Overview
This article lists all of the ports and IP addresses used by Code42.
Insider risk agent
Firewall access
To ensure uninterrupted access to the Code42 cloud, open outbound access in your firewall as follows based on which cloud instance you use:
-
US1: https://console.us.code42.com
- Allow outbound TCP/443 to *.code42.com
-
US2: https://console.us2.code42.com
- Allow outbound TCP/443 to *.code42.com
-
US3: https://console.gov.code42.com
- Allow outbound TCP/443 to *.code42.com
-
EU1: https://console.ie.code42.com
- Allow outbound TCP/443 to *.code42.com
Insider risk agent ports
List of ports that require outbound traffic to Code42.
Port |
Protocol |
Source |
Destination |
Description |
---|---|---|---|---|
443 | HTTPS | Code42 endpoint agents | Code42 cloud | Communication for user activity monitoring and deployment policy information |
IP address ranges used by Code42 data connections
All Code42 data connections are served out of Microsoft Azure data centers and do not use static IPs or fully qualified domain names (FQDNs). Instead, these IP address ranges are managed by Microsoft and can change over time. For more information, see Identify IP addresses used by Code42 data connectors.
IP addresses used by Incydr Flows
Incydr Flows are powered by Tines. To ensure Incydr Flows operate as expected, the service integrating with Incydr (for example, Workday or Crowdstrike) must allow requests from the following Tines IP addresses:
- 35.162.210.16
- 44.227.94.208
Backup agent
Firewall access
Two firewall filtering methods are described below: FQDN-based and IP-based.
The FQDN-based method is simpler to manage for most customers. The IP-based method should be used with firewalls that do not support FQDN-based filtering.
FQDN-based filtering method
To ensure uninterrupted access to the Code42 cloud, open outbound access in your firewall as follows based on which cloud instance you use. (You must use the IP-based filtering method to allow traffic on port 4287.) For information about the Amazon Cognito Identity Pools endpoints, see Amazon's documentation.
-
US1: https://console.us.code42.com
- Allow outbound TCP/443 to *.code42.com
- Allow outbound TCP/443 to cognito-identity.us-east-1.amazonaws.com
- Allow outbound TCP/443 to cognito-identity-fips.us-east-1.amazonaws.com
-
US2: https://console.us2.code42.com
- Allow outbound TCP/443 to *.code42.com
- Allow outbound TCP/443 to cognito-identity.us-east-1.amazonaws.com
- Allow outbound TCP/443 to cognito-identity-fips.us-east-1.amazonaws.com
-
US3: https://console.gov.code42.com
- Allow outbound TCP/443 to *.code42.com
- Allow outbound TCP/443 to cognito-identity.us-east-1.amazonaws.com
- Allow outbound TCP/443 to cognito-identity-fips.us-east-1.amazonaws.com
-
EU1: https://console.ie.code42.com
- Allow outbound TCP/443 to *.code42.com
- Allow outbound TCP/443 to cognito-identity.eu-west-1.amazonaws.com
- Allow outbound TCP/443 to cognito-identity-fips.eu-west-1.amazonaws.com
IP-based filtering method
To ensure uninterrupted access to the Code42 cloud when your firewall does not support FQDN-based filtering or TLS inspection is being performed, open outbound access in your firewall as follows based on which cloud instance you use. For more information about AWS IP address ranges, see Amazon's documentation.
-
US1: https://console.us.code42.com
- Allow outbound TCP/443 and TCP/4287 to Code42 IP address ranges below
- Allow outbound TCP/443 to AWS us-east-1 IP addresses
-
US2: https://console.us2.code42.com
- Allow outbound TCP/443 and TCP/4287 to Code42 IP address ranges below
- Allow outbound TCP/443 to AWS us-east-1 IP addresses
-
US3: https://console.gov.code42.com
- Allow outbound TCP/443 and TCP/4287 to Code42 IP address ranges below
- Allow outbound TCP/443 to AWS us-east-1 IP addresses
-
EU1: https://console.ie.code42.com
- Allow outbound TCP/443 and TCP/4287 to Code42 IP address ranges below
- Allow outbound TCP/443 and TCP/4287 to AWS eu-west-1 IP addresses
Code42 IP address ranges
To allow connection to the Code42 cloud when you use an IP-based filtering method, open outbound access in your firewall to the following IP address ranges:
- 38.127.80.0/24*
- 50.93.246.0/23
- 50.93.255.0/24
- 64.207.196.0/22
- 64.207.204.0/23
- 67.222.248.0/22
- 216.9.199.0/24*
- 216.17.8.0/24
*These address ranges will not be used until May 1, 2023. Please update any firewall rules to allow access to the full set of published Code42 network address ranges by that date.
This list represents all the IP-address ranges needed to allow access to the Code42 cloud. Remove from firewall rules any outdated Code42 IP address ranges not on this list. See Revision history for IP address ranges removed by Code42.
Ports
List of ports that require outbound traffic to Code42. You must have ports 443, 4285, and 4287 open for use.
Port |
Protocol |
Source |
Destination |
Description |
---|---|---|---|---|
443 | HTTPS | Code42 endpoint agents | Code42 cloud | Communication for File Metadata Collection and deployment policy information |
HTTPS | Web Browsers | Code42 cloud | Web restore (both zip file and device) and user activity profiles | |
TLS | Code42 endpoint agents | Code42 cloud |
Communication from device to the Code42 cloud. Only applies to Code42 environments that sign in to the Code42 console at: https://console.us2.code42.com. |
|
4285 | HTTPS | Web Browsers | Code42 cloud | Web restore (both zip file and device), user activity profiles, SSO sign in, and authentication API calls. |
4287 | TLS | Code42 endpoint agents | Code42 cloud | Communication from the device to the Code42 cloud |
Additional services integrated with Code42
These are some additional ports used by services that are commonly integrated with Code42 environments.
Port |
Protocol |
Source |
Destination |
Description |
---|---|---|---|---|
8200 and 8201 |
TLS | Code42 cloud | Vault | Communication between a Vault instance and the Code42 cloud |
443 | HTTPS | Code42 cloud | AD FS server | Sync with AD FS |
636 | LDAPS | Your directory server | Used by the Code42 User Directory Sync tool to sync with your directory service |
IP address ranges used by Code42 data connections
All Code42 data connections are served out of Microsoft Azure data centers and do not use static IPs or fully qualified domain names (FQDNs). Instead, these IP address ranges are managed by Microsoft and can change over time. For more information, see Identify IP addresses used by Code42 data connectors.
Revision history
The table below lists previous updates to this page.
Date | Updates |
---|---|
November 17, 2022 |
Updated the Code42 IP address ranges to be used when performing IP address-based filtering for backup agents:
|
September 22, 2022 | Added details regarding the IP address ranges used by Code42 data connections. |
June 29, 2022 |
Added the following IP address range:
These addresses will not be used until December 1, 2022. Please update any firewall rules to allow access to the full range of published Code42 network addresses by that date. |
April 25, 2022 |
Removed instructions to allow outbound TCP/443 to *.crashplan.com. All URLs to the Code42 cloud for Incydr are now *.code42.com. |
September 3, 2021 | Added firewall access sections. |
August 16, 2021 | Added the Insider risk agent section. |
May 5, 2021 |
Added the following IP address ranges:
If your instance in the Code42 cloud was provisioned on or before May 5, 2021, you have until November 5, 2021 to open firewall access to these ranges. |
January 21, 2021 | Added Amazon Cognito Identity endpoints addresses for firewall access. |
November 27, 2020 | Added client login addresses. |
August 12, 2020 | Added a note that IP address range 149.5.44.0/24 is retired. |
June 3, 2020 | Revised the Code42 IP address usage details for each Code42 cloud environment. |
May 8, 2020 | Noted that IP address ranges are scheduled to be updated August 11, 2020. For more information, see IP address updates in August 2020. |
March 12, 2020 | Added details for the Code42 federal environment. |
January 7, 2020 | Added an attention box stating that port 4282 is no longer supported. |
March 13, 2019 |
|