Recent updates to this article 

Date	Update
January 6, 2022	Removed an obsolete list of netblocks.
December 9, 2021	Minor formatting change.
November 10, 2021	Updated the CSV file containing the Public Cloud IP addresses. Added the following IP addresses to the Public Cloud resource IP addresses table: North America and Latin America: 13.56.143.254, 13.57.162.46, 18.144.151.221, 34.218.113.76, 35.82.216.196, 35.85.200.9, 35.164.244.168, 44.226.104.160, 44.228.119.21, 44.231.4.182, 44.236.191.134, 44.239.3.191, 50.18.16.187, 50.112.162.34, 52.8.218.49, 52.9.108.36, 52.33.162.6, 52.38.76.97, 52.52.137.255, 52.52.202.243, 54.69.96.234, 54.149.22.132, 54.176.116.10, 54.176.228.68, 54.177.146.222, 54.191.65.158, 54.215.120.30, 54.219.33.114, 54.241.112.48, 54.241.224.43, 54.245.106.41, 204.236.174.5 Europe, Middle East, and Africa: 3.65.111.235, 3.65.248.69, 3.70.43.39, 3.70.82.67, 3.123.143.192, 3.124.92.48, 3.125.91.105, 3.125.151.188, 18.157.55.87, 18.158.158.247, 18.158.166.145, 18.158.173.34, 18.159.170.86, 18.198.193.152, 35.156.221.217, 35.158.23.1
October 8, 2021	Updated the abbreviation for Endpoint Security Storage Protection.

The purpose of this article is to provide the Global Threat Intelligence (GTI) IP addresses to allow so that your network can query GTI. But, we recommend the use of a fully qualified domain name (FQDN) that returns a list of active endpoints at the nearest Cloud Point of Presence (PoP). IP addresses can change. To decouple endpoints from these changes, endpoints shouldn’t hardcode IP addresses mentioned in this article. We're providing the list of IP addresses for allow list purposes only.

GTI is hosted as a global cloud service, so hard coding an IP address could result in an outage for one of the following reasons:

• That particular IP address is taken out of service for maintenance.
• A network outage segments a static path to a given IP address in a given data center.
• GTI site host changes.

Access to GTI is configured on port 443 using an FQDN so that a DNS lookup can return the nearest and most accurate IP address records at any given time. This returned result can be any of several IP addresses across the globe. Because the exact IP address isn’t known in advance, firewall administrators must open port 443 outbound globally. The preferred configuration method is to configure access to the GTI servers to use port 443 to the FQDN.

Product FQDNs used with GTI
The FQDN depends on the product. To determine the FQDN, see the product documentation for your installed product.

For a list and description of the ENS URLs used to perform off-box communication, see: KB93324 - Endpoint Security off-box communication URLs.