Recent updates to this article 

Date	Update
October 8, 2021	Updated the abbreviation for Endpoint Security Storage Protection.
September 29, 2021	Attached a file in CSV format containing the Public Cloud IP addresses. Added the following IP addresses to the Public Cloud resource IP addresses table: North America and Latin America: 34.121.122.140, 34.125.9.64, 34.125.111.170, 34.125.237.12, 34.125.239.237, 34.125.252.7, 34.125.253.122, 34.135.26.163, 35.184.167.113, 35.188.45.29, 35.222.129.205, 104.154.142.144    Europe, Middle East, and Africa: 34.89.196.137, 34.142.32.56, 34.142.48.231, 35.230.131.105, 35.234.136.181, 35.242.146.31, 35.242.178.161, 35.198.127.181, 35.246.128.41, 35.246.132.219, 35.246.165.178, 35.246.250.148
September 16, 2021	Added Endpoint Security Storage Protection (ENSSP).
May 18, 2021	Added McAfee Network Security Platform (NSP).
May 5, 2021	Added the following IP addresses to the Public Cloud resource IP addresses table: Europe, Middle East, and Africa: 35.246.250.148, 35.246.165.178, 35.246.132.219, 35.198.127.181, 35.246.128.41, 34.89.196.137 Asia Pacific​: 35.197.154.200, 35.247.144.219, 34.87.52.131, 34.87.64.20, 34.126.101.181, 34.126.126.157

The purpose of this article is to provide the Global Threat Intelligence (GTI) IP addresses to allow so that your network can query GTI. But, McAfee Enterprise recommends the use of a fully qualified domain name (FQDN) that returns a list of active endpoints at the nearest Cloud Point of Presence (PoP). IP addresses can change. To decouple endpoints from these changes, endpoints shouldn’t hardcode IP addresses mentioned in this article. McAfee Enterprise is providing the list of IP addresses for allow list purposes only.

GTI is hosted as a global cloud service, so hard coding an IP address could result in an outage for one of the following reasons:

• That particular IP address is taken out of service for maintenance.
• A network outage segments a static path to a given IP address in a given data center.
• GTI site host changes.

Access to GTI is configured on port 443 using an FQDN so that a DNS lookup can return the nearest and most accurate IP address records at any given time. This returned result can be any of several IP addresses across the globe. Because the exact IP address isn’t known in advance, firewall administrators must open port 443 outbound globally. The preferred configuration method is to configure access to the GTI servers to use port 443 to the FQDN.

Product FQDNs used with GTI
The FQDN depends on the product. To determine the FQDN, see the product documentation for your installed product.

For a list and description of the ENS URLs used to perform off-box communication, see: KB93324 - Endpoint Security off-box communication URLs.

Public Cloud resource IP addresses: