Connecting to Global Threat Intelligence

Technical Articles ID: KB79640
Last Modified: 2/4/2022

Environment

Advanced Threat Defense
Application and Change Control
Endpoint Security for Linux
Endpoint Security for Mac
Endpoint Security Adaptive Threat Protection
Endpoint Security Firewall
Endpoint Security Web Control
Endpoint Security Storage Protection
Host Intrusion Prevention for Servers
Management for Optimized Virtual Environments (MOVE)
MVISION Endpoint
Network Security Platform
SaaS Endpoint Protection
Stinger
Threat Intelligence Exchange Server
VirusScan Command Line Scanner
VirusScan Enterprise
VirusScan Enterprise for Storage
Web Gateway

Summary

Recent updates to this article

Date	Update
February 4, 2022	Updated the CSV file that contains the Public Cloud IP addresses. Added the following IP addresses to the Public Cloud resource IP addresses table: North America and Latin America: 3.131.204.71, 3.134.205.125, 3.140.0.73, 3.219.146.220, 3.220.93.110, 18.216.207.109, 18.230.12.95, 23.21.241.88, 54.94.2.224, 54.94.79.43, 54.175.229.240, 177.71.207.91 Europe, Middle East, and Africa: 18.203.37.78, 52.31.211.124, 54.77.221.166, 63.34.127.134 Asia Pacific: 13.214.13.203, 13.214.237.14, 18.139.213.184, 18.178.61.230, 35.77.132.118, 52.77.205.29, 54.150.53.120, 54.168.142.24
January 6, 2022	Removed an obsolete list of netblocks.
December 9, 2021	Minor formatting change.
November 10, 2021	Updated the CSV file containing the Public Cloud IP addresses. Added the following IP addresses to the Public Cloud resource IP addresses table: North America and Latin America: 13.56.143.254, 13.57.162.46, 18.144.151.221, 34.218.113.76, 35.82.216.196, 35.85.200.9, 35.164.244.168, 44.226.104.160, 44.228.119.21, 44.231.4.182, 44.236.191.134, 44.239.3.191, 50.18.16.187, 50.112.162.34, 52.8.218.49, 52.9.108.36, 52.33.162.6, 52.38.76.97, 52.52.137.255, 52.52.202.243, 54.69.96.234, 54.149.22.132, 54.176.116.10, 54.176.228.68, 54.177.146.222, 54.191.65.158, 54.215.120.30, 54.219.33.114, 54.241.112.48, 54.241.224.43, 54.245.106.41, 204.236.174.5 Europe, Middle East, and Africa: 3.65.111.235, 3.65.248.69, 3.70.43.39, 3.70.82.67, 3.123.143.192, 3.124.92.48, 3.125.91.105, 3.125.151.188, 18.157.55.87, 18.158.158.247, 18.158.166.145, 18.158.173.34, 18.159.170.86, 18.198.193.152, 35.156.221.217, 35.158.23.1

To receive email notification when this article is updated, click Subscribe on the right side of the page. You must be logged on to subscribe.

This article provides the Global Threat Intelligence (GTI) IP addresses to allow so that your network can query GTI. We recommend the use of a fully qualified domain name (FQDN) that returns a list of active endpoints at the nearest Cloud Point of Presence (PoP). IP addresses can change. To decouple endpoints from these changes, endpoints shouldn’t hardcode IP addresses mentioned in this article. We're providing the list of IP addresses for allow list purposes only.

GTI is hosted as a global cloud service, so hard coding an IP address could result in an outage for one of the following reasons:

That particular IP address is taken out of service for maintenance.
A network outage segments a static path to a given IP address in a given data center.
GTI site host changes.

Access to GTI is configured on port 443 using an FQDN so that a DNS lookup can return the nearest and most accurate IP address records at any given time. This returned result can be any of several IP addresses across the globe. Because the exact IP address isn’t known in advance, firewall administrators must open port 443 outbound globally. The preferred configuration method is to configure access to the GTI servers to use port 443 to the FQDN.

Product FQDNs used with GTI
The FQDN depends on the product. To determine the FQDN, see the product documentation for your installed product.

For product documents, go to the Product Documentation portal.

For a list and description of the ENS URLs used to perform off-box communication, see: KB93324 - Endpoint Security off-box communication URLs.

NOTE: If you resolve any of these URLs/IP addresses, you might see the following as part of the domain name mapping: *.cloudplatform.mcafee.com. This name is an expected alias. The URLs can resolve to multiple and differing IP addresses at different times.

GTI IP addresses
If you have strict outbound traffic security rules in place, allow the GTI traffic using destination host name. But, if allowing the traffic by destination host name isn’t possible due to technical constraints, allow access to all the following Public Cloud resource IP addresses. The IP addresses are subject to change in the future.

Public Cloud resource IP addresses:

