KB Article | Forcepoint Support

Notes & Warnings

Forcepoint is committed to delivering a fast, secure and reliable cloud infrastructure. To accommodate increases in service usage, we may expand resources within existing data centers, balance traffic between data centers, or open new data centers. Forcepoint cloud administrators receive notifications before new data centers and IP address ranges come online.

As we expand our infrastructure, we may change the IP address to which your web requests are routed. This might occur, for example, if we add capacity closer to you. Having your firewall open to all of our IP ranges enables us to add to our infrastructure without affecting your service.

Problem Description

What are the access IP addresses for Forcepoint's cloud services? Which IP addresses and ports need to be open on my firewall to use the Forcepoint cloud web and email service?

Resolution

If you intend to lock down your firewall, or already have your firewall locked down, and intend to use the cloud web or cloud email service, you must allow connections to and from the range of IP addresses for Forcepoint cloud service data centers and local points of presence (also known as vPoPs).
 

IP address ranges in use by Forcepoint cloud services

 
CIDRRangeSubnetMask
85.115.32.0/1985.115.32.0 - 85.115.63.25585.115.32.0255.255.224.0
86.111.216.0/2386.111.216.0 - 86.111.217.25586.111.216.0255.255.254.0
116.50.56.0/21116.50.56.0 - 116.50.63.255116.50.56.0255.255.248.0
208.87.232.0/21208.87.232.0 - 208.87.239.255208.87.232.0255.255.248.0
86.111.220.0/2286.111.220.0 - 86.111.223.25586.111.220.0255.255.252.0
103.1.196.0/22103.1.196.0 - 103.1.199.255103.1.196.0255.255.252.0
177.39.96.0/22177.39.96.0 - 177.39.99.255177.39.96.0255.255.252.0
196.216.238.0/23196.216.238.0 - 196.216.239.255196.216.238.0255.255.254.0
192.151.176.0/20192.151.176.0 - 192.151.191.255192.151.176.0255.255.240.0
157.167.0.0/16157.167.0.0 - 157.167.255.255157.167.0.0255.255.0.0
 

Data center locations and IP addresses

 
COUNTRYCITYDATA CENTER IDIP SPACE
AustraliaSydneyM116.50.58.0/24
BrazilSao PauloP177.39.96.0/24*
CanadaTorontoYYZA192.151.178.0/24*
ChinaHong KongK116.50.57.0/24
FranceParisD85.115.60.0/24
85.115.60.{201-206}*
GermanyFrankfurtB85.115.56.0/24
85.115.56.{201-206}*
GermanyDusseldorfE85.115.58.0/24
ItalyMilanMILA85.115.39.0/24*
IndiaMumbaiC116.50.59.0/24
JapanTokyoT116.50.61.0/24*
NetherlandsAmsterdamX85.115.33.0/24*
PolandWarsawWAWA85.115.35.0/24*
SingaporeSingaporeR116.50.60.0/24*
South AfricaJohannesburgS196.216.238.0/24
196.216.238.{201-206}*
SwedenStockholmU85.115.37.0/24*
SwitzerlandGenevaF85.115.62.0/24
TurkeyIstanbulI85.115.32.0/24*
UKLondon (Heathrow)A85.115.52.0/24
85.115.52.{201-206}*
UKLondon (Docklands)LONB85.115.53.0/24*
85.115.53.{201-206}*
UKSloughJ85.115.54.0/24
85.115.54.{201-206}*
United Arab EmiratesDubaiDXBA85.115.46.0/24*
USASan Jose, CAG208.87.233.0/24
208.87.233.{201-206}*
USAAshburn, VAH208.87.234.0/24
208.87.234.{201-206}*
USALos Angeles, CALAXA208.87.235.0/24*
USAChicago, ILN208.87.237.0/24*
208.87.237.{201-206}*
USANew York, NYNYCA208.87.236.0/24*
USADallas, TXO208.87.239.0/24*
USAMiami, FLQ208.87.238.0/24*
* - IP address range applies to cloud web products only.


Local point of presence (local PoP) locations and IP addresses

Forcepoint provides local access for Web Security Cloud via the following locations. For more information, see the article Improved content localization with local point of presence (aka vPoP) IP addresses.

