Forcepoint is committed to delivering a fast, secure and reliable cloud infrastructure. To accommodate increases in service usage, we may expand resources within existing data centers, balance traffic between data centers, or open new data centers. Forcepoint cloud administrators receive notifications before new data centers and IP address ranges come online.

As we expand our infrastructure, we may change the IP address to which your web requests are routed. This might occur, for example, if we add capacity closer to you. Having your firewall open to all of our IP ranges enables us to add to our infrastructure without affecting your service.

What are the access IP addresses for Forcepoint's cloud services? Which IP addresses and ports need to be open on my firewall to use the Forcepoint cloud web and email service?

If you intend to lock down your firewall, or already have your firewall locked down, and intend to use the cloud web or cloud email service, you must allow connections to and from the range of IP addresses for Forcepoint cloud service data centers and local points of presence (also known as vPoPs).
 

IP address ranges in use by Forcepoint cloud services

 

CIDR	Range	Subnet	Mask
85.115.32.0/19	85.115.32.0 - 85.115.63.255	85.115.32.0	255.255.224.0
86.111.216.0/23	86.111.216.0 - 86.111.217.255	86.111.216.0	255.255.254.0
116.50.56.0/21	116.50.56.0 - 116.50.63.255	116.50.56.0	255.255.248.0
208.87.232.0/21	208.87.232.0 - 208.87.239.255	208.87.232.0	255.255.248.0
86.111.220.0/22	86.111.220.0 - 86.111.223.255	86.111.220.0	255.255.252.0
103.1.196.0/22	103.1.196.0 - 103.1.199.255	103.1.196.0	255.255.252.0
177.39.96.0/22	177.39.96.0 - 177.39.99.255	177.39.96.0	255.255.252.0
196.216.238.0/23	196.216.238.0 - 196.216.239.255	196.216.238.0	255.255.254.0
192.151.176.0/20	192.151.176.0 - 192.151.191.255	192.151.176.0	255.255.240.0
157.167.0.0/16	157.167.0.0 - 157.167.255.255	157.167.0.0	255.255.0.0

 

Data center locations and IP addresses

 

COUNTRY	CITY	DATA CENTER ID	IP SPACE
Australia	Sydney	M	116.50.58.0/24
Brazil	Sao Paulo	P	177.39.96.0/24*
Canada	Toronto	YYZA	192.151.178.0/24*
China	Hong Kong	K	116.50.57.0/24
France	Paris	D	85.115.60.0/24 85.115.60.{201-206}*
Germany	Frankfurt	B	85.115.56.0/24 85.115.56.{201-206}*
Germany	Dusseldorf	E	85.115.58.0/24
Italy	Milan	MILA	85.115.39.0/24*
India	Mumbai	C	116.50.59.0/24
Japan	Tokyo	T	116.50.61.0/24*
Netherlands	Amsterdam	X	85.115.33.0/24*
Poland	Warsaw	WAWA	85.115.35.0/24*
Singapore	Singapore	R	116.50.60.0/24*
South Africa	Johannesburg	S	196.216.238.0/24 196.216.238.{201-206}*
Sweden	Stockholm	U	85.115.37.0/24*
Switzerland	Geneva	F	85.115.62.0/24
UK	London (Heathrow)	A	85.115.52.0/24 85.115.52.{201-206}*
UK	London (Docklands)	LONB	85.115.53.0/24* 85.115.53.{201-206}*
UK	Slough	J	85.115.54.0/24 85.115.54.{201-206}*
United Arab Emirates	Dubai	DXBA	85.115.46.0/24*
USA	San Jose, CA	G	208.87.233.0/24 208.87.233.{201-206}*
USA	Ashburn, VA	H	208.87.234.0/24 208.87.234.{201-206}*
USA	Los Angeles, CA	LAXA	208.87.235.0/24*
USA	Chicago, IL	N	208.87.237.0/24* 208.87.237.{201-206}*
USA	New York, NY	NYCA	208.87.236.0/24*
USA	Dallas, TX	O	208.87.239.0/24*
USA	Miami, FL	Q	208.87.238.0/24*

* - IP address range applies to cloud web products only.

Local point of presence (local PoP) locations and IP addresses

Forcepoint provides local access for Web Security Cloud via the following locations. For more information, see the article Improved content localization with local point of presence (aka vPoP) IP addresses.

