Certain customers are using web filtering proxies and/or restricted firewall egress rules on their networks. The ThreatSweep appliance needs to be able to access our Networks and APIs in order to function properly.
Configure the firewall to allow appropriate communication to/from the ThreatSweep server:
-
RiskAnalytics communicates with the ThreatSweep server through TCP port 22 (SSH protocol). The firewall needs to be configured to allow the following IP addresses to communicate with the ThreatSweep over port 22:
- 139.146.167.0/24
- 52.21.143.192
- 12.148.110.32/27
-
Outbound ThreatSweep needs FTP, HTTPS and HTTP access to:
- snort.org
- emergingthreats.net
- as44.autoshun.org
- api.riskanalytics.com
- Outbound HTTP, HTTPS and port 8080 access to 139.146.167.16/28 is also required.
- Outbound SMTP access to mail.riskanalytics.com either directly or via a mail relay host inside
The following URLs need to be added to your webfilter (Bluecoat, Websense, etc) whitelist:
- iplist.device.riskanalytics.io
- heartbeat.device.riskanalytics.io
- ipscore.device.riskanalytics.io
- remote.device.riskanalytics.io
- async.device.riskanalytics.io
- api.riskanalytics.com
- hosted.riskanalytics.com
- mirror.riskanalytics.com
- mandrivamirror.riskanalytics.com
- myraforce.com
- risktool.com
- as44.autoshun.org
- snort.org
- rules.emergingthreats.net
The following IPs should be whitelisted on your egress filter (ASA, border firewall, etc):
- 52.21.143.192
- 139.146.167.0/24
- 12.148.110.32/27