Company logoHelp Center
Visit www.threatlocker.com

Allowing ThreatLocker through your Firewall

6 min. readlast update: 03.17.2026

Overview 

If you utilize any form of internet filtering or proxy, you may need to allow the ThreatLocker Agent access to the ThreatLocker data centers. 

Ports 

We require port 443 for all traffic to ThreatLocker and basic API communication.  

We require port 443 for ThreatLocker Testing Environment/VDI outbound traffic. 

By default, Network Control requires port 8810 for Keywords and port 8811 for local objects. 

Required API Links

For our API links, you will only need to add the FQDN of the particular instance of which your organization is a part. To see what instance your organization is on, click the Help button within the ThreatLocker portal and note the letter in the parentheses within “ThreatLocker Access.” 

 

For the screenshot example above, only the dropdown for Instance D will be applicable. Please click to expand the dropdown depending on your organization's instance.

Instance A

  • api.threatlocker.com 

  • portalapi.threatlocker.com 

  • betaapi.threatlocker.com 

  • betaportalapi.threatlocker.com

  • webapi.threatlocker.com 

  • legacyportal.threatlocker.com   

  • legacybeta.threatlocker.com 

Although the Legacy Portal is now defunct, some portal integrations may require access to the LegacyPortal/LegacyBeta links.

Instance B

  • api.threatlocker.com 

  • api.b.threatlocker.com 

  • portalapi.threatlocker.com 

  • portalapi.b.threatlocker.com 

  • betaapi.threatlocker.com 

  • betaapi.b.threatlocker.com

  • betaportalapi.threatlocker.com

  • betaportalapi.b.threatlocker.com

  • webapi.threatlocker.com 

  • webapi.b.threatlocker.com 

  • legacyportal.threatlocker.com 

  • Legacyportal.b.threatlocker.com 

  • legacybeta.threatlocker.com 

  • legacybeta.b.threatlocker.com 

Although the Legacy Portal is now defunct, some portal integrations may require access to the LegacyPortal/LegacyBeta links.

Instance C

  • api.threatlocker.com 

  • api.c.threatlocker.com 

  • portalapi.threatlocker.com 

  • portalapi.c.threatlocker.com 

  • betaapi.threatlocker.com 

  • betaapi.c.threatlocker.com

  • betaportalapi.threatlocker.com

  • betaportalapi.c.threatlocker.com

  • webapi.threatlocker.com 

  • webapi.c.threatlocker.com 

  • legacyportal.threatlocker.com 

  • legacyportal.c.threatlocker.com 

  • legacybeta.threatlocker.com 

  • legacybeta.c.threatlocker.com 

Although the Legacy Portal is now defunct, some portal integrations may require access to the LegacyPortal/LegacyBeta links.

Instance D

  • api.threatlocker.com 

  • api.d.threatlocker.com 

  • portalapi.threatlocker.com 

  • portalapi.d.threatlocker.com 

  • betaapi.threatlocker.com 

  • betaapi.d.threatlocker.com

  • betaportalapi.threatlocker.com

  • betaportalapi.d.threatlocker.com

  • webapi.threatlocker.com 

  • webapi.d.threatlocker.com 

  • legacyportal.threatlocker.com 

  • legacyportal.d.threatlocker.com 

  • legacybeta.threatlocker.com 

  • legacybeta.d.threatlocker.com 

Although the Legacy Portal is now defunct, some portal integrations may require access to the LegacyPortal/LegacyBeta links.

Instance E

  • api.threatlocker.com 

  • api.e.threatlocker.com 

  • portalapi.threatlocker.com 

  • portalapi.e.threatlocker.com 

  • betaapi.threatlocker.com 

  • betaapi.e.threatlocker.com

  • betaportalapi.threatlocker.com

  • betaportalapi.e.threatlocker.com

  • webapi.threatlocker.com 

  • webapi.e.threatlocker.com 

  • legacyportal.threatlocker.com 

  • legacyportal.e.threatlocker.com 

  • legacybeta.threatlocker.com 

  • legacybeta.e.threatlocker.com 

Although the Legacy Portal is now defunct, some portal integrations may require access to the LegacyPortal/LegacyBeta links.

Instance F

  • api.threatlocker.com 

  • api.f.threatlocker.com 

  • portalapi.threatlocker.com 

  • portalapi.f.threatlocker.com 

  • betaapi.threatlocker.com 

  • betaapi.f.threatlocker.com

  • betaportalapi.threatlocker.com

  • betaportalapi.f.threatlocker.com

  • webapi.threatlocker.com 

  • webapi.f.threatlocker.com 

  • legacyportal.threatlocker.com 

  • legacyportal.f.threatlocker.com 

  • legacybeta.threatlocker.com 

  • legacybeta.f.threatlocker.com 

Although the Legacy Portal is now defunct, some portal integrations may require access to the LegacyPortal/LegacyBeta links.

Instance G

  • api.threatlocker.com 

  • api.g.threatlocker.com 

  • portalapi.threatlocker.com 

  • portalapi.g.threatlocker.com 

  • betaapi.threatlocker.com 

  • betaapi.g.threatlocker.com

  • betaportalapi.threatlocker.com

  • betaportalapi.g.threatlocker.com

  • webapi.threatlocker.com 

  • webapi.g.threatlocker.com 

  • legacyportal.threatlocker.com 

  • legacyportal.g.threatlocker.com 

  • legacybeta.threatlocker.com 

  • legacybeta.g.threatlocker.com 

Although the Legacy Portal is now defunct, some portal integrations may require access to the LegacyPortal/LegacyBeta links.

Instance H

  • api.threatlocker.com 

  • api.h.threatlocker.com 

  • portalapi.threatlocker.com 

  • portalapi.h.threatlocker.com 

  • betaapi.threatlocker.com 

  • betaapi.h.threatlocker.com

  • betaportalapi.threatlocker.com

  • betaportalapi.h.threatlocker.com

  • webapi.threatlocker.com 

  • webapi.h.threatlocker.com 

  • legacyportal.threatlocker.com 

  • legacyportal.h.threatlocker.com 

  • legacybeta.threatlocker.com 

  • legacybeta.h.threatlocker.com 

Although the Legacy Portal is now defunct, some portal integrations may require access to the LegacyPortal/LegacyBeta links.

Instance AU1

  • api.threatlocker.com 

  • api.au1.threatlocker.com 

  • portalapi.threatlocker.com 

  • portalapi.au1.threatlocker.com 

  • betaapi.threatlocker.com 

  • betaapi.au1.threatlocker.com

  • betaportalapi.threatlocker.com

  • betaportalapi.au1.threatlocker.com

  • webapi.threatlocker.com 

  • webapi.au1.threatlocker.com 

  • legacyportal.threatlocker.com 

  • legacyportal.au1.threatlocker.com 

  • legacybeta.threatlocker.com 

  • legacybeta.au1.threatlocker.com 

Although the Legacy Portal is now defunct, some portal integrations may require access to the LegacyPortal/LegacyBeta links.

Instance AE1

  • api.threatlocker.com 

  • api.ae1.threatlocker.com 

  • portalapi.threatlocker.com 

  • portalapi.ae1.threatlocker.com 

  • betaapi.threatlocker.com 

  • betaapi.ae1.threatlocker.com

  • betaportalapi.threatlocker.com

  • betaportalapi.ae1.threatlocker.com

  • webapi.threatlocker.com 

  • webapi.ae1.threatlocker.com 

  • legacyportal.threatlocker.com 

  • legacyportal.ae1.threatlocker.com 

  • legacybeta.threatlocker.com 

  • legacybeta.ae1.threatