Configure Agent Network Access

If you choose to limit network egress out of your environments, you may need to whitelist the F5 Distributed Cloud App Infrastructure Protection (AIP) Platform in your firewall configuration to enable the Agent to register and send data. Be aware that doing so can be dangerous for your service availability since the Distributed Cloud AIP IP addresses can change at any time. This would only happen if we are actively remediating certain types of attacks against our infrastructure.

The addresses required for whitelisting network access include:

  • (443/tcp)
  • (443/tcp)
  • (443/tcp)
  • (443/tcp)

At no point does the Distributed Cloud AIP Platform initiate a connection down to the Agent, therefore inbound flows to your network should continue to block access while allowing outbound flows.

The Agent connects to the following domains:

  • (443/tcp) - registration only
  • (443/tcp) - all post registration communication


Distributed Cloud AIP supports proxies at this time. However, functionality may vary as not all proxies have been tested.

For more information on whitelisting webhooks, see Configure Network Access for Webhooks.

Was this article helpful?
0 out of 0 found this helpful