North America and Latin America	3.13.101.252	18.229.227.102	50.112.162.34
	3.13.175.152	18.229.230.27	52.8.218.49
	3.13.177.14	18.229.234.209	52.9.108.36
	3.14.168.72	18.229.238.10	52.21.68.3
	3.17.93.252	18.231.55.149	52.22.248.114
	3.17.222.216	34.121.122.140	52.33.162.6
	3.82.88.111	34.125.9.64	52.38.76.97
	3.130.165.110	34.125.111.170	52.52.137.255
	3.130.192.46	34.125.237.12	52.52.202.243
	3.209.49.187	34.125.239.237	52.203.225.140
	3.218.82.178	34.125.252.7	54.69.96.234
	3.220.208.37	34.125.253.122	54.149.22.132
	3.221.83.69	34.135.26.163	54.161.18.217
	13.56.143.254	34.218.113.76	54.176.116.10
	13.57.162.46	35.82.216.196	54.176.228.68
	13.58.126.78	35.85.200.9	54.177.146.222
	18.144.151.221	35.164.244.168	54.191.65.158
	18.204.0.196	35.175.169.147	54.207.36.207
	18.210.181.15	35.184.167.113	54.207.37.84
	18.217.35.31	35.188.45.29	54.215.120.30
	18.221.176.175	35.222.129.205	54.219.33.114
	18.224.177.231	44.226.104.160	54.241.112.48
	18.228.142.252	44.228.119.21	54.241.224.43
	18.228.231.50	44.231.4.182	54.245.106.41
	18.229.205.82	44.236.191.134	104.154.142.144
	18.229.214.120	44.239.3.191	204.236.174.5
	18.229.221.41	50.18.16.187	177.71.207.91
	3.220.93.110	3.134.205.125	54.94.79.43
	23.21.241.88	3.140.0.73	18.230.12.95
	54.175.229.240	18.216.207.109	54.94.2.224
	3.219.146.220	3.131.204.71
Europe, Middle East, and Africa	3.65.111.235	18.198.193.152	35.230.131.105
	3.65.248.69	18.200.102.222	35.234.136.181
	3.70.43.39	18.200.177.198	35.242.146.31
	3.70.82.67	18.202.163.246	35.242.178.161
	3.123.143.192	18.203.176.203	35.246.128.41
	3.124.92.48	34.89.196.137	35.246.132.219
	3.125.91.105	34.142.32.56	35.246.165.178
	3.125.151.188	34.142.48.231	35.246.250.148
	3.248.4.201	34.245.253.161	52.16.112.58
	18.157.55.87	34.249.206.168	52.215.124.82
	18.158.158.247	34.254.121.67	54.72.18.197
	18.158.166.145	35.156.221.217	63.35.83.224
	18.158.173.34	35.158.23.1	63.34.127.134
	18.159.170.86	35.198.127.181	18.203.37.78
	52.31.211.124	54.77.221.166
Asia Pacific	3.1.172.253	13.251.160.226	35.197.154.200
	3.1.208.14	18.136.232.217	35.247.144.219
	3.113.68.241	18.138.54.213	52.69.3.12
	3.113.144.18	18.139.198.177	52.69.126.90
	3.113.179.87	18.139.210.109	52.69.144.176
	3.113.200.66	18.141.7.33	52.74.48.212
	13.112.13.181	34.87.52.131	52.76.69.100
	13.113.20.59	34.87.64.20	52.192.234.170
	13.231.87.245	34.126.101.181	52.194.198.2
	13.251.72.88	34.126.126.157	52.221.56.160
	18.178.61.230	54.150.53.120	54.168.142.24
	35.77.132.118	13.214.13.203	18.139.213.184
	52.77.205.29	13.214.237.14

To download all the Public Cloud IP addresses in CSV format, download GTI_Public_Cloud_IP_Addresses_20211207.zip in the Attachment section of this article.

Related Information

For GTI best practices for minimizing network traffic, see: KB74581 - Global Threat Intelligence File Reputation - best practices for minimizing network traffic.

Attachment

GTI_Public_Cloud_IP_Addresses_20220201.zip
1K • < 1 minute @ broadband

Affected Products

Advanced Threat Defense 4.8.x
Advanced Threat Defense 4.2.x
Advanced Threat Defense 4.12.x
Advanced Threat Defense 4.10.x
Application and Change Control 8.2.x
Application and Change Control 8.0.x
Application and Change Control 7.0.x (EOL)
Application and Change Control 6.5.x
Application and Change Control 6.2.x
Application and Change Control 6.1 (EOL)
Endpoint Security Adaptive Threat Protection
Endpoint Security Firewall 10.7.x
Endpoint Security Firewall 10.6.x
Endpoint Security for Linux Firewall 10.7.x
Endpoint Security for Linux Firewall 10.6.x
Endpoint Security for Linux Threat Prevention 10.x
Endpoint Security for Mac Firewall 10.x
Endpoint Security for Mac Threat Prevention 10.x
Endpoint Security for Mac Web Control 10.x
Endpoint Security Storage Protection 2.x
Endpoint Security Threat Prevention 10.7.x
Endpoint Security Threat Prevention 10.6.x
Endpoint Security Web Control 10.7.x
Endpoint Security Web Control 10.6.x
MOVE Antivirus Agentless 4.8.x
MOVE Antivirus Agentless 4.7.x
MVISION Endpoint - All Versions
Network Security Manager 9.2.x
Network Security Manager 9.1.x
Network Security Manager 10.x
Network Security Sensor Appliance 9.2.x
Network Security Sensor Appliance 9.1.x
Network Security Sensor Appliance 10.x
Stinger
Threat Intelligence Exchange Server 3.x
Threat Intelligence Exchange Server 2.3.x
Threat Intelligence Exchange Server 2.2.x
VirusScan Enterprise for Storage 1.3.x
VirusScan Enterprise for Storage 1.2.x
Web Gateway 9.2.x
Web Gateway 9.1.x
Web Gateway 9.0.x
Web Gateway 8.2.x
Web Gateway 7.8
Web Gateway 10.1.x
Web Gateway 10.0.x

Languages:

This article is available in the following languages:

German
English United States
Spanish Spain
French
Italian
Japanese
Korean
Dutch
Portuguese Brasileiro
Chinese Simplified
Chinese Traditional

Knowledge Center

Connecting to Global Threat Intelligence

Environment

Summary

Related Information

Attachment

Affected Products

Languages:

Title

Title

Knowledge Center

Connecting to Global Threat Intelligence

Environment

Summary

Related Information

Attachment

Affected Products

Languages:

Choose your region

Title

Title