CountryCityLocal PoP IDIP spaceLocation for traffic processing
AlbaniaTiranaTIAA157.167.58.0/24Dusseldorf (E)
ArgentinaBuenos AiresBUEA177.39.97.0/24Sao Paolo (P)
ArmeniaYerevanEVNA157.167.75.0/24Dusseldorf (E)
AustriaViennaVIEA157.167.59.0/24Dusseldorf (E)
AzerbaijanBakuGYDA157.167.76.0/24Dusseldorf (E)
BahrainManamaBAHA157.167.78.0/24Mumbai (C)
BangladeshDhakaBZLA157.167.79.0/24Mumbai (C)
BelarusMinskMSQA157.167.48.0/24Frankfurt (B)
BelgiumBrusselsBRUA85.115.61.0/24Amsterdam (X)
BelizeBelmopanBCVA157.167.10.0/24Miami (Q)
BhutanThimphuPBHA157.167.80.0/24Mumbai (C)
BoliviaLa PazLPBA157.167.17.0/24Sao Paolo (P)
Bosnia and HerzegovinaSarajevoSJJA157.167.60.0/24Dusseldorf (E)
BruneiBandar Seri BegawanBWNA157.167.27.0/24Singapore (R)
BulgariaSofiaSOFA157.167.61.0/24Dusseldorf (E)
CambodiaPhnomh PenhPNHA157.167.28.0/24Singapore (R)
CanadaOttawaYYZB157.167.57.0/24San Jose (G)
ChileSantiagoSCLA157.167.18.0/24Sao Paolo (P)
ColombiaBogotaBOGA192.151.179.0/24Miami (Q)
Costa RicaSan JoseSJOA157.167.11.0/24Miami (Q)
CroatiaZagrebZAGA157.167.62.0/24Dusseldorf (E)
CyprusNicosiaNICA157.167.63.0/24Dusseldorf (E)
Czech RepublicPraguePRGA157.167.64.0/24Dusseldorf (E)
DenmarkCopenhagenCPHA157.167.45.0/24Dusseldorf (E)
EcuadorQuitoUIOA157.167.12.0/24Miami (Q)
El SalvadorSan SalvadorSALA157.167.13.0/24Miami (Q)
EgyptCairoCAIA157.167.81.0/24Paris (D)
EstoniaTallinnTLLA157.167.49.0/24Frankfurt (B)
FijiSuvaSUVA157.167.41.0/24Sydney (M)
FinlandHelsinkiHELA85.115.63.0/24Stockholm (U)
French GuianaCayenneCAYA157.167.19.0/24Miami (Q)
French PolynesiaPapeetePPTA157.167.42.0/24Sydney (M)
GeorgiaTbilisiTBSA157.167.82.0/24Amsterdam (X)
GibraltarGibraltarGIBA157.167.53.0/24Heathrow (A)
GreeceAthensATHA157.167.65.0/24Dusseldorf (E)
GuatamalaGuatamala CityGUAA157.167.14.0/24Miami (Q)
GuyanaGeorgetownGEOA157.167.20.0/24Miami (Q)
HondurasTegucigalpaTGUA157.167.15.0/24Miami (Q)
HungaryBudapestBUDA157.167.66.0/24Dusseldorf (E)
IcelandReykjavicKEFA157.167.43.0/24Amsterdam (X)
IndonesiaJakartaCGKA157.167.34.0/24Singapore (R)
IraqBaghdadBGWA157.167.83.0/24Frankfurt (B)
IrelandDublinDUBA157.167.54.0/24Heathrow (A)
IsraelJerusalemJRSA85.115.47.0/24Slough (J)
ItalyRomeITAA157.167.67.0/24Frankfurt (B)
JerseySaint HelierJERA157.167.55.0/24Heathrow (A)
JordanAmmanAMMA157.167.84.0/24Frankfurt (B)
KazakhstanNur-SultanALAA157.167.85.0/24Frankfurt (B)
KuwaitKuwait CityKWIA157.167.86.0/24Frankfurt (B)
LaosVientianeVTEA157.167.32.0/24Singapore (R)
LatviaRigaRIXA157.167.50.0/24Frankfurt (B)
LebanonBeirutLEBA157.167.87.0/24Frankfurt (B)
LithuaniaVilniusVNOA157.167.44.0/24Amsterdam (X)
MacauMacauMFMA157.167.36.0/24Hong Kong (K)
MacedoniaSkopjeSKPA157.167.68.0/24Frankfurt (B)
MalaysiaKuala LumpurKLIA157.167.33.0/24Singapore (R)
MaldivesMaleMLEA157.167.88.0/24Singapore (R)
MexicoMexico CityMEXA192.151.180.0/24Dallas (O)
MoldovaChisinauKIVA157.167.69.0/24Frankfurt (B)
MongoliaUlaanbaatarULNA157.167.37.0/24Hong Kong (K)
MontenegroPodgoricaTGDA157.167.70.0/24Frankfurt (B)
MyanmarNaypyidawNYTA157.167.35.0/24Singapore (R)
NepalKathmanduKTMA157.167.89.0/24Singapore (R)
New ZealandWellingtonWLGA116.50.62.0/24Sydney (M)
NicaraguaManaguaMGAA192.151.181.0/24Miami (Q)
NorwayOsloOSLA85.115.45.0/24Amsterdam (X)
OmanMuscatMCTA157.167.90.0/24Mumbai (C)
PakistanIslamabadISBA157.167.91.0/24Frankfurt (B)
PanamaPanama CityPTYA157.167.16.0/24Miami (Q)
Papua New GuineaPort MoresbyPOMA157.167.40.0/24Sydney (M)
ParaguayAsuncionASUA157.167.21.0/24Sao Paolo (P)
PeruLimaLIMA157.167.22.0/24Sao Paolo (P)
PhilippinesManilaMNLA157.167.39.0/24Hong Kong (K)
PolandWarsawWAWB157.167.46.0/24Dusseldorf (E)
PortugalLisbonLISA157.167.56.0/24Paris (D)
QatarDohaDOHA157.167.92.0/24Mumbai (C)
RomaniaBucharestARWA157.167.71.0/24Frankfurt (B)
RussiaMoscowMOWA157.167.51.0/24Frankfurt (B)
Saudi ArabiaRiyadhRUHA157.167.93.0/24Paris (D)
SerbiaBelgradeBEGA157.167.72.0/24Frankfurt (B)
SlovakiaBratislavaBTSA157.167.73.0/24Frankfurt (B)
SloveniaLubljanaLJUA157.167.74.0/24Frankfurt (B)
South KoreaSeoulICNA157.167.26.0/24Tokyo (T)
SpainMadridMADA85.115.44.0/24Paris (D)
Sri LankaSri Jayawardenepura KotteCMBA157.167.94.0/24Mumbai (C)
SurinameParamariboPBMA157.167.23.0/24Miami (Q)
SwedenStockholmARNA157.167.47.0/24Dusseldorf (E)
TaiwanTaipeiTPEA157.167.38.0/24Hong Kong (K)
ThailandBangkokBKKA157.167.29.0/24Singapore (R)
Timor-LesteDiliDILA157.167.30.0/24Singapore (R)
UkraineKievIEVA157.167.52.0/24Frankfurt (B)
UruguayMontevideoMVDA157.167.24.0/24Sao Paolo (P)
VenezuelaCaracasCCSA157.167.25.0/24Sao Paolo (P)
VietnamHanoiHANA157.167.31.0/24Singapore (R)
YemenSana'aSAHA157.167.77.0/24Paris (D)
 

