F5 Distributed Cloud Services IP Address and Domain Reference for Firewall or Proxy Settings
Objective
For F5 Distributed Cloud Services to function accurately in your environment, you need to configure your firewall or proxy server to allow connections to IP addresses and domains. This reference guide lists the public IP addresses and domains associated with F5 Distributed Cloud Services that must be permitted by your firewall or proxy server settings.
For automation purposes, you can download the IP addresses and domains plain text file or JSON file.
Important: Ideally, you want to only allow the F5 Distributed Cloud Services subnets exclusively. This ensures that only F5 Distributed Cloud Services routed traffic can reach your network, and thus prevent attackers from being able to circumnavigate the F5 Distributed Cloud Services infrastructure. If your application remains stuck in the "connecting" mode or encounters network errors, review your firewall or proxy settings and update the allowlist configuration to allow these IP addresses and domain connections and associated locations, such as Docker Registry.
F5 Distributed Cloud SaaS Services
Public IPv4 Subnet Ranges for F5 Regional Edges
For public apps advertised to Distributed Cloud Regional Edges (REs), configure your network firewall to allow connections to the IP address ranges specified in the table below.
| Geography | Protocol | Ports | IP Address Range | Notes |
|---|---|---|---|---|
| Americas | TCP | 80, 443 | 5.182.215.0/25 84.54.61.0/25 23.158.32.0/25 84.54.62.0/25 185.94.143.0/25 185.94.142.0/24 159.60.190.0/24 159.60.168.0/24 159.60.180.0/24 159.60.174.0/24 159.60.175.0/24 159.60.176.0/24 159.60.177.0/24 159.60.179.0/24 159.60.181.0/24 159.60.183.0/24 | The 185.94.142.0/24 IP Address combines the 185.94.142.0/25 and 185.94.142.128/25 IP Addresses. |
| UDP | 4500, 123 | 5.182.215.0/25 84.54.61.0/25 23.158.32.0/25 84.54.62.0/25 185.94.143.0/25 185.94.142.0/24 159.60.190.0/24 159.60.168.0/24 159.60.180.0/24 159.60.174.0/24 159.60.175.0/24 159.60.176.0/24 159.60.177.0/24 159.60.179.0/24 159.60.181.0/24 159.60.183.0/24 | IPSec/UDP 4500 is optional as SSL for tunneling to global network is supported. Port 123 is for NTP service of RE. The 185.94.142.0/24 IP Address combines the 185.94.142.0/25 and 185.94.142.128/25 IP Addresses. | |
| Europe | TCP | 80, 443 | 5.182.213.0/24 5.182.212.0/25 5.182.214.0/25 84.54.60.0/25 185.56.154.0/25 159.60.160.0/24 159.60.161.0/24 159.60.162.0/24 159.60.163.0/24 159.60.188.0/24 159.60.182.0/24 159.60.178.0/24 | The 5.182.213.0/24 IP Address combines the 5.182.213.0/25 and 5.182.213.128/25 IP Addresses. |
| UDP | 4500, 123 | 5.182.213.0/24 5.182.212.0/25 5.182.214.0/25 84.54.60.0/25 185.56.154.0/25 159.60.160.0/24 159.60.161.0/24 159.60.162.0/24 159.60.163.0/24 159.60.188.0/24 159.60.182.0/24 159.60.178.0/24 | IPSec/UDP 4500 is optional as SSL for tunneling to global network is supported. Port 123 is for NTP service of RE. The 5.182.213.0/24 IP Address combines the 5.182.213.0/25 and 5.182.213.128/25 IP Addresses. | |
| Asia | TCP | 80, 443 | 103.135.56.0/24 103.135.57.0/25 103.135.59.0/25 103.135.58.0/24 159.60.189.0/24 159.60.166.0/24 159.60.164.0/24 159.60.170.0/24 159.60.172.0/24 159.60.191.0/24 159.60.184.0/24 159.60.185.0/24 159.60.186.0/24 | The 103.135.56.0/24 IP Address combines the 103.135.56.0/25 and 103.135.56.128/25 IP Addresses. The 103.135.58.0/24 IP Address combines the 103.135.58.0/25 and 103.135.58.128/25 IP Addresses. |
| UDP | 4500, 123 | 103.135.56.0/24 103.135.57.0/25 103.135.59.0/25 103.135.58.0/24 159.60.189.0/24 159.60.166.0/24 159.60.164.0/24 159.60.170.0/24 159.60.172.0/24 159.60.184.0/24 159.60.185.0/24 159.60.186.0/24 | IPSec/UDP 4500 is optional as SSL for tunneling to global network is supported. Port 123 is for NTP service of RE. The 103.135.56.0/24 IP Address combines the 103.135.56.0/25 and 103.135.56.128/25 IP Addresses. The 103.135.58.0/24 IP Address combines the 103.135.58.0/25 and 103.135.58.128/25 IP Addresses. |
Note: If the prefix list has a CIDR notation with a /28 subnet mask and response cache parameters has a subnet mask as /24, then the response cache would be used even if the source prefix does not match the rule. You might need to adjust the response cache parameters according to the prefix set mask.
Public IPv4 Subnet Ranges for F5 Content Distribution Network Services
To use the F5 Content Distribution Network (CDN) services, configure your network firewall to allow connections to the IP address ranges specified in the following table:
| Geography | IP Address Range |
|---|---|
| Europe | 159.60.188.0/24 |
| Asia | 159.60.189.0/24 |
| North America | 159.60.190.0/24 159.60.252.0/24 |
| Oceania | 159.60.191.0/24 |
| South America | 159.60.187.0/24 |
Public IPv4 Addresses for F5 Secondary DNS Zone Transfer
To use the DNS zone management service, configure your network firewall to allow connections to the IP addresses specified in the table below:
| Geography | IP Address | Purpose |
|---|---|---|
| All Geographies | 52.14.213.208 | Zone Transfer |
| All Geographies | 3.140.118.214 | Zone Transfer |
| All Geographies | 107.162.234.197 | Notify |
| All Geographies | 107.162.176.221 | Notify |
Public IPv4 Address Ranges for F5 Global Log Receiver
To use the Global Log Receiver service, configure your network firewall to allow connections to the IP address ranges specified in the table below:
Important: To ensure continuous log streaming, you must add both IP address ranges to your firewall rules.
| Geography | IP Address Ranges |
|---|---|
| Europe | 193.16.236.64/29 |
| Europe | 185.160.8.152/29 |
| US | 54.173.72.228 3.223.15.23 34.226.63.55 |
| Canada | 35.183.253.228 15.157.45.176 16.52.221.14 |
| India | 3.7.225.93 13.234.194.216 3.6.233.104 |
Public IPv4 Addresses for F5 DNSLB Health Checks
To use the Distributed Cloud Services DNSLB health check, configure your network firewall to allow connections to the IP addresses specified in the table below:
| Geography | IP Addresses |
|---|---|
| All Geographies | 18.142.173.13 |
| All Geographies | 13.214.108.35 |
| All Geographies | 13.215.164.186 |
| All Geographies | 3.72.163.92 |
| All Geographies | 3.123.183.172 |
| All Geographies | 3.67.212.129 |
| All Geographies | 35.176.105.69 |
| All Geographies | 18.168.190.181 |
| All Geographies | 35.176.214.241 |
| All Geographies | 54.146.175.34 |
| All Geographies | 52.0.217.222 |
| All Geographies | 34.239.223.87 |
| All Geographies | 52.34.2.190 |
| All Geographies | 44.227.27.164 |
| All Geographies | 35.84.99.9 |
F5 Distributed Cloud Customer Edge Sites
See the F5 Customer Edge IP Address and Domain Reference for Firewall or Proxy Settings reference guide.
F5 Bot Defense
To use Distributed Cloud Services Bot Defense Standard, configure your network firewall to allow connections to the domains specified in the table below:
| Domain | Port |
|---|---|
| ibd-webus.fastcache.net | TCP Port 443 |
| ibd-webemea.fastcache.net | TCP Port 443 |
| ibd-webapac.fastcache.net | TCP Port 443 |
| ibd-webemea2.fastcache.net | TCP Port 443 |
F5 Data Intelligence
To use Distributed Cloud Services Data Intelligence, configure your network firewall to allow connections to the IP addresses or IP address ranges specified in the table below:
| Geography | IP Address/Range |
|---|---|
| US | 35.247.100.206 34.168.102.111 34.168.48.1 34.82.248.13 35.230.48.185 35.203.143.95 |
| EU | 35.205.7.217/32 34.76.251.175/32 34.77.214.28/32 104.199.23.243/32 34.77.3.25/32 104.155.7.183/32 |
On this page:
- Objective
- F5 Distributed Cloud SaaS Services
- Public IPv4 Subnet Ranges for F5 Regional Edges
- Public IPv4 Subnet Ranges for F5 Content Distribution Network Services
- Public IPv4 Addresses for F5 Secondary DNS Zone Transfer
- Public IPv4 Address Ranges for F5 Global Log Receiver
- Public IPv4 Addresses for F5 DNSLB Health Checks
- F5 Distributed Cloud Customer Edge Sites
- F5 Bot Defense
- F5 Data Intelligence