Egress and Ingress communication for firewalls

If you are using a firewall or any other method to filter egress communication, please ensure that the following addresses are allowed for outbound communication. This is necessary to operate the in-cluster components.

All communication should be routed through or directed to port 443 for secure HTTPS communication.

Service	DNS	IPv4	IPv6
ARMO Platform (default data-center in EU)	api.armosec.io ens.euprod1.cyberarmorsoft.com otelcol.armosec.io report.armo.cloud synchronizer.armosec.io	Please refer to https://www.cloudflare.com/ips/	N/A
ARMO Platform (US data-center)	cloud-report.us.armosec.io cloud-ens.us.armosec.io api.us.armosec.io otelcol.us.armosec.io synchronizer.us.armosec.io	Please refer to https://www.cloudflare.com/ips/	N/A
Grype (vulnerabilities scanning)	grype.anchore.io toolbox-data.anchore.io	172.67.15.216 104.22.74.215 104.22.75.215	2606:4700:10::6816:4bd7 2606:4700:10::ac43:fd8 2606:4700:10::6816:4ad7
GitHub (policies download)	raw.githubusercontent.com	140.82.121.4 185.199.108.133 185.199.109.133 185.199.110.133 185.199.111.133	2606:50c0:8000::154 2606:50c0:8001::154 2606:50c0:8002::154 2606:50c0:8003::154

For Ingress traffic please ensure the following addresses are allowed for inbound communication

Service	DNS	IPv4	IPv6
ARMO Platform		51.20.176.90	N/A
ARMO US Platform		52.15.140.116	N/A