Notes:

  • Forcepoint cloud services use multiple IP addresses within the IP spaces listed above, based on product. For example, .150 and .211-.216 are for the hybrid service, .180 and .201-.206 are for the cloud service, and .190 is for email and hybrid web reporting.
  • The following points of presence support web and email:
    • A | B | C | D | E | F | G | H | J | K | M | S
All other points of presence support web only.


    Forcepoint Web Security Cloud

    Forcepoint Web Security Cloud serves end-user web requests from the closest data center location between you and the service. Be sure to allow traffic through your firewall, to and from Forcepoint's IP ranges, on all ports listed below.

    Ports to open:
    • Forcepoint Security Portal: 80 and 443
    • Forcepoint Web Security Cloud:
      • 8082 and 8081 if you are retrieving the PAC file and routing web traffic through the standard cloud web ports. (If you are using port 80 for the PAC file, you do not need to open these ports.)
      • 8087 if you are retrieving the PAC file via HTTPS. Port 8081 must also be opened for browsing. (If you are using port 443 for the HTTPS PAC file, you do not need to open these ports.)
      • 8006 if you are using single sign-on integration.
      • 8089 if you are using secure form authentication.
    Note that further ports may be required in the future as new features are added to the service.
     

    Forcepoint Email Security Cloud

    Forcepoint Email Security Cloud uses customer-specific DNS records to route email from the cloud service to your email gateway, and from your email gateway back to the service. Once you complete the registration wizard, the details you entered are verified. When the security check is complete, you will receive a welcome message detailing your customer-specific DNS records and instructions for routing email.
     
    Because Forcepoint Email Security Cloud is a hosted service, Forcepoint is responsible for managing system capacity. For this reason, we may occasionally choose to alter the route of your email within our service. To enable us to do this seamlessly without requiring you to make further changes, you must allow SMTP connections from all of the IP ranges listed above. To access the Forcepoint Security Portal, ensure that ports 80 and 443 are also permitted for these IP ranges.

    Ports to open:
    • Forcepoint Security Portal: 80 and 443
    • Forcepoint Email Security Cloud: 25
    We strongly recommend that you lock down your firewall to ensure that your mail servers only accept email from Forcepoint IP addresses. If you do not do this, then email can be maliciously routed directly to your mail servers, bypassing Forcepoint Email Security Cloud. For more information, see the Restricting connections to your mail servers in the Forcepoint Email Security Cloud Getting Started Guide.

    Article Feedback



    Thank you for the feedback and comments.