If you choose to limit network egress out of your environments, you may need to whitelist the F5 Distributed Cloud App Infrastructure Protection (AIP) Platform in your firewall configuration to enable the Agent to register and send data. Be aware that doing so can be dangerous for your service availability since the Distributed Cloud AIP IP addresses can change at any time. This would only happen if we are actively remediating certain types of attacks against our infrastructure.
The addresses required for whitelisting network access include:
- 22.214.171.124 (443/tcp)
- 126.96.36.199 (443/tcp)
- 188.8.131.52 (443/tcp)
- 184.108.40.206 (443/tcp)
At no point does the Distributed Cloud AIP Platform initiate a connection down to the Agent, therefore inbound flows to your network should continue to block access while allowing outbound flows.
The Agent connects to the following domains:
- app.threatstack.com (443/tcp) - registration only
- cssensors.threatstack.com (443/tcp) - all post registration communication
Distributed Cloud AIP does not support proxies at this time.
For more information on whitelisting webhooks see the Configure Network Access for Webhooks article.