Page tree

Contents

Important Note

The minimum system requirements specified for on-prem hosts must be dedicated to the on-prem host you plan to deploy. They cannot be shared with or used for other non-Infoblox applications. Sharing resources will negatively affect the performance of your BloxOne services. For more information, see Minimum System Requirements for On-Prem Hosts.

Before you deploy BloxOne services and on-prem hosts, ensure that you prepare your environment according to the requirements for the supported platforms and open all necessary ports for unrestricted outbound access. All used IPs on the provided list require 443/tcp be open when in use.  

For additional information on BloxOne connectivity service requirements, see the following:

Port Usage for Firewall

The following table lists the ports that must be available in your firewall for the BloxOne on-prem hosts and other important services requiring specific ports in order to function properly.

IP ProtocolPortServices that use this portDomains/DestinationsDescriptionIPs and URLs (if applicable)
TCP & UDP53
  • Anycast
  • Data Connector
  • DHCP
  • DNS
  • DNS Forwarding Proxy
  • NIOS Grid Connector
  • csp.infoblox.com
  • threatdefense.infoblox.com (and all subdomains)

For the Cloud Services Portal connectivity to work as desired, TCP and UDP 53 ports are used as the outbound port to the complete list of cloud addresses.


For BloxOne Threat Defense Cloud DNS Server:

  • 52.119.40.100
  • 52.119.41.100
  • 103.80.5.100
  • 103.80.6.100
UDP67
  • DHCP
N/AFor DHCP serviceN/A
UDP68
  • DHCP
DHCP clientsFrom DHCP server to DHCP clientsN/A
TCP80
  • Redirect Server
N/AFor redirect purposes

Redirect IPs: 

For IPv4:

3.215.231.251
3.216.243.225
35.168.95.233
54.173.31.46
3.220.140.235

For IPv6:

2600:1f18:1043:dc00:8083:68e:ef0f:46de  2600:1f18:1043:dc02:ed26:448b:247:90c9
2600:1f18:1043:dc00:a339:63ac:4c02:9531  2600:1f18:1043:dc00:5ee5:908d:8892:f214
2600:1f18:1043:dc02:be4:9bb:7833:d9d4

UDP123
  • NTP Server
  • NTP Pool
  • ntp.ubuntu.com
  • pool.ntp.org
  • For NTP server synchronization
  • For NTP Pool only if time sync with ESXi is disabled)

N/A

TCP443
  • Redirect Server
N/AFor redirect purposes

Redirect IPs: 

For IPv4:

3.215.231.251
3.216.243.225
35.168.95.233
54.173.31.46
3.220.140.235

For IPv6:

2600:1f18:1043:dc00:8083:68e:ef0f:46de  2600:1f18:1043:dc02:ed26:448b:247:90c9
2600:1f18:1043:dc00:a339:63ac:4c02:9531  2600:1f18:1043:dc00:5ee5:908d:8892:f214
2600:1f18:1043:dc02:be4:9bb:7833:d9d4

TCP (TLS)443
  • All BloxOne services
  • Cloud Services Portal
  • csp.infoblox.com
  • auth.infoblox.com
  • *.oktacdn.com
  • infoblox-external.okta.com
  • cdnjs.cloudflare.com
  • d21fqoalzyz7ml.cloudfront.net
  • For HTTPS traffic to all domains
  • For URL filtering to access the Cloud Services Portal
N/A
TCP443
  • Anycast
  • Data Connector
  • NIOS Grid Connector
  • csp.infoblox.com
  • cp.noa.infoblox.com
  • grpc.csp.infoblox.com
  • app.noa.infoblox.com
  • tide.infoblox.com
  • threatdefense.infoblox.com (and all subdomains)
  • For Cloud Services Portal access (unrestricted outbound access to TCP 443)
  • For on-prem host platform and application management
  • 52.119.40.100
  • 52.119.41.100
  • 103.80.5.100
  • 103.80.6.100
TCP443
  • DNS
  • DNS Forwarding Proxy
  • DHCP
  • BloxOne Threat Defense Cloud
  • dns.bloxone.infoblox.com
  • threatdefense.infoblox.com (and all subdomains)

Note: Communication with these destinations will bypass any proxy server setting. In other words, if you configure a proxy, the BloxOne DDI service destination (dns.bloxone.infoblox.com:443) is bypassed on the proxy. Similarly, the DNS forwarding proxy service (threatdefense.bloxone.infoblox.com:443) is bypassed on the proxy.

  • For BloxOne DDI authoritative DNS cloud services
  • For BloxOne Threat Defense Cloud DNS server

For BloxOne Threat Defense Cloud DNS Server:

  • 52.119.40.100
  • 52.119.41.100
  • 103.80.5.100
  • 103.80.6.100
TCP647
  • DHCP
  • dhcp.bloxone.infoblox.com

This is an incoming port for the HA (High Availability) feature.

The receiving peer must be able to receive traffic on the port, and the sending peer must be able to send traffic to the port, generally from other random ports.

For DHCP and DHCP HA (High Availability)N/A
UDP647
  • DHCP clustering
  • dhcp.bloxone.infoblox.com

This is an incoming port for the HA (High Availability) feature.

The receiving peer must be able to receive traffic on the port, and the sending peer must be able to send traffic to the port, generally from other random ports.

For DHCP clustering load balancingN/A
TCP847
  • DHCP clustering
  • dhcp.bloxone.infoblox.com

This is an incoming port for the HA (High Availability) feature.

The receiving peer must be able to receive traffic on the port, and the sending peer must be able to send traffic to the port, generally from other random ports.

For DHCP clusteringN/A

Note

A complete list of the used IP addresses is available in a JSON file by clicking this link. All listed IPs require 443/tcp be open when being used.



  • No labels

This page has no comments.