Forcepoint LLC is committed to delivering a fast, secure and reliable cloud infrastructure. To accommodate increases in service usage, we may expand resources within existing data centers, balance traffic between data centers, or open new data centers. Forcepoint cloud administrators receive notifications before new data centers and IP address ranges come online.

As we expand our infrastructure, we may change the IP address to which your web requests are routed. This might occur, for example, if we add capacity closer to you. Having your firewall open to all of our IP ranges enables us to add to our infrastructure without affecting your service.

Which IP addresses and ports need to be open on my firewall to use the Forcepoint cloud web and email service?

If you intend to lock down your firewall, or already have your firewall locked down, and intend to use the cloud web or cloud email service, you must allow connections to and from the range of IP addresses for Forcepoint cloud service data centers and virtual points of presence (vPoPs).
 

IP address ranges in use by Forcepoint cloud services

 

CIDR	Range	Subnet	Mask
85.115.32.0/19	85.115.32.0 - 85.115.63.255	85.115.32.0	255.255.224.0
86.111.216.0/23	86.111.216.0 - 86.111.217.255	86.111.216.0	255.255.254.0
116.50.56.0/21	116.50.56.0 - 116.50.63.255	116.50.56.0	255.255.248.0
208.87.232.0/21	208.87.232.0 - 208.87.239.255	208.87.232.0	255.255.248.0
86.111.220.0/22	86.111.220.0 - 86.111.223.255	86.111.220.0	255.255.252.0
103.1.196.0/22	103.1.196.0 - 103.1.199.255	103.1.196.0	255.255.252.0
177.39.96.0/22	177.39.96.0 - 177.39.99.255	177.39.96.0	255.255.252.0
196.216.238.0/23	196.216.238.0 - 196.216.239.255	196.216.238.0	255.255.254.0
192.151.176.0/20	192.151.176.0 - 192.151.191.255	192.151.176.0	255.255.240.0
157.167.0.0/16	157.167.0.0 - 157.167.255.255	157.167.0.0	255.255.0.0

 

Data center/vPoP locations and IP addresses

 

DATA CENTER ID	IP SPACE	CITY	COUNTRY
A	85.115.52.1x0 85.115.52.{201-206}*	London (Heathrow)	UK
B	85.115.56.1x0 85.115.56.{201-206}*	Frankfurt	Germany
C	116.50.59.1x0	Mumbai	India
D	85.115.60.1x0 85.115.60.{201-206}*	Paris	France
E	85.115.58.1x0	Dusseldorf	Germany
F	85.115.62.1x0	Geneva	Switzerland
G	208.87.233.1x0 208.87.233.{201-206}*	San Jose, CA	USA
H	208.87.234.1x0 208.87.234.{201-206}*	Ashburn, VA	USA
I	85.115.32.1x0	Istanbul	Turkey
J	85.115.54.1x0 85.115.54.{201-206}*	Slough	UK
K	116.50.57.1x0	Hong Kong	China
M	116.50.58.1x0	Sydney	Australia
N	208.87.237.1x0 208.87.237.{201-206}*	Chicago, IL	USA
O	208.87.239.1x0	Dallas, TX	USA
P	177.39.96.1x0	Sao Paulo	Brazil
Q	208.87.238.1x0	Miami, FL	USA
R	116.50.60.1x0	Singapore	Singapore
S	196.216.238.1x0 196.216.238.{201-206}*	Johannesburg	South Africa
T	116.50.61.1x0	Tokyo	Japan
U	85.115.37.1x0	Stockholm	Sweden
X	85.115.33.1x0	Amsterdam	Netherlands
ASUA**	157.167.21.1x0	Asuncion	Paraguay
BCVA**	157.167.10.1x0	Belmopan	Belize
BOGA**	192.151.179.1x0	Bogota	Colombia
BRUA**	85.115.61.1x0	Brussels	Belgium
DXBA	85.115.46.1x0	Dubai	United Arab Emirates
BUEA**	177.39.97.1x0	Buenos Aires	Argentina
CAYA**	157.167.19.1x0	Cayenne	French Guiana
GEOA**	157.167.20.1x0	Georgetown	Guyana
GUAA**	157.167.14.1x0	Guatamala City	Guatamala
HELA**	85.115.63.1x0	Helsinki	Finland
JRSA**	85.115.47.1x0	Jerusalem	Israel
LAXA	208.87.235.1x0	Los Angeles, CA	USA
LIMA**	157.167.22.1x0	Lima	Peru
LONB	85.115.53.1x0 85.115.53.{201-206}*	London (Docklands)	UK
LPBA**	157.167.17.1x0	La Paz	Bolivia
MADA**	85.115.44.1x0	Madrid	Spain
MEXA**	192.151.180.1x0	Mexico City	Mexico
MGAA**	192.151.181.1x0	Managua	Nicaragua
MILA	85.115.39.1x0	Milan	Italy
MVDA**	157.167.24.1x0	Montevideo	Uruguay
NYCA	208.87.236.1x0	New York, NY	USA
OSLA**	85.115.45.1x0	Oslo	Norway
PBMA**	157.167.23.1x0	Paramaribo	Suriname
PTYA**	157.167.16.1x0	Panama City	Panama
SALA**	157.167.13.1x0	San Salvador	El Salvador
SCLA**	157.167.18.1x0	Santiago	Chile
SJOA**	157.167.11.1x0	San Jose	Costa Rica
TGUA**	157.167.15.1x0	Tegucigalpa	Honduras
UIOA**	157.167.12.1x0	Quito	Ecuador
WAWA	85.115.35.1x0	Warsaw	Poland
WLGA**	116.50.62.1x0	Wellington	New Zealand
YYZA	192.151.178.1x0	Toronto	Canada

 
* - IP address range applies to cloud web products only.
 ** - Virtual point of presence (vPoP). See the article Improved content localization with virtual point of presence (vPoP) IP addresses.

Notes:

• The 1x0 in the IP addresses listed above denote multiple IP addresses based on product. For example, .150 and .211-.216 are for the hybrid service, .180 and .201-.206 are for the cloud service, and .190 is for email and hybrid web reporting.
• The following points of presence support web and email:
  • A | B | C | D | E | F | G | H | J | K | M | S
• The following points of presence support web only:
  • I | N | O | P | Q | R | T | U | X | ASUA | BCVA | BOGA | BUEA | CAYA | DXBA | GEOA | GUAA | JRSA | LAXA | LIMA | LONB | LPBA | MADA | MEXA | MILA | MVDA | NYCA | OSLA | PBMA | PTYA | SALA | SCLA | SJOA | TGUA | UIOA | WAWA | YYZA

 

Forcepoint Web Security Cloud

Forcepoint Web Security Cloud serves end-user web requests from the closest data center location between you and the service. Be sure to allow traffic through your firewall, to and from Forcepoint's IP ranges, on all ports listed below.

Ports to open:

• Forcepoint Security Portal: 80 and 443
• Forcepoint Web Security Cloud:
  • 8082 and 8081 if you are retrieving the PAC file and routing web traffic through the standard cloud web ports. (If you are using port 80 for the PAC file, you do not need to open these ports.)
  • 8087 if you are retrieving the PAC file via HTTPS. Port 8081 must also be opened for browsing. (If you are using port 443 for the HTTPS PAC file, you do not need to open these ports.)
  • 8006 if you are using single sign-on integration.
  • 8089 if you are using secure form authentication.

Note that further ports may be required in the future as new features are added to the service.
 

Forcepoint Email Security Cloud

Forcepoint Email Security Cloud uses customer-specific DNS records to route email from the cloud service to your email gateway, and from your email gateway back to the service. Once you complete the registration wizard, the details you entered are verified. When the security check is complete, you will receive a welcome message detailing your customer-specific DNS records and instructions for routing email.
 
Because Forcepoint Email Security Cloud is a hosted service, Forcepoint is responsible for managing system capacity. For this reason, we may occasionally choose to alter the route of your email within our service. To enable us to do this seamlessly without requiring you to make further changes, you must allow SMTP connections from all of the IP ranges listed above. To access the Forcepoint Security Portal, ensure that ports 80 and 443 are also permitted for these IP ranges.

Ports to open:

• Forcepoint Security Portal: 80 and 443
• Forcepoint Email Security Cloud: 25

We strongly recommend that you lock down your firewall to ensure that your mail servers only accept email from Forcepoint IP addresses. If you do not do this, then email can be maliciously routed directly to your mail servers, bypassing Forcepoint Email Security Cloud. For more information, see the Restricting connections to your mail servers in the Forcepoint Email Security Cloud Getting Started Guide.