Forcepoint is committed to delivering a fast, secure and reliable cloud infrastructure. To accommodate increases in service usage, we may expand resources within existing data centers, balance traffic between data centers, or open new data centers. Forcepoint cloud administrators receive notifications before new data centers and IP address ranges come online.

As we expand our infrastructure, we may change the IP address to which your web requests are routed. This might occur, for example, if we add capacity closer to you. Having your firewall open to all of our IP ranges enables us to add to our infrastructure without affecting your service.

Which IP addresses and ports need to be open on my firewall to use the Forcepoint cloud web and email service?

If you intend to lock down your firewall, or already have your firewall locked down, and intend to use the cloud web or cloud email service, you must allow connections to and from the range of IP addresses for Forcepoint cloud service data centers and local points of presence (also known as vPoPs).
 

IP address ranges in use by Forcepoint cloud services

 

CIDR	Range	Subnet	Mask
85.115.32.0/19	85.115.32.0 - 85.115.63.255	85.115.32.0	255.255.224.0
86.111.216.0/23	86.111.216.0 - 86.111.217.255	86.111.216.0	255.255.254.0
116.50.56.0/21	116.50.56.0 - 116.50.63.255	116.50.56.0	255.255.248.0
208.87.232.0/21	208.87.232.0 - 208.87.239.255	208.87.232.0	255.255.248.0
86.111.220.0/22	86.111.220.0 - 86.111.223.255	86.111.220.0	255.255.252.0
103.1.196.0/22	103.1.196.0 - 103.1.199.255	103.1.196.0	255.255.252.0
177.39.96.0/22	177.39.96.0 - 177.39.99.255	177.39.96.0	255.255.252.0
196.216.238.0/23	196.216.238.0 - 196.216.239.255	196.216.238.0	255.255.254.0
192.151.176.0/20	192.151.176.0 - 192.151.191.255	192.151.176.0	255.255.240.0
157.167.0.0/16	157.167.0.0 - 157.167.255.255	157.167.0.0	255.255.0.0

 

Data center/local PoP locations and IP addresses

 

DATA CENTER ID	IP SPACE	CITY	COUNTRY
A	85.115.52.1x0 85.115.52.{201-206}*	London (Heathrow)	UK
B	85.115.56.1x0 85.115.56.{201-206}*	Frankfurt	Germany
C	116.50.59.1x0	Mumbai	India
D	85.115.60.1x0 85.115.60.{201-206}*	Paris	France
E	85.115.58.1x0	Dusseldorf	Germany
F	85.115.62.1x0	Geneva	Switzerland
G	208.87.233.1x0 208.87.233.{201-206}*	San Jose, CA	USA
H	208.87.234.1x0 208.87.234.{201-206}*	Ashburn, VA	USA
I	85.115.32.1x0	Istanbul	Turkey
J	85.115.54.1x0 85.115.54.{201-206}*	Slough	UK
K	116.50.57.1x0	Hong Kong	China
M	116.50.58.1x0	Sydney	Australia
N	208.87.237.1x0 208.87.237.{201-206}*	Chicago, IL	USA
O	208.87.239.1x0	Dallas, TX	USA
P	177.39.96.1x0	Sao Paulo	Brazil
Q	208.87.238.1x0	Miami, FL	USA
R	116.50.60.1x0	Singapore	Singapore
S	196.216.238.1x0 196.216.238.{201-206}*	Johannesburg	South Africa
T	116.50.61.1x0	Tokyo	Japan
U	85.115.37.1x0	Stockholm	Sweden
X	85.115.33.1x0	Amsterdam	Netherlands
ARNA**	157.167.47.1x0	Stockholm	Sweden
ASUA**	157.167.21.1x0	Asuncion	Paraguay
BCVA**	157.167.10.1x0	Belmopan	Belize
BKKA**	157.167.29.1x0	Bangkok	Thailand
BOGA**	192.151.179.1x0	Bogota	Colombia
BRUA**	85.115.61.1x0	Brussels	Belgium
BUEA**	177.39.97.1x0	Buenos Aires	Argentina
BWNA**	157.167.27.1x0	Bandar Seri Begawan	Brunei
CAYA**	157.167.19.1x0	Cayenne	French Guiana
CCSA**	157.167.25.1x0	Caracas	Venezuela
CGKA**	157.167.34.1x0	Jakarta	Indonesia
CPHA**	157.167.45.1x0	Copenhagen	Denmark
DILA**	157.167.30.1x0	Dili	Timor-Leste
DUBA**	157.167.54.1x0	Dublin	Ireland
DXBA	85.115.46.1x0	Dubai	United Arab Emirates
GEOA**	157.167.20.1x0	Georgetown	Guyana
GIBA**	157.167.53.1x0	Gibraltar	Gibraltar
GUAA**	157.167.14.1x0	Guatamala City	Guatamala
HANA**	157.167.31.1x0	Hanoi	Vietnam
HELA**	85.115.63.1x0	Helsinki	Finland
ICNA**	157.167.26.1x0	Seoul	South Korea
IEVA**	157.167.52.1x0	Kiev	Ukraine
JERA**	157.167.55.1x0	Saint Helier	Jersey
JRSA**	85.115.47.1x0	Jerusalem	Israel
KEFA**	157.167.43.1x0	Reykjavic	Iceland
KLIA**	157.167.33.1x0	Kuala Lumpur	Malaysia
LAXA	208.87.235.1x0	Los Angeles, CA	USA
LIMA**	157.167.22.1x0	Lima	Peru
LISA**	157.167.56.1x0	Lisbon	Portugal
LONB	85.115.53.1x0 85.115.53.{201-206}*	London (Docklands)	UK
LPBA**	157.167.17.1x0	La Paz	Bolivia
MADA**	85.115.44.1x0	Madrid	Spain
MEXA**	192.151.180.1x0	Mexico City	Mexico
MFMA**	157.167.36.1x0	Macau	Macau
MGAA**	192.151.181.1x0	Managua	Nicaragua
MILA	85.115.39.1x0	Milan	Italy
MNLA**	157.167.39.1x0	Manila	Philippines
MOWA**	157.167.51.1x0	Moscow	Russia
MSQA**	157.167.48.1x0	Minsk	Belarus
MVDA**	157.167.24.1x0	Montevideo	Uruguay
NYCA	208.87.236.1x0	New York, NY	USA
NYTA**	157.167.35.1x0	Naypyidaw	Myanmar
OSLA**	85.115.45.1x0	Oslo	Norway
PBMA**	157.167.23.1x0	Paramaribo	Suriname
PNHA**	157.167.28.1x0	Phnomh Penh	Cambodia
POMA**	157.167.40.1x0	Port Moresby	Papua New Guinea
PPTA**	157.167.42.1x0	Papeete	French Polynesia
PTYA**	157.167.16.1x0	Panama City	Panama
RIXA**	157.167.50.1x0	Riga	Latvia
SALA**	157.167.13.1x0	San Salvador	El Salvador
SCLA**	157.167.18.1x0	Santiago	Chile
SJOA**	157.167.11.1x0	San Jose	Costa Rica
SUVA**	157.167.41.1x0	Suva	Fiji
TGUA**	157.167.15.1x0	Tegucigalpa	Honduras
TLLA**	157.167.49.1x0	Tallinn	Estonia
TPEA**	157.167.38.1x0	Taipei	Taiwan
UIOA**	157.167.12.1x0	Quito	Ecuador
ULNA**	157.167.37.1x0	Ulaanbaatar	Mongolia
VNOA**	157.167.44.1x0	Vilnius	Lithuania
VTEA**	157.167.32.1x0	Vientiane	Laos
WAWA	85.115.35.1x0	Warsaw	Poland
WAWB**	157.167.46.1x0	Warsaw	Poland
WLGA**	116.50.62.1x0	Wellington	New Zealand
YYZA	192.151.178.1x0	Toronto	Canada
YYZB**	157.167.57.1x0	Ottawa	Canada

 
* - IP address range applies to cloud web products only.
 ** - Local point of presence (local PoP, also known as vPoP). See the article Improved content localization with local point of presence (aka vPoP) IP addresses.

Notes:

• The 1x0 in the IP addresses listed above denote multiple IP addresses based on product. For example, .150 and .211-.216 are for the hybrid service, .180 and .201-.206 are for the cloud service, and .190 is for email and hybrid web reporting.
• The following points of presence support web and email:
  • A | B | C | D | E | F | G | H | J | K | M | S
• The following points of presence support web only:
  • I | N | O | P | Q | R | T | U | X | ARNA | ASUA | BCVA | BKKA | BOGA | BUEA | BWNA | CAYA | CCSA | CGKA | CPHA | DILA | DUBA | DXBA | GEOA | GIBA | GUAA | HANA | ICNA | IEVA | JERA | JRSA | KEFA | KLIA | LAXA | LIMA | LISA | LONB | LPBA | MADA | MEXA | MFMA | MILA | MLNA | MOWA | MSQA | MVDA | NYCA | NYTA | OSLA | PBMA | PNHA | POMA | PPTA | PTYA | RIXA | SALA | SCLA | SJOA | SUVA | TGUA | TLLA | TPEA | UIOA | ULNA | VNOA | VTEA | WAWA | WAWB | YYZA | YYZB

 

Forcepoint Web Security Cloud

Forcepoint Web Security Cloud serves end-user web requests from the closest data center location between you and the service. Be sure to allow traffic through your firewall, to and from Forcepoint's IP ranges, on all ports listed below.

Ports to open:

• Forcepoint Security Portal: 80 and 443
• Forcepoint Web Security Cloud:
  • 8082 and 8081 if you are retrieving the PAC file and routing web traffic through the standard cloud web ports. (If you are using port 80 for the PAC file, you do not need to open these ports.)
  • 8087 if you are retrieving the PAC file via HTTPS. Port 8081 must also be opened for browsing. (If you are using port 443 for the HTTPS PAC file, you do not need to open these ports.)
  • 8006 if you are using single sign-on integration.
  • 8089 if you are using secure form authentication.

Note that further ports may be required in the future as new features are added to the service.
 

Forcepoint Email Security Cloud

Forcepoint Email Security Cloud uses customer-specific DNS records to route email from the cloud service to your email gateway, and from your email gateway back to the service. Once you complete the registration wizard, the details you entered are verified. When the security check is complete, you will receive a welcome message detailing your customer-specific DNS records and instructions for routing email.
 
Because Forcepoint Email Security Cloud is a hosted service, Forcepoint is responsible for managing system capacity. For this reason, we may occasionally choose to alter the route of your email within our service. To enable us to do this seamlessly without requiring you to make further changes, you must allow SMTP connections from all of the IP ranges listed above. To access the Forcepoint Security Portal, ensure that ports 80 and 443 are also permitted for these IP ranges.

Ports to open:

• Forcepoint Security Portal: 80 and 443
• Forcepoint Email Security Cloud: 25

We strongly recommend that you lock down your firewall to ensure that your mail servers only accept email from Forcepoint IP addresses. If you do not do this, then email can be maliciously routed directly to your mail servers, bypassing Forcepoint Email Security Cloud. For more information, see the Restricting connections to your mail servers in the Forcepoint Email Security Cloud Getting Started Guide.