Egress and Ingress communication for firewalls

If you are using a firewall or any other method to filter egress communication, please ensure that the following addresses are allowed for outbound communication. This is necessary to operate the in-cluster components.

All communication should be routed through or directed to port 443 for secure HTTPS communication.

ServiceDNSIPv4IPv6
ARMO Platform (default data-center in EU)api.armosec.io
ens.euprod1.cyberarmorsoft.com
otelcol.armosec.io
report.armo.cloud
synchronizer.armosec.io
16.170.46.131
13.50.180.111
16.171.184.118
N/A
ARMO Platform (US data-center)cloud-report.us.armosec.io
cloud-ens.us.armosec.io
api.us.armosec.io
otelcol.us.armosec.io
synchronizer.us.armosec.io
18.188.138.221 3.133.251.216 3.12.66.64N/A
Grype (vulnerabilities scanning)grype.anchore.io
toolbox-data.anchore.io
172.67.15.216
104.22.74.215
104.22.75.215
2606:4700:10::6816:4bd7
2606:4700:10::ac43:fd8
2606:4700:10::6816:4ad7
GitHub (policies download)raw.githubusercontent.com140.82.121.4
185.199.108.133
185.199.109.133
185.199.110.133
185.199.111.133
2606:50c0:8000::154
2606:50c0:8001::154
2606:50c0:8002::154
2606:50c0:8003::154

For Ingress traffic please ensure the following addresses are allowed for inbound communication

ServiceDNSIPv4IPv6
ARMO Platform51.20.176.90N/A
ARMO US Platform52.15.140.116N/A