distributed Cloud Services IP Address and Domain Reference for Firewall or Proxy Settings
Objective
For F5 Distributed Cloud Services to function accurately in your environment, it is necessary to configure your firewall or proxy to allow connections to the IP addresses and domains provided in this reference guide.
This reference document lists the public IP addresses and domains associated with F5 Distributed Cloud that must be permitted in your firewall or proxy settings.
For automation purposes, you can download the IP addresses and domains plain text file.
Important: Ideally, you want to only allow the F5 Distributed Cloud subnets exclusively. This will ensure that only F5 Distributed Cloud routed traffic can reach your network, and thus prevent attackers from being able to circumnavigate the F5 Distributed Cloud infrastructure. If your application remains stuck in the "connecting" mode or encounters network errors, review your firewall or proxy settings and update the allowlist configuration to allow these IP addresses and domain connections and associated locations, such as Docker Registry.
F5 Distributed Cloud SaaS Services
Public IPv4 Subnet Ranges for F5 Regional Edges
For public apps advertised to Distributed Cloud Regional Edges (REs), configure your network firewall to allow connections to the IP address ranges specified in the table below.
| Geography | Protocol | Ports | IP Address | Notes |
|---|---|---|---|---|
| Americas | TCP | 80, 443 | 5.182.215.0/25 84.54.61.0/25 23.158.32.0/25 84.54.62.0/25 185.94.142.0/25 185.94.143.0/25 159.60.190.0/24 159.60.168.0/24 159.60.180.0/24 159.60.174.0/24 159.60.176.0/24 | |
| UDP | 4500, 123 | 5.182.215.0/25 84.54.61.0/25 23.158.32.0/25 84.54.62.0/25 185.94.142.0/25 185.94.143.0/25 159.60.190.0/24 159.60.168.0/24 159.60.180.0/24 159.60.174.0/24 159.60.176.0/24 | IPSec/UDP 4500 is optional as SSL for tunneling to global network is supported. Port 123 is for NTP service of RE. | |
| Europe | TCP | 80, 443 | 5.182.213.0/25 5.182.212.0/25 5.182.213.128/25 5.182.214.0/25 84.54.60.0/25 185.56.154.0/25 159.60.160.0/24 159.60.162.0/24 159.60.188.0/24 159.60.182.0/24 159.60.178.0/24 | |
| UDP | 4500, 123 | 5.182.213.0/25 5.182.212.0/25 5.182.213.128/25 5.182.214.0/25 84.54.60.0/25 185.56.154.0/25 159.60.160.0/24 159.60.162.0/24 159.60.188.0/24 159.60.182.0/24 159.60.178.0/24 | IPSec/UDP 4500 is optional as SSL for tunneling to global network is supported. Port 123 is for NTP service of RE. | |
| Asia | TCP | 80, 443 | 103.135.56.0/25 103.135.57.0/25 103.135.56.128/25 103.135.59.0/25 103.135.58.128/25 103.135.58.0/25 159.60.189.0/24 159.60.166.0/24 159.60.164.0/24 159.60.170.0/24 159.60.172.0/24 159.60.191.0/24 159.60.184.0/24 159.60.186.0/24 | |
| UDP | 4500, 123 | 103.135.56.0/25 103.135.57.0/25 103.135.56.128/25 103.135.59.0/25 103.135.58.128/25 103.135.58.0/25 159.60.189.0/24 159.60.166.0/24 159.60.164.0/24 159.60.170.0/24 159.60.172.0/24 159.60.184.0/24 159.60.186.0/24 | IPSec/UDP 4500 is optional as SSL for tunneling to global network is supported. Port 123 is for NTP service of RE. |
Note: If the prefix list has CIDR with /28 subnet mask and response cache parameters has subnet mask as /24, then the response cache would be used even if the source prefix does not match the rule. You might need to adjust the response cache parameters according to the prefix set mask.
Public IPv4 Subnet Ranges for F5 Content Distribution Network Services
To use the F5 Content Distribution Network (CDN) services, configure your network firewall to allow connections to the IP address ranges specified in the following table:
| Geography | IP Address |
|---|---|
| Europe | 159.60.188.0/24 |
| Asia | 159.60.189.0/24 |
| North America | 159.60.190.0/24 |
| Oceania | 159.60.191.0/24 |
| South America | 159.60.187.0/24 |
Public IPv4 Addresses for F5 Secondary DNS Zone Transfer
To use the DNS zone management service, configure your network firewall to allow connections to the IP addresses specified in the table below:
| Geography | IP Address |
|---|---|
| All Geographies | 52.14.213.208 |
| All Geographies | 3.140.118.214 |
Public IPv4 Address Ranges for F5 Global Log Receiver
To use the Global Log Receiver service, configure your network firewall to allow connections to the IP address ranges specified in the table below:
| Geography | IP Address Ranges |
|---|---|
| All Geographies | 193.16.236.64/29 |
| All Geographies | 185.160.8.152/29 |
Public IPv4 Addresses for F5 DNSLB Health Checks
To use the Distributed Cloud Services DNSLB health check, configure your network firewall to allow connections to the IP addresses specified in the table below:
| Geography | IP Addresses |
|---|---|
| All Geographies | 18.142.173.13 |
| All Geographies | 13.214.108.35 |
| All Geographies | 13.215.164.186 |
| All Geographies | 3.72.163.92 |
| All Geographies | 3.123.183.172 |
| All Geographies | 3.67.212.129 |
| All Geographies | 35.176.105.69 |
| All Geographies | 18.168.190.181 |
| All Geographies | 35.176.214.241 |
| All Geographies | 54.146.175.34 |
| All Geographies | 52.0.217.222 |
| All Geographies | 34.239.223.87 |
| All Geographies | 52.34.2.190 |
| All Geographies | 44.227.27.164 |
| All Geographies | 35.84.99.9 |
F5 Distributed Cloud Customer Edge Sites
See the F5 Customer Edge IP Address and Domain Reference for Firewall or Proxy Settings document.
F5 Bot Defense
To use the Distributed Cloud Services Bot Defense Standard, configure your network firewall to allow connections to the IP addresses specified in the table below:
| IP Address | Port |
|---|---|
| ibd-webus.fastcache.net | TCP Port 443 |
| ibd-webemea.fastcache.net | TCP Port 443 |
| ibd-webapac.fastcache.net | TCP Port 443 |
On this page:
- Objective
- F5 Distributed Cloud SaaS Services
- Public IPv4 Subnet Ranges for F5 Regional Edges
- Public IPv4 Subnet Ranges for F5 Content Distribution Network Services
- Public IPv4 Addresses for F5 Secondary DNS Zone Transfer
- Public IPv4 Address Ranges for F5 Global Log Receiver
- Public IPv4 Addresses for F5 DNSLB Health Checks
- F5 Distributed Cloud Customer Edge Sites
- F5 Bot Defense