KB Article | Forcepoint Support

Notes & Warnings

Forcepoint LLC is committed to delivering a fast, secure and reliable cloud infrastructure. To accommodate increases in service usage, we may expand resources within existing data centers, balance traffic between data centers, or open new data centers. Forcepoint cloud administrators receive notifications before new data centers and IP address ranges come online.

As we expand our infrastructure, we may change the IP address to which your web requests are routed. This might occur, for example, if we add capacity closer to you. Having your firewall open to all of our IP ranges enables us to add to our infrastructure without affecting your service.

Problem Description

Which IP addresses and ports need to be open on my firewall to use the Forcepoint cloud web and email service?

Resolution

If you intend to lock down your firewall, or already have your firewall locked down, and intend to use the cloud web or cloud email service, you must allow connections to and from the range of IP addresses for Forcepoint cloud service data centers and virtual points of presence (vPoPs).
 

IP address ranges in use by Forcepoint cloud services

 
CIDRRangeSubnetMask
85.115.32.0/1985.115.32.0 - 85.115.63.25585.115.32.0255.255.224.0
86.111.216.0/2386.111.216.0 - 86.111.217.25586.111.216.0255.255.254.0
116.50.56.0/21116.50.56.0 - 116.50.63.255116.50.56.0255.255.248.0
208.87.232.0/21208.87.232.0 - 208.87.239.255208.87.232.0255.255.248.0
86.111.220.0/2286.111.220.0 - 86.111.223.25586.111.220.0255.255.252.0
103.1.196.0/22103.1.196.0 - 103.1.199.255103.1.196.0255.255.252.0
177.39.96.0/22177.39.96.0 - 177.39.99.255177.39.96.0255.255.252.0
196.216.238.0/23196.216.238.0 - 196.216.239.255196.216.238.0255.255.254.0
192.151.176.0/20192.151.176.0 - 192.151.191.255192.151.176.0255.255.240.0
157.167.0.0/16157.167.0.0 - 157.167.255.255157.167.0.0255.255.0.0
 

Data center/vPoP locations and IP addresses

 
DATA CENTER IDIP SPACECITYCOUNTRY
A85.115.52.1x0
85.115.52.{201-206}*
London (Heathrow)UK
B85.115.56.1x0
85.115.56.{201-206}*
FrankfurtGermany
C116.50.59.1x0MumbaiIndia
D85.115.60.1x0
85.115.60.{201-206}*
ParisFrance
E85.115.58.1x0DusseldorfGermany
F85.115.62.1x0GenevaSwitzerland
G208.87.233.1x0
208.87.233.{201-206}*
San Jose, CAUSA
H208.87.234.1x0
208.87.234.{201-206}*
Ashburn, VAUSA
I85.115.32.1x0IstanbulTurkey
J85.115.54.1x0
85.115.54.{201-206}*
SloughUK
K116.50.57.1x0Hong KongChina
M116.50.58.1x0SydneyAustralia
N208.87.237.1x0
208.87.237.{201-206}*
Chicago, ILUSA
O208.87.239.1x0Dallas, TXUSA
P177.39.96.1x0Sao PauloBrazil
Q208.87.238.1x0Miami, FLUSA
R116.50.60.1x0SingaporeSingapore
S196.216.238.1x0
196.216.238.{201-206}*
JohannesburgSouth Africa
T116.50.61.1x0TokyoJapan
U85.115.37.1x0StockholmSweden
X85.115.33.1x0AmsterdamNetherlands
ASUA**157.167.21.1x0AsuncionParaguay
BCVA**157.167.10.1x0BelmopanBelize
BOGA**192.151.179.1x0BogotaColombia
BRUA**85.115.61.1x0BrusselsBelgium
DXBA85.115.46.1x0DubaiUnited Arab Emirates
BUEA**177.39.97.1x0Buenos AiresArgentina
CAYA**157.167.19.1x0CayenneFrench Guiana
GEOA**157.167.20.1x0GeorgetownGuyana
GUAA**157.167.14.1x0Guatamala CityGuatamala
HELA**85.115.63.1x0HelsinkiFinland
JRSA**85.115.47.1x0JerusalemIsrael
LAXA208.87.235.1x0Los Angeles, CAUSA
LIMA**157.167.22.1x0LimaPeru
LONB85.115.53.1x0
85.115.53.{201-206}*
London (Docklands)UK
LPBA**157.167.17.1x0La PazBolivia
MADA**85.115.44.1x0MadridSpain
MEXA**192.151.180.1x0Mexico CityMexico
MGAA**192.151.181.1x0ManaguaNicaragua
MILA85.115.39.1x0MilanItaly
MVDA**157.167.24.1x0MontevideoUruguay
NYCA208.87.236.1x0New York, NYUSA
OSLA**85.115.45.1x0OsloNorway
PBMA**157.167.23.1x0ParamariboSuriname
PTYA**157.167.16.1x0Panama CityPanama
SALA**157.167.13.1x0San SalvadorEl Salvador
SCLA**157.167.18.1x0SantiagoChile
SJOA**157.167.11.1x0San JoseCosta Rica
TGUA**157.167.15.1x0TegucigalpaHonduras
UIOA**157.167.12.1x0QuitoEcuador
WAWA85.115.35.1x0WarsawPoland
WLGA**116.50.62.1x0WellingtonNew Zealand
YYZA192.151.178.1x0TorontoCanada
 
*
- IP address range applies to cloud web products only.
 ** - Virtual point of presence (vPoP). See the article Improved content localization with virtual point of presence (vPoP) IP addresses.

Notes:
  • The 1x0 in the IP addresses listed above denote multiple IP addresses based on product. For example, .150 and .211-.216 are for the hybrid service, .180 and .201-.206 are for the cloud service, and .190 is for email and hybrid web reporting.
  • The following points of presence support web and email:
    • A | B | C | D | E | F | G | H | J | K | M | S
  • The following points of presence support web only:
    • I | N | O | P | Q | R | T | U | X | ASUA | BCVA | BOGA | BUEA | CAYA | DXBA | GEOA | GUAA | JRSA | LAXA | LIMA | LONB | LPBA | MADA | MEXA | MILA | MVDA | NYCA | OSLA | PBMA | PTYA | SALA | SCLA | SJOA | TGUA | UIOA | WAWA | YYZA

 

    Forcepoint Web Security Cloud

    Forcepoint Web Security Cloud serves end-user web requests from the closest data center location between you and the service. Be sure to allow traffic through your firewall, to and from Forcepoint's IP ranges, on all ports listed below.

    Ports to open:
    • Forcepoint Security Portal: 80 and 443
    • Forcepoint Web Security Cloud:
      • 8082 and 8081 if you are retrieving the PAC file and routing web traffic through the standard cloud web ports. (If you are using port 80 for the PAC file, you do not need to open these ports.)
      • 8087 if you are retrieving the PAC file via HTTPS. Port 8081 must also be opened for browsing. (If you are using port 443 for the HTTPS PAC file, you do not need to open these ports.)
      • 8006 if you are using single sign-on integration.
      • 8089 if you are using secure form authentication.
    Note that further ports may be required in the future as new features are added to the service.
     

    Forcepoint Email Security Cloud

    Forcepoint Email Security Cloud uses customer-specific DNS records to route email from the cloud service to your email gateway, and from your email gateway back to the service. Once you complete the registration wizard, the details you entered are verified. When the security check is complete, you will receive a welcome message detailing your customer-specific DNS records and instructions for routing email.
     
    Because Forcepoint Email Security Cloud is a hosted service, Forcepoint is responsible for managing system capacity. For this reason, we may occasionally choose to alter the route of your email within our service. To enable us to do this seamlessly without requiring you to make further changes, you must allow SMTP connections from all of the IP ranges listed above. To access the Forcepoint Security Portal, ensure that ports 80 and 443 are also permitted for these IP ranges.

    Ports to open:
    • Forcepoint Security Portal: 80 and 443
    • Forcepoint Email Security Cloud: 25
    We strongly recommend that you lock down your firewall to ensure that your mail servers only accept email from Forcepoint IP addresses. If you do not do this, then email can be maliciously routed directly to your mail servers, bypassing Forcepoint Email Security Cloud. For more information, see the Restricting connections to your mail servers in the Forcepoint Email Security Cloud Getting Started Guide.

    Article Feedback



    Thank you for the feedback and comments.