Objective

This reference document lists the public IP addresses associated with the F5 Distributed Cloud Network Cloud. It is essential that you configure your firewall or proxy to allow connections from and to these IP addresses. Also, this document includes the list of domains that should be included in your allowlist in order for your firewall or proxy to permit connections from and to these domains.

We strongly recommend verifying that your network allows connections to the IP addresses or domains listed in this document. If your application remains stuck in the 'connecting' mode or encounters network errors, review your firewall or proxy settings and update the allowlist configuration to permit connections to F5 Distributed Cloud network and associated locations such as docker registry. For automation purposes, you can download the subnet ranges and domains to be included in your network configuration by clicking here.

Public IPv4 Subnet Ranges

Configure your network firewall to allow connections from or to the IP address ranges specified in the following table:

Geography	Protocol	Ports	IP Address	Notes
Americas	TCP	80, 443	5.182.215.0/25 84.54.61.0/25 23.158.32.0/25 84.54.62.0/25 185.94.142.0/25 185.94.143.0/25 159.60.190.0/24 159.60.168.0/24
	UDP	4500	5.182.215.0/25 84.54.61.0/25 23.158.32.0/25 84.54.62.0/25 185.94.142.0/25 185.94.143.0/25 159.60.190.0/24	IPSec/UDP 4500 is optional as SSL for tunneling to global network is supported.
Europe	TCP	80, 443	5.182.213.0/25 5.182.212.0/25 5.182.213.128/25 5.182.214.0/25 84.54.60.0/25 185.56.154.0/25 159.60.160.0/24 159.60.162.0/24 159.60.188.0/24
	UDP	4500	5.182.213.0/25 5.182.212.0/25 5.182.213.128/25 5.182.214.0/25 84.54.60.0/25 185.56.154.0/25 159.60.160.0/24 159.60.162.0/24 159.60.188.0/24	IPSec/UDP 4500 is optional as SSL for tunneling to global network is supported.
Asia	TCP	80, 443	103.135.56.0/25 103.135.57.0/25 103.135.56.128/25 103.135.59.0/25 103.135.58.128/25 103.135.58.0/25 159.60.189.0/24 159.60.166.0/24 159.60.164.0/24
	UDP	4500	103.135.56.0/25 103.135.57.0/25 103.135.56.128/25 103.135.59.0/25 103.135.58.128/25 103.135.58.0/25 159.60.189.0/24 159.60.166.0/24 159.60.164.0/24	IPSec/UDP 4500 is optional as SSL for tunneling to global network is supported.

Public IPs for Secondary DNS zone transfer

Allow the following IP addresses for successful zone transfers if you use the F5 Distributed Cloud DNS zone management service:

52.14.213.208
3.140.118.214

Public IPs for Global Log Receiver

Allow the following IP ranges for successful functioning of the global log receiver:

193.16.236.68/32
185.160.8.156/32

Public IPs for DNSLB Health Checks

18.142.173.13
13.214.108.35
13.215.164.186
3.72.163.92
3.123.183.172
3.67.212.129
35.176.105.69
18.168.190.181
35.176.214.241
54.146.175.34
52.0.217.222
34.239.223.87
52.34.2.190
44.227.27.164
35.84.99.9

Public IPs for Container Registries

Also, ensure that you allow the following ranges to enable access to the various container registries:

23.158.32.48/29
84.54.60.0/29
84.54.61.48/29
84.54.62.48/29
103.135.56.48/29
103.135.56.176/29
103.135.57.48/29
103.135.58.0/29
103.135.58.128/29
103.135.59.0/29
159.60.164.0/29
159.60.166.0/29
185.56.154.0/29
185.94.142.0/29
185.94.143.0/29
185.160.8.152/29
185.160.8.160/29
185.160.8.168/29
185.160.8.176/29
193.16.236.64/29
193.16.236.88/29
193.16.236.104/29

Allowed Domains

Add the following domains to your allowlist to enable firewall or proxy to allow connections from or to the domains:

Location	Protocol	Port	Address	Notes
F5 Distributed Cloud	TCP	80, 443	*.ves.volterra.io downloads.volterra.io	This specifies the F5 Distributed Cloud domain.
F5 Distributed Cloud AI Model Updates	TCP	80, 443	*.blob.core.windows.net	This specifies the domain for obtaining the AI model updates.
Azure Registry	TCP	80, 443	volterra.azurecr.io vesio.azureedge.net *.azure.com	This specifies the domain for the Azure Registry.
Microsoft	TCP	80, 443	*.microsoftonline.com	This specifies the Microsoft domains.
AWS	TCP	80, 443	*.amazonaws.com	This specifies AWS domains.
Docker Registry	TCP	80, 443	docker.io docker.com	This specifies the domain for the Docker Registry.
Google Registry	TCP	80, 443	*.gcr.io gcr.io storage.googleapi.com	This specifies the domain for the Google Registry.
Redhat Registry	TCP	80, 443	update.release.core-os.net quay.io	This specifies the domain for the Redhat Registry.
Webroot URL Classification Database	TCP	80, 443	api.bcti.brightcloud.com	This specifies the domain for webroot URL classification database.
CDN Domains	UDP	53	traffic-router-0.cdn-gc.ves.volterra.io traffic-router-1.cdn-gc.ves.volterra.io cdn.ves.volterra.io	Domains for F5 Distributed Cloud Content Delivery Network.

IP Addresses for Site Provisioning

If your firewall does not support domain-based permissions, you can use the following list of outbound IPs that the Customer Edge (CE) Site needs to communicate with for initial provisioning. A DNS server is required for a Site to function correctly in resolving queries. Additionally, note that port 65500 is reserved for local UI and API access, so you may want to consider blocking or allowing this port as needed.

Note: IPs have the potential to change without F5 being aware of it. For this reason, using domain-based permissions is the preferred method rather than using this list.

20.33.0.0/16
74.125.0.0/16
18.64.0.0/10
52.223.128.0/18
20.152.0.0/15
13.107.238.0/24
142.250.0.0/15
20.34.0.0/15
52.192.0.0/12
52.208.0.0/13
52.223.0.0/17
18.32.0.0/11
3.208.0.0/12
13.107.237.0/24
20.36.0.0/14
52.222.0.0/16
52.220.0.0/15
3.0.0.0/9
100.64.0.0/10
54.88.0.0/16
52.216.0.0/14
108.177.0.0/17
20.40.0.0/13
54.64.0.0/11
172.253.0.0/16
20.64.0.0/10
20.128.0.0/16
172.217.0.0/16
173.194.0.0/16
20.150.0.0/15
20.48.0.0/12
72.19.3.0/24
18.128.0.0/9
23.20.0.0/14
13.104.0.0/14
13.96.0.0/13
13.64.0.0/11
13.249.0.0/16
34.192.0.0/10
3.224.0.0/12
54.208.0.0/13
54.216.0.0/14
108.156.0.0/14
54.144.0.0/12
54.220.0.0/15
54.192.0.0/12
54.160.0.0/11

Firewall or Proxy Reference for Network Cloud

On This Page: