KB Article | Forcepoint Support

Cloud service data center IP addresses and port numbers

Article Number: 000007701
Products: Forcepoint Email Security Cloud, Forcepoint Web Security, Forcepoint Web Security Cloud, TRITON AP-EMAIL, TRITON AP-WEB, Web Security Gateway Anywhere
Version: All versions, 8.6, 8.5, 8.4, 8.3, 8.2, 8.1, 8.0, 7.8, 7.7, 7.6, 7.5
Last Published Date: June 16, 2019

Notes & Warnings

Forcepoint is committed to delivering a fast, secure and reliable cloud infrastructure. To accommodate increases in service usage, we may expand resources within existing data centers, balance traffic between data centers, or open new data centers. Forcepoint cloud administrators receive notifications before new data centers and IP address ranges come online.

As we expand our infrastructure, we may change the IP address to which your web requests are routed. This might occur, for example, if we add capacity closer to you. Having your firewall open to all of our IP ranges enables us to add to our infrastructure without affecting your service.

Problem Description

What are the access IP addresses for Forcepoint's cloud services? Which IP addresses and ports need to be open on my firewall to use the Forcepoint cloud web and email service?

Resolution

If you intend to lock down your firewall, or already have your firewall locked down, and intend to use the cloud web or cloud email service, you must allow connections to and from the range of IP addresses for Forcepoint cloud service data centers and local points of presence (also known as vPoPs).

IP address ranges in use by Forcepoint cloud services

CIDR	Range	Subnet	Mask
85.115.32.0/19	85.115.32.0 - 85.115.63.255	85.115.32.0	255.255.224.0
86.111.216.0/23	86.111.216.0 - 86.111.217.255	86.111.216.0	255.255.254.0
116.50.56.0/21	116.50.56.0 - 116.50.63.255	116.50.56.0	255.255.248.0
208.87.232.0/21	208.87.232.0 - 208.87.239.255	208.87.232.0	255.255.248.0
86.111.220.0/22	86.111.220.0 - 86.111.223.255	86.111.220.0	255.255.252.0
103.1.196.0/22	103.1.196.0 - 103.1.199.255	103.1.196.0	255.255.252.0
177.39.96.0/22	177.39.96.0 - 177.39.99.255	177.39.96.0	255.255.252.0
196.216.238.0/23	196.216.238.0 - 196.216.239.255	196.216.238.0	255.255.254.0
192.151.176.0/20	192.151.176.0 - 192.151.191.255	192.151.176.0	255.255.240.0
157.167.0.0/16	157.167.0.0 - 157.167.255.255	157.167.0.0	255.255.0.0

Data center locations and IP addresses

COUNTRY	CITY	DATA CENTER ID	IP SPACE
Australia	Sydney	M	116.50.58.0/24
Brazil	Sao Paulo	P	177.39.96.0/24*
Canada	Toronto	YYZA	192.151.178.0/24*
China	Hong Kong	K	116.50.57.0/24
France	Paris	D	85.115.60.0/24 85.115.60.{201-206}*
Germany	Frankfurt	B	85.115.56.0/24 85.115.56.{201-206}*
Germany	Dusseldorf	E	85.115.58.0/24
Italy	Milan	MILA	85.115.39.0/24*
India	Mumbai	C	116.50.59.0/24
Japan	Tokyo	T	116.50.61.0/24*
Netherlands	Amsterdam	X	85.115.33.0/24*
Poland	Warsaw	WAWA	85.115.35.0/24*
Singapore	Singapore	R	116.50.60.0/24*
South Africa	Johannesburg	S	196.216.238.0/24 196.216.238.{201-206}*
Sweden	Stockholm	U	85.115.37.0/24*
Switzerland	Geneva	F	85.115.62.0/24
Turkey	Istanbul	I	85.115.32.0/24*
UK	London (Heathrow)	A	85.115.52.0/24 85.115.52.{201-206}*
UK	London (Docklands)	LONB	85.115.53.0/24* 85.115.53.{201-206}*
UK	Slough	J	85.115.54.0/24 85.115.54.{201-206}*
United Arab Emirates	Dubai	DXBA	85.115.46.0/24*
USA	San Jose, CA	G	208.87.233.0/24 208.87.233.{201-206}*
USA	Ashburn, VA	H	208.87.234.0/24 208.87.234.{201-206}*
USA	Los Angeles, CA	LAXA	208.87.235.0/24*
USA	Chicago, IL	N	208.87.237.0/24* 208.87.237.{201-206}*
USA	New York, NY	NYCA	208.87.236.0/24*
USA	Dallas, TX	O	208.87.239.0/24*
USA	Miami, FL	Q	208.87.238.0/24*

* - IP address range applies to cloud web products only.

Local point of presence (local PoP) locations and IP addresses

Forcepoint provides local access for Web Security Cloud via the following locations. For more information, see the article Improved content localization with local point of presence (aka vPoP) IP addresses.

Country	City	Local PoP ID	IP space	Location for traffic processing
Albania	Tirana	TIAA	157.167.58.0/24	Dusseldorf (E)
Argentina	Buenos Aires	BUEA	177.39.97.0/24	Sao Paolo (P)
Armenia	Yerevan	EVNA	157.167.75.0/24	Dusseldorf (E)
Austria	Vienna	VIEA	157.167.59.0/24	Dusseldorf (E)
Azerbaijan	Baku	GYDA	157.167.76.0/24	Dusseldorf (E)
Bahrain	Manama	BAHA	157.167.78.0/24	Mumbai (C)
Bangladesh	Dhaka	BZLA	157.167.79.0/24	Mumbai (C)
Belarus	Minsk	MSQA	157.167.48.0/24	Frankfurt (B)
Belgium	Brussels	BRUA	85.115.61.0/24	Amsterdam (X)
Belize	Belmopan	BCVA	157.167.10.0/24	Miami (Q)
Bhutan	Thimphu	PBHA	157.167.80.0/24	Mumbai (C)
Bolivia	La Paz	LPBA	157.167.17.0/24	Sao Paolo (P)
Bosnia and Herzegovina	Sarajevo	SJJA	157.167.60.0/24	Dusseldorf (E)
Brunei	Bandar Seri Begawan	BWNA	157.167.27.0/24	Singapore (R)
Bulgaria	Sofia	SOFA	157.167.61.0/24	Dusseldorf (E)
Cambodia	Phnomh Penh	PNHA	157.167.28.0/24	Singapore (R)
Canada	Ottawa	YYZB	157.167.57.0/24	San Jose (G)
Chile	Santiago	SCLA	157.167.18.0/24	Sao Paolo (P)
Colombia	Bogota	BOGA	192.151.179.0/24	Miami (Q)
Costa Rica	San Jose	SJOA	157.167.11.0/24	Miami (Q)
Croatia	Zagreb	ZAGA	157.167.62.0/24	Dusseldorf (E)
Cyprus	Nicosia	NICA	157.167.63.0/24	Dusseldorf (E)
Czech Republic	Prague	PRGA	157.167.64.0/24	Dusseldorf (E)
Denmark	Copenhagen	CPHA	157.167.45.0/24	Dusseldorf (E)
Ecuador	Quito	UIOA	157.167.12.0/24	Miami (Q)
El Salvador	San Salvador	SALA	157.167.13.0/24	Miami (Q)
Egypt	Cairo	CAIA	157.167.81.0/24	Paris (D)
Estonia	Tallinn	TLLA	157.167.49.0/24	Frankfurt (B)
Fiji	Suva	SUVA	157.167.41.0/24	Sydney (M)
Finland	Helsinki	HELA	85.115.63.0/24	Stockholm (U)
French Guiana	Cayenne	CAYA	157.167.19.0/24	Miami (Q)
French Polynesia	Papeete	PPTA	157.167.42.0/24	Sydney (M)
Georgia	Tbilisi	TBSA	157.167.82.0/24	Amsterdam (X)
Gibraltar	Gibraltar	GIBA	157.167.53.0/24	Heathrow (A)
Greece	Athens	ATHA	157.167.65.0/24	Dusseldorf (E)
Guatamala	Guatamala City	GUAA	157.167.14.0/24	Miami (Q)
Guyana	Georgetown	GEOA	157.167.20.0/24	Miami (Q)
Honduras	Tegucigalpa	TGUA	157.167.15.0/24	Miami (Q)
Hungary	Budapest	BUDA	157.167.66.0/24	Dusseldorf (E)
Iceland	Reykjavic	KEFA	157.167.43.0/24	Amsterdam (X)
Indonesia	Jakarta	CGKA	157.167.34.0/24	Singapore (R)
Iraq	Baghdad	BGWA	157.167.83.0/24	Frankfurt (B)
Ireland	Dublin	DUBA	157.167.54.0/24	Heathrow (A)
Israel	Jerusalem	JRSA	85.115.47.0/24	Slough (J)
Italy	Rome	ITAA	157.167.67.0/24	Frankfurt (B)
Jersey	Saint Helier	JERA	157.167.55.0/24	Heathrow (A)
Jordan	Amman	AMMA	157.167.84.0/24	Frankfurt (B)
Kazakhstan	Nur-Sultan	ALAA	157.167.85.0/24	Frankfurt (B)
Kuwait	Kuwait City	KWIA	157.167.86.0/24	Frankfurt (B)
Laos	Vientiane	VTEA	157.167.32.0/24	Singapore (R)
Latvia	Riga	RIXA	157.167.50.0/24	Frankfurt (B)
Lebanon	Beirut	LEBA	157.167.87.0/24	Frankfurt (B)
Lithuania	Vilnius	VNOA	157.167.44.0/24	Amsterdam (X)
Macau	Macau	MFMA	157.167.36.0/24	Hong Kong (K)
Macedonia	Skopje	SKPA	157.167.68.0/24	Frankfurt (B)
Malaysia	Kuala Lumpur	KLIA	157.167.33.0/24	Singapore (R)
Maldives	Male	MLEA	157.167.88.0/24	Singapore (R)
Mexico	Mexico City	MEXA	192.151.180.0/24	Dallas (O)
Moldova	Chisinau	KIVA	157.167.69.0/24	Frankfurt (B)
Mongolia	Ulaanbaatar	ULNA	157.167.37.0/24	Hong Kong (K)
Montenegro	Podgorica	TGDA	157.167.70.0/24	Frankfurt (B)
Myanmar	Naypyidaw	NYTA	157.167.35.0/24	Singapore (R)
Nepal	Kathmandu	KTMA	157.167.89.0/24	Singapore (R)
New Zealand	Wellington	WLGA	116.50.62.0/24	Sydney (M)
Nicaragua	Managua	MGAA	192.151.181.0/24	Miami (Q)
Norway	Oslo	OSLA	85.115.45.0/24	Amsterdam (X)
Oman	Muscat	MCTA	157.167.90.0/24	Mumbai (C)
Pakistan	Islamabad	ISBA	157.167.91.0/24	Frankfurt (B)
Panama	Panama City	PTYA	157.167.16.0/24	Miami (Q)
Papua New Guinea	Port Moresby	POMA	157.167.40.0/24	Sydney (M)
Paraguay	Asuncion	ASUA	157.167.21.0/24	Sao Paolo (P)
Peru	Lima	LIMA	157.167.22.0/24	Sao Paolo (P)
Philippines	Manila	MNLA	157.167.39.0/24	Hong Kong (K)
Poland	Warsaw	WAWB	157.167.46.0/24	Dusseldorf (E)
Portugal	Lisbon	LISA	157.167.56.0/24	Paris (D)
Qatar	Doha	DOHA	157.167.92.0/24	Mumbai (C)
Romania	Bucharest	ARWA	157.167.71.0/24	Frankfurt (B)
Russia	Moscow	MOWA	157.167.51.0/24	Frankfurt (B)
Saudi Arabia	Riyadh	RUHA	157.167.93.0/24	Paris (D)
Serbia	Belgrade	BEGA	157.167.72.0/24	Frankfurt (B)
Slovakia	Bratislava	BTSA	157.167.73.0/24	Frankfurt (B)
Slovenia	Lubljana	LJUA	157.167.74.0/24	Frankfurt (B)
South Korea	Seoul	ICNA	157.167.26.0/24	Tokyo (T)
Spain	Madrid	MADA	85.115.44.0/24	Paris (D)
Sri Lanka	Sri Jayawardenepura Kotte	CMBA	157.167.94.0/24	Mumbai (C)
Suriname	Paramaribo	PBMA	157.167.23.0/24	Miami (Q)
Sweden	Stockholm	ARNA	157.167.47.0/24	Dusseldorf (E)
Taiwan	Taipei	TPEA	157.167.38.0/24	Hong Kong (K)
Thailand	Bangkok	BKKA	157.167.29.0/24	Singapore (R)
Timor-Leste	Dili	DILA	157.167.30.0/24	Singapore (R)
Ukraine	Kiev	IEVA	157.167.52.0/24	Frankfurt (B)
Uruguay	Montevideo	MVDA	157.167.24.0/24	Sao Paolo (P)
Venezuela	Caracas	CCSA	157.167.25.0/24	Sao Paolo (P)
Vietnam	Hanoi	HANA	157.167.31.0/24	Singapore (R)
Yemen	Sana'a	SAHA	157.167.77.0/24	Paris (D)

Notes:

Forcepoint cloud services use multiple IP addresses within the IP spaces listed above, based on product. For example, .150 and .211-.216 are for the hybrid service, .180 and .201-.206 are for the cloud service, and .190 is for email and hybrid web reporting.
The following points of presence support web and email:
- A | B | C | D | E | F | G | H | J | K | M | S

All other points of presence support web only.

Forcepoint Web Security Cloud

Forcepoint Web Security Cloud serves end-user web requests from the closest data center location between you and the service. Be sure to allow traffic through your firewall, to and from Forcepoint's IP ranges, on all ports listed below.

Ports to open:

Forcepoint Security Portal: 80 and 443
Forcepoint Web Security Cloud:
- 8082 and 8081 if you are retrieving the PAC file and routing web traffic through the standard cloud web ports. (If you are using port 80 for the PAC file, you do not need to open these ports.)
- 8087 if you are retrieving the PAC file via HTTPS. Port 8081 must also be opened for browsing. (If you are using port 443 for the HTTPS PAC file, you do not need to open these ports.)
- 8006 if you are using single sign-on integration.
- 8089 if you are using secure form authentication.

Note that further ports may be required in the future as new features are added to the service.

Forcepoint Email Security Cloud

Forcepoint Email Security Cloud uses customer-specific DNS records to route email from the cloud service to your email gateway, and from your email gateway back to the service. Once you complete the registration wizard, the details you entered are verified. When the security check is complete, you will receive a welcome message detailing your customer-specific DNS records and instructions for routing email.

Because Forcepoint Email Security Cloud is a hosted service, Forcepoint is responsible for managing system capacity. For this reason, we may occasionally choose to alter the route of your email within our service. To enable us to do this seamlessly without requiring you to make further changes, you must allow SMTP connections from all of the IP ranges listed above. To access the Forcepoint Security Portal, ensure that ports 80 and 443 are also permitted for these IP ranges.

Ports to open:

Forcepoint Security Portal: 80 and 443
Forcepoint Email Security Cloud: 25

We strongly recommend that you lock down your firewall to ensure that your mail servers only accept email from Forcepoint IP addresses. If you do not do this, then email can be maliciously routed directly to your mail servers, bypassing Forcepoint Email Security Cloud. For more information, see the Restricting connections to your mail servers in the Forcepoint Email Security Cloud Getting Started Guide.

Article Feedback

Is the article related to the topic you are looking for?
Yes No

Did the information in this article answer your question or resolve your issue?
Yes No

Comments

Thank you for the feedback and comments.

Tools & Links

Featured Articles Home Upgrade Centers Support Videos

Want 24/7 Tech Support?

Learn more