Egress and Ingress communication for firewalls
If you are using a firewall or any other method to filter egress communication, please ensure that the following addresses are allowed for outbound communication. This is necessary to operate the in-cluster components.
All communication should be routed through or directed to port 443 for secure HTTPS communication.
Service | DNS | IPv4 | IPv6 |
---|---|---|---|
ARMO Platform (default data-center in EU) | api.armosec.io ens.euprod1.cyberarmorsoft.com otelcol.armosec.io report.armo.cloud synchronizer.armosec.io | Please refer to https://www.cloudflare.com/ips/ | N/A |
ARMO Platform (US data-center) | cloud-report.us.armosec.io cloud-ens.us.armosec.io api.us.armosec.io otelcol.us.armosec.io synchronizer.us.armosec.io | Please refer to https://www.cloudflare.com/ips/ | N/A |
Grype (vulnerabilities scanning) | grype.anchore.io toolbox-data.anchore.io | 172.67.15.216 104.22.74.215 104.22.75.215 | 2606:4700:10::6816:4bd7 2606:4700:10::ac43:fd8 2606:4700:10::6816:4ad7 |
GitHub (policies download) | raw.githubusercontent.com | 140.82.121.4 185.199.108.133 185.199.109.133 185.199.110.133 185.199.111.133 | 2606:50c0:8000::154 2606:50c0:8001::154 2606:50c0:8002::154 2606:50c0:8003::154 |
For Ingress traffic please ensure the following addresses are allowed for inbound communication
Service | DNS | IPv4 | IPv6 |
---|---|---|---|
ARMO Platform | 51.20.176.90 | N/A | |
ARMO US Platform | 52.15.140.116 | N/A |
Updated 20 days ago