Country	City	Local PoP ID	IP space	Location for traffic processing
Albania	Tirana	TIAA	157.167.58.0/24	Dusseldorf (E)
Algeria	Algiers	ALGA	157.167.97.0/24	Paris (D)
Andorra	Andorra la Vella	LEUA	157.167.111.0/24	Paris(D)
Angola	Luanda	LADA	157.167.98.0/24	Johannesburg (S)
Anguilla	The Valley	AXAA	157.167.112.0/24	Miami (Q)
Argentina	Buenos Aires	BUEA	177.39.97.0/24	Sao Paolo (P)
Armenia	Yerevan	EVNA	157.167.75.0/24	Dusseldorf (E)
Aruba	Oranjestad	AUAA	157.167.113.0/24	Miami (Q)
Austria	Vienna	VIEA	157.167.59.0/24	Dusseldorf (E)
Azerbaijan	Baku	GYDA	157.167.76.0/24	Dusseldorf (E)
Bahamas	Nassau	NASA	157.167.114.0/24	Miami (Q)
Bahrain	Manama	BAHA	157.167.78.0/24	Mumbai (C)
Bangladesh	Dhaka	BZLA	157.167.79.0/24	Mumbai (C)
Barbados	Bridgetown	BGIA	157.167.115.0/24	Miami (Q)
Belarus	Minsk	MSQA	157.167.48.0/24	Frankfurt (B)
Belgium	Brussels	BRUA	85.115.61.0/24	Amsterdam (X)
Belize	Belmopan	BCVA	157.167.10.0/24	Miami (Q)
Bermuda	Hamilton	BDAA	157.167.116.0/24	New York (NYCA)
Bhutan	Thimphu	PBHA	157.167.80.0/24	Mumbai (C)
Bolivia	La Paz	LPBA	157.167.17.0/24	Sao Paolo (P)
Bosnia and Herzegovina	Sarajevo	SJJA	157.167.60.0/24	Dusseldorf (E)
British Virgin Islands	Road Town	EISA	157.167.117.0/24	Miami (Q)
Brunei	Bandar Seri Begawan	BWNA	157.167.27.0/24	Singapore (R)
Bulgaria	Sofia	SOFA	157.167.61.0/24	Dusseldorf (E)
Cambodia	Phnomh Penh	PNHA	157.167.28.0/24	Singapore (R)
Canada	Ottawa	YYZB	157.167.57.0/24	San Jose (G)
Cayman Islands	George Town	GCMA	157.167.118.0/24	Miami (Q)
Chile	Santiago	SCLA	157.167.18.0/24	Sao Paolo (P)
Colombia	Bogota	BOGA	192.151.179.0/24	Miami (Q)
Costa Rica	San Jose	SJOA	157.167.11.0/24	Miami (Q)
Croatia	Zagreb	ZAGA	157.167.62.0/24	Dusseldorf (E)
Curacao	Willemstad	CURA	157.167.119.0/24	Miami (Q)
Cyprus	Nicosia	NICA	157.167.63.0/24	Dusseldorf (E)
Czech Republic	Prague	PRGA	157.167.64.0/24	Dusseldorf (E)
Denmark	Copenhagen	CPHA	157.167.45.0/24	Dusseldorf (E)
Dominican Republic	Santo Domingo	SDQA	157.167.120.0/24	Miami (Q)
Ecuador	Quito	UIOA	157.167.12.0/24	Miami (Q)
Egypt	Cairo	CAIA	157.167.81.0/24	Paris (D)
El Salvador	San Salvador	SALA	157.167.13.0/24	Miami (Q)
Estonia	Tallinn	TLLA	157.167.49.0/24	Frankfurt (B)
Ethiopia	Addis Ababa	ADDA	157.167.99.0/24	Heathrow (A)
Fiji	Suva	SUVA	157.167.41.0/24	Sydney (M)
Finland	Helsinki	HELA	85.115.63.0/24	Stockholm (U)
French Guiana	Cayenne	CAYA	157.167.19.0/24	Miami (Q)
French Polynesia	Papeete	PPTA	157.167.42.0/24	Sydney (M)
Georgia	Tbilisi	TBSA	157.167.82.0/24	Amsterdam (X)
Ghana	Accra	ACCA	157.167.100.0/24	Heathrow (A)
Gibraltar	Gibraltar	GIBA	157.167.53.0/24	Heathrow (A)
Greece	Athens	ATHA	157.167.65.0/24	Dusseldorf (E)
Greenland	Nuuk	GOHA	157.167.127.0/24	New York (NYCA)
Guatamala	Guatamala City	GUAA	157.167.14.0/24	Miami (Q)
Guyana	Georgetown	GEOA	157.167.20.0/24	Miami (Q)
Haiti	Port-au-Prince	PAPA	157.167.121.0/24	Miami (Q)
Honduras	Tegucigalpa	TGUA	157.167.15.0/24	Miami (Q)
Hungary	Budapest	BUDA	157.167.66.0/24	Dusseldorf (E)
Iceland	Reykjavic	KEFA	157.167.43.0/24	Amsterdam (X)
Indonesia	Jakarta	CGKA	157.167.34.0/24	Singapore (R)
Iraq	Baghdad	BGWA	157.167.83.0/24	Frankfurt (B)
Ireland	Dublin	DUBA	157.167.54.0/24	Heathrow (A)
Israel	Jerusalem	JRSA	85.115.47.0/24	Slough (J)
Italy	Rome	ITAA	157.167.67.0/24	Frankfurt (B)
Ivory Coast	Yamoussoukro	ASKA	157.167.101.0/24	Paris (D)
Jamaica	Kingston	KINA	157.167.122.0/24	Miami (Q)
Jersey	Saint Helier	JERA	157.167.55.0/24	Heathrow (A)
Jordan	Amman	AMMA	157.167.84.0/24	Frankfurt (B)
Kazakhstan	Nur-Sultan	ALAA	157.167.85.0/24	Frankfurt (B)
Kenya	Nairobi	WILA	157.167.102.0/24	Johannesburg (S)
Kuwait	Kuwait City	KWIA	157.167.86.0/24	Frankfurt (B)
Laos	Vientiane	VTEA	157.167.32.0/24	Singapore (R)
Latvia	Riga	RIXA	157.167.50.0/24	Frankfurt (B)
Lebanon	Beirut	LEBA	157.167.87.0/24	Frankfurt (B)
Liberia	Monrovia	LIRA	157.167.103.0/24	Paris (D)
Lithuania	Vilnius	VNOA	157.167.44.0/24	Amsterdam (X)
Luxembourg	Luxembourg City	LUXA	157.167.95.0/24	Frankfurt (B)
Macau	Macau	MFMA	157.167.36.0/24	Hong Kong (K)
Macedonia	Skopje	SKPA	157.167.68.0/24	Frankfurt (B)
Malaysia	Kuala Lumpur	KLIA	157.167.33.0/24	Singapore (R)
Maldives	Male	MLEA	157.167.88.0/24	Singapore (R)
Malta	Valetta	MLAA	157.167.104.0/24	Frankfurt (B)
Mauritius	Port Louis	MRUA	157.167.105.0/24	Johannesburg (S)
Mexico	Mexico City	MEXA	192.151.180.0/24	Dallas (O)
Moldova	Chisinau	KIVA	157.167.69.0/24	Frankfurt (B)
Monaco	Monte Carlo	MCMA	157.167.106.0/24	Frankfurt (B)
Mongolia	Ulaanbaatar	ULNA	157.167.37.0/24	Hong Kong (K)
Montenegro	Podgorica	TGDA	157.167.70.0/24	Frankfurt (B)
Morocco	Rabat	RBAA	157.167.107.0/24	Paris (D)
Myanmar	Naypyidaw	NYTA	157.167.35.0/24	Singapore (R)
Nepal	Kathmandu	KTMA	157.167.89.0/24	Singapore (R)
New Zealand	Wellington	WLGA	116.50.62.0/24	Sydney (M)
Nicaragua	Managua	MGAA	192.151.181.0/24	Miami (Q)
Nigeria	Abuja	ABVA	157.167.108.0/24	Heathrow (A)
Norway	Oslo	OSLA	85.115.45.0/24	Amsterdam (X)
Oman	Muscat	MCTA	157.167.90.0/24	Mumbai (C)
Pakistan	Islamabad	ISBA	157.167.91.0/24	Frankfurt (B)
Panama	Panama City	PTYA	157.167.16.0/24	Miami (Q)
Papua New Guinea	Port Moresby	POMA	157.167.40.0/24	Sydney (M)
Paraguay	Asuncion	ASUA	157.167.21.0/24	Sao Paolo (P)
Peru	Lima	LIMA	157.167.22.0/24	Sao Paolo (P)
Philippines	Manila	MNLA	157.167.39.0/24	Hong Kong (K)
Poland	Warsaw	WAWB	157.167.46.0/24	Dusseldorf (E)
Portugal	Lisbon	LISA	157.167.56.0/24	Paris (D)
Puerto Rico	San Juan	SJUA	157.167.123.0/24	Miami (Q)
Qatar	Doha	DOHA	157.167.92.0/24	Mumbai (C)
Romania	Bucharest	ARWA	157.167.71.0/24	Frankfurt (B)
Russia	Moscow	MOWA	157.167.51.0/24	Frankfurt (B)
Saint Kitts and Nevis	Basseterre	SKBA	157.167.124.0/24	Miami (Q)
San Marino	San Marino	RMIA	157.167.109.0/24	Frankfurt (B)
Saudi Arabia	Riyadh	RUHA	157.167.93.0/24	Paris (D)
Serbia	Belgrade	BEGA	157.167.72.0/24	Frankfurt (B)
Slovakia	Bratislava	BTSA	157.167.73.0/24	Frankfurt (B)
Slovenia	Lubljana	LJUA	157.167.74.0/24	Frankfurt (B)
South Korea	Seoul	ICNA	157.167.26.0/24	Tokyo (T)
Spain	Madrid	MADA	85.115.44.0/24	Paris (D)
Sri Lanka	Sri Jayawardenepura Kotte	CMBA	157.167.94.0/24	Mumbai (C)
Suriname	Paramaribo	PBMA	157.167.23.0/24	Miami (Q)
Sweden	Stockholm	ARNA	157.167.47.0/24	Dusseldorf (E)
Switzerland	Bern	BRNA	157.167.96.0/24	Frankfurt (B)
Taiwan	Taipei	TPEA	157.167.38.0/24	Hong Kong (K)
Thailand	Bangkok	BKKA	157.167.29.0/24	Singapore (R)
Timor-Leste	Dili	DILA	157.167.30.0/24	Singapore (R)
Trinidad and Tobago	Port of Spain	POSA	157.167.125.0/24	Miami (Q)
Tunisia	Tunis	TUNA	157.167.110.0/24	Frankfurt (B)
Turkey	Ankara	ESBA	157.167.128.0/24	Heathrow (A)
Ukraine	Kiev	IEVA	157.167.52.0/24	Frankfurt (B)
Uruguay	Montevideo	MVDA	157.167.24.0/24	Sao Paolo (P)
US Virgin Islands	Charlotte Amalie	STTA	157.167.126.0/24	Miami (Q)
Venezuela	Caracas	CCSA	157.167.25.0/24	Sao Paolo (P)
Vietnam	Hanoi	HANA	157.167.31.0/24	Singapore (R)
Yemen	Sana'a	SAHA	157.167.77.0/24	Paris (D)

 

Notes:

• Forcepoint cloud services use multiple IP addresses within the IP spaces listed above, based on product. For example, .150 and .211-.216 are used for the hybrid service, .180 and .201-.206 are used for the cloud service, and .190 is for email and hybrid web reporting. These examples are not exclusive; any IP address within the specified IP range can be used.
• The following points of presence support web and email:
  • A | B | C | D | E | F | G | H | J | K | M | S

• For localized web results using EasyConnect services, configure Forcepoint NGFW to point the connection to the .180 address of the local point of presence (local PoP) address range for your chosen country.

Forcepoint Web Security Cloud

Forcepoint Web Security Cloud serves end-user web requests from the closest data center location between you and the service. Be sure to allow traffic through your firewall, to and from Forcepoint's IP ranges, on all ports listed below.

Ports to open:

• Forcepoint Security Portal: 80 and 443
• Forcepoint Web Security Cloud:
  • 8082 and 8081 if you are retrieving the PAC file and routing web traffic through the standard cloud web ports. (If you are using port 80 for the PAC file, you do not need to open these ports.)
  • 8087 if you are retrieving the PAC file via HTTPS. Port 8081 must also be opened for browsing. (If you are using port 443 for the HTTPS PAC file, you do not need to open these ports.)
  • 8006 if you are using single sign-on integration.
  • 8089 if you are using secure form authentication.

Note that further ports may be required in the future as new features are added to the service.

IPsec and GRE connectivity 

For a list of IP addresses for use with the IPsec Advanced and GRE services, see IP addresses for IPsec Advanced and GRE connectivity.
 

Forcepoint Email Security Cloud

Forcepoint Email Security Cloud uses customer-specific DNS records to route email from the cloud service to your email gateway, and from your email gateway back to the service. Once you complete the registration wizard, the details you entered are verified. When the security check is complete, you will receive a welcome message detailing your customer-specific DNS records and instructions for routing email.
 
Because Forcepoint Email Security Cloud is a hosted service, Forcepoint is responsible for managing system capacity. For this reason, we may occasionally choose to alter the route of your email within our service. To enable us to do this seamlessly without requiring you to make further changes, you must allow SMTP connections from all of the IP ranges listed above. To access the Forcepoint Security Portal, ensure that ports 80 and 443 are also permitted for these IP ranges.

Ports to open:

• Forcepoint Security Portal: 80 and 443
• Forcepoint Email Security Cloud: 25

We strongly recommend that you lock down your firewall to ensure that your mail servers only accept email from Forcepoint IP addresses. If you do not do this, then email can be maliciously routed directly to your mail servers, bypassing Forcepoint Email Security Cloud. For more information, see the Restricting connections to your mail servers in the Forcepoint Email Security Cloud Getting Started Guide.
 

Maintenance procedures

On occasion, Forcepoint carries out routine maintenance on its data center infrastructure. In order to minimize disruption, work is scheduled out of hours for the affected location wherever possible, and all services are failed over to alternative data centers where necessary. For information about procedures for maintenance to our network infrastructure, including information about how to test your redundancy and failover processes, see the knowledge article Cloud and hybrid extended maintenance procedures.