Firewall or Proxy Reference for Network Cloud
On This Page:
Objective
This reference document lists out the public IP addresses of the F5 Distributed Cloud's Network Cloud. It is required that you configure your firewall or proxy to allow connections from and to these IP addresses. Also, this document includes the list of domains to be included in your whitelist in order for your firewall or proxy to allow connections from and to these domains.
It is recommended to check if your network allows connections to the IP addresses or domains listed in this document. If your application indefinitely continues in the 'connecting' mode or returns network errors, check your firewall or proxy settings and update the configuration to whitelist or allow connections to F5 Distributed Cloud network and associated locations such as docker registry. Click here to download the subnet ranges and whitelist domains in a text list for using in automation code.
Public IPv4 Subnet Ranges
Configure your network firewall to allow connections from or to the IP address ranges specified in the following table:
| Geography | Protocol | Ports | IP Address | Notes |
|---|---|---|---|---|
| Americas | TCP | 80, 443 | 5.182.215.0/25 84.54.61.0/25 23.158.32.0/25 84.54.62.0/25 185.94.142.0/25 185.94.143.0/25 159.60.190.0/24 159.60.168.0/24 |
|
| UDP | 4500 | 5.182.215.0/25 84.54.61.0/25 23.158.32.0/25 84.54.62.0/25 185.94.142.0/25 185.94.143.0/25 159.60.190.0/24 |
IPSec/UDP 4500 is optional as SSL for tunneling to global network is supported. | |
| Europe | TCP | 80, 443 | 5.182.213.0/25 5.182.212.0/25 5.182.213.128/25 5.182.214.0/25 84.54.60.0/25 185.56.154.0/25 159.60.160.0/24 159.60.162.0/24 159.60.188.0/24 |
|
| UDP | 4500 | 5.182.213.0/25 5.182.212.0/25 5.182.213.128/25 5.182.214.0/25 84.54.60.0/25 185.56.154.0/25 159.60.160.0/24 159.60.162.0/24 159.60.188.0/24 |
IPSec/UDP 4500 is optional as SSL for tunneling to global network is supported. | |
| Asia | TCP | 80, 443 | 103.135.56.0/25 103.135.57.0/25 103.135.56.128/25 103.135.59.0/25 103.135.58.128/25 103.135.58.0/25 159.60.189.0/24 159.60.166.0/24 159.60.164.0/24 |
|
| UDP | 4500 | 103.135.56.0/25 103.135.57.0/25 103.135.56.128/25 103.135.59.0/25 103.135.58.128/25 103.135.58.0/25 159.60.189.0/24 159.60.166.0/24 159.60.164.0/24 |
IPSec/UDP 4500 is optional as SSL for tunneling to global network is supported. |
Public IPs for Secondary DNS zone transfer
Allow the following IP addresses for successful zone transfers in case you use F5 Distributed Cloud DNS zone management service:
- 52.14.213.208
- 3.140.118.214
Public IPs for Global Log Receiver
Allow the following IP ranges for successful functioning of global log receiver:
- 193.16.236.68/32
- 185.160.8.156/32
Public IPs for DNSLB Health Checks
- 18.142.173.13
- 13.214.108.35
- 13.215.164.186
- 3.72.163.92
- 3.123.183.172
- 3.67.212.129
- 35.176.105.69
- 18.168.190.181
- 35.176.214.241
- 54.146.175.34
- 52.0.217.222
- 34.239.223.87
- 52.34.2.190
- 44.227.27.164
- 35.84.99.9
Public IPs for Container Registries
Also, ensure that you allow the following ranges to enable access to the various container registries:
- 23.158.32.48/29
- 84.54.60.0/29
- 84.54.61.48/29
- 84.54.62.48/29
- 103.135.56.48/29
- 103.135.56.176/29
- 103.135.57.48/29
- 103.135.58.0/29
- 103.135.58.128/29
- 103.135.59.0/29
- 159.60.164.0/29
- 159.60.166.0/29
- 185.56.154.0/29
- 185.94.142.0/29
- 185.94.143.0/29
- 185.160.8.152/29
- 185.160.8.160/29
- 185.160.8.168/29
- 185.160.8.176/29
- 193.16.236.64/29
- 193.16.236.88/29
- 193.16.236.104/29
Allowed Domains
Add the following domains to your whitelist to enable firewall or proxy to allow connections from or to the domains:
| Location | Protocol | Port | Address | Notes |
|---|---|---|---|---|
| F5 Distributed Cloud | TCP | 80, 443 | *.ves.volterra.io downloads.volterra.io |
This specifies the F5 Distributed Cloud domain. |
| F5 Distributed Cloud AI Model Updates | TCP | 80, 443 | *.blob.core.windows.net | This specifies the domain for obtaining the AI model updates. |
| Azure Registry | TCP | 80, 443 | volterra.azurecr.io vesio.azureedge.net *.azure.com |
This specifies the domain for the Azure Registry. |
| Microsoft | TCP | 80, 443 | *.microsoftonline.com | This specifies the Microsoft domains. |
| AWS | TCP | 80, 443 | *.amazonaws.com | This specifies AWS domains. |
| Docker Registry | TCP | 80, 443 | docker.io docker.com |
This specifies the domain for the Docker Registry. |
| Google Registry | TCP | 80, 443 | *.gcr.io gcr.io storage.googleapi.com |
This specifies the domain for the Google Registry. |
| Redhat Registry | TCP | 80, 443 | update.release.core-os.net quay.io |
This specifies the domain for the Redhat Registry. |
| Webroot URL Classification Database | TCP | 80, 443 | api.bcti.brightcloud.com | This specifies the domain for webroot URL classification database. |
| CDN Domains | UDP | 53 | traffic-router-0.cdn-gc.ves.volterra.io traffic-router-1.cdn-gc.ves.volterra.io cdn.ves.volterra.io |
Domains for F5 Distributed Cloud Content Delivery Network. |