Egress and Ingress communication for firewalls
If you are using a firewall or any other method to filter egress communication, please ensure that the following addresses are allowed for outbound communication. This is necessary to operate the in-cluster components.
All communication should be routed through or directed to port 443 for secure HTTPS communication.
| Service | DNS | IPv4 | IPv6 |
|---|---|---|---|
| ARMO Platform (default data-center in EU) | api.armosec.io ens.euprod1.cyberarmorsoft.com otelcol.armosec.io report.armo.cloud synchronizer.armosec.io | Please refer to https://www.cloudflare.com/ips/ | N/A |
| ARMO Platform (US data-center) | cloud-report.us.armosec.io cloud-ens.us.armosec.io api.us.armosec.io otelcol.us.armosec.io synchronizer.us.armosec.io | Please refer to https://www.cloudflare.com/ips/ | N/A |
| Grype (vulnerabilities scanning) | grype.anchore.io toolbox-data.anchore.io | 172.67.15.216 104.22.74.215 104.22.75.215 | 2606:4700:10::6816:4bd7 2606:4700:10::ac43:fd8 2606:4700:10::6816:4ad7 |
| GitHub (policies download) | raw.githubusercontent.com | 140.82.121.4 185.199.108.133 185.199.109.133 185.199.110.133 185.199.111.133 | 2606:50c0:8000::154 2606:50c0:8001::154 2606:50c0:8002::154 2606:50c0:8003::154 |
GitHub IP ranges are prone to change. The GitHub IP addresses listed above are provided for convenience, but the source of truth is GitHub’s Meta API. For the latest IPv4 and IPv6 ranges used by GitHub web endpoints, refer to the
.websection in https://api.github.com/meta.
For Ingress traffic please ensure the following addresses are allowed for inbound communication
| Service | DNS | IPv4 | IPv6 |
|---|---|---|---|
| ARMO Platform | 13.49.199.135 13.63.121.215 13.63.99.28 | N/A | |
| ARMO US Platform | 3.12.0.124 3.151.183.44 18.117.200.208 | N/A |
Updated about 1 month ago
Did this page help you?
