Egress and Ingress communication for firewalls
If you are using a firewall or any other method to filter egress communication, please ensure that the following addresses are allowed for outbound communication. This is necessary to operate the in-cluster components.
All communication should be routed through or directed to port 443 for secure HTTPS communication.
| Service | DNS | IPv4 | IPv6 |
|---|---|---|---|
| ARMO Platform (default data-center in EU) | api.armosec.io ens.euprod1.cyberarmorsoft.com otelcol.armosec.io report.armo.cloud synchronizer.armosec.io | 16.170.46.131 13.50.180.111 16.171.184.118 | N/A |
| ARMO Platform (US data-center) | cloud-report.us.armosec.io cloud-ens.us.armosec.io api.us.armosec.io otelcol.us.armosec.io synchronizer.us.armosec.io | 18.188.138.221 3.133.251.216 3.12.66.64 | N/A |
| Grype (vulnerabilities scanning) | grype.anchore.io toolbox-data.anchore.io | 172.67.15.216 104.22.74.215 104.22.75.215 | 2606:4700:10::6816:4bd7 2606:4700:10::ac43:fd8 2606:4700:10::6816:4ad7 |
| GitHub (policies download) | raw.githubusercontent.com | 140.82.121.4 185.199.108.133 185.199.109.133 185.199.110.133 185.199.111.133 | 2606:50c0:8000::154 2606:50c0:8001::154 2606:50c0:8002::154 2606:50c0:8003::154 |
For Ingress traffic please ensure the following addresses are allowed for inbound communication
| Service | DNS | IPv4 | IPv6 |
|---|---|---|---|
| ARMO Platform | 51.20.176.90 | N/A | |
| ARMO US Platform | 52.15.140.116 | N/A |
Updated 2 months ago