F5 Distributed Cloud Services IP Address and Domain Reference for Firewall or Proxy Settings

Objective

For F5 Distributed Cloud Services to function accurately in your environment, it is necessary to configure your firewall or proxy to allow connections to the IP addresses and domains provided in this reference guide.

This reference document lists the public IP addresses and domains associated with F5 Distributed Cloud that must be permitted in your firewall or proxy settings.

For automation purposes, you can download the IP addresses and domains plain text file.

Important: Ideally, you want to only allow the F5 Distributed Cloud subnets exclusively. This will ensure that only F5 Distributed Cloud routed traffic can reach your network, and thus prevent attackers from being able to circumnavigate the F5 Distributed Cloud infrastructure. If your application remains stuck in the "connecting" mode or encounters network errors, review your firewall or proxy settings and update the allowlist configuration to allow these IP addresses and domain connections and associated locations, such as Docker Registry.

---

F5 Distributed Cloud SaaS Services

Public IPv4 Subnet Ranges for F5 Regional Edges

For public apps advertised to Distributed Cloud Regional Edges (REs), configure your network firewall to allow connections to the IP address ranges specified in the table below.

Geography	Protocol	Ports	IP Address	Notes
Americas	TCP	80, 443	5.182.215.0/25 84.54.61.0/25 23.158.32.0/25 84.54.62.0/25 185.94.142.0/25 185.94.143.0/25 159.60.190.0/24 159.60.168.0/24 159.60.180.0/24 159.60.174.0/24 159.60.176.0/24
	UDP	4500, 123	5.182.215.0/25 84.54.61.0/25 23.158.32.0/25 84.54.62.0/25 185.94.142.0/25 185.94.143.0/25 159.60.190.0/24 159.60.168.0/24 159.60.180.0/24 159.60.174.0/24 159.60.176.0/24	IPSec/UDP 4500 is optional as SSL for tunneling to global network is supported. Port 123 is for NTP service of RE.
Europe	TCP	80, 443	5.182.213.0/25 5.182.212.0/25 5.182.213.128/25 5.182.214.0/25 84.54.60.0/25 185.56.154.0/25 159.60.160.0/24 159.60.162.0/24 159.60.188.0/24 159.60.182.0/24 159.60.178.0/24
	UDP	4500, 123	5.182.213.0/25 5.182.212.0/25 5.182.213.128/25 5.182.214.0/25 84.54.60.0/25 185.56.154.0/25 159.60.160.0/24 159.60.162.0/24 159.60.188.0/24 159.60.182.0/24 159.60.178.0/24	IPSec/UDP 4500 is optional as SSL for tunneling to global network is supported. Port 123 is for NTP service of RE.
Asia	TCP	80, 443	103.135.56.0/25 103.135.57.0/25 103.135.56.128/25 103.135.59.0/25 103.135.58.128/25 103.135.58.0/25 159.60.189.0/24 159.60.166.0/24 159.60.164.0/24 159.60.170.0/24 159.60.172.0/24 159.60.191.0/24 159.60.184.0/24 159.60.186.0/24
	UDP	4500, 123	103.135.56.0/25 103.135.57.0/25 103.135.56.128/25 103.135.59.0/25 103.135.58.128/25 103.135.58.0/25 159.60.189.0/24 159.60.166.0/24 159.60.164.0/24 159.60.170.0/24 159.60.172.0/24 159.60.184.0/24 159.60.186.0/24	IPSec/UDP 4500 is optional as SSL for tunneling to global network is supported. Port 123 is for NTP service of RE.

Note: If the prefix list has CIDR with /28 subnet mask and response cache parameters has subnet mask as /24, then the response cache would be used even if the source prefix does not match the rule. You might need to adjust the response cache parameters according to the prefix set mask.

---

Public IPv4 Subnet Ranges for F5 Content Distribution Network Services

To use the F5 Content Distribution Network (CDN) services, configure your network firewall to allow connections to the IP address ranges specified in the following table:

Geography	IP Address
Europe	159.60.188.0/24
Asia	159.60.189.0/24
North America	159.60.190.0/24
Oceania	159.60.191.0/24
South America	159.60.187.0/24

Public IPv4 Addresses for F5 Secondary DNS Zone Transfer

To use the DNS zone management service, configure your network firewall to allow connections to the IP addresses specified in the table below:

Geography	IP Address
All Geographies	52.14.213.208
All Geographies	3.140.118.214

Public IPv4 Address Ranges for F5 Global Log Receiver

To use the Global Log Receiver service, configure your network firewall to allow connections to the IP address ranges specified in the table below:

Important: To ensure continuous log streaming, you must add both IP address ranges to your firewall rules.

Geography	IP Address Ranges
All Geographies	193.16.236.64/29
All Geographies	185.160.8.152/29

Public IPv4 Addresses for F5 DNSLB Health Checks

To use the Distributed Cloud Services DNSLB health check, configure your network firewall to allow connections to the IP addresses specified in the table below:

Geography	IP Addresses
All Geographies	18.142.173.13
All Geographies	13.214.108.35
All Geographies	13.215.164.186
All Geographies	3.72.163.92
All Geographies	3.123.183.172
All Geographies	3.67.212.129
All Geographies	35.176.105.69
All Geographies	18.168.190.181
All Geographies	35.176.214.241
All Geographies	54.146.175.34
All Geographies	52.0.217.222
All Geographies	34.239.223.87
All Geographies	52.34.2.190
All Geographies	44.227.27.164
All Geographies	35.84.99.9

---

F5 Distributed Cloud Customer Edge Sites

See the F5 Customer Edge IP Address and Domain Reference for Firewall or Proxy Settings document.

---

F5 Bot Defense

To use the Distributed Cloud Services Bot Defense Standard, configure your network firewall to allow connections to the domains specified in the table below:

Domain	Port
ibd-webus.fastcache.net	TCP Port 443
ibd-webemea.fastcache.net	TCP Port 443
ibd-webapac.fastcache.net	TCP Port 443
ibd-webemea2.fastcache.net	TCP Port 443

---

F5 Data Intelligence

To use Distributed Cloud Services Data Intelligence, configure your network firewall to allow connections to the IP addresses or IP address ranges specified in the table below:

Geography	IP Address/Range
US	35.247.100.206 34.168.102.111 34.168.48.1 34.82.248.13 35.230.48.185 35.203.143.95
EU	35.205.7.217/32 34.76.251.175/32 34.77.214.28/32 104.199.23.243/32 34.77.3.25/32 104.155.7.183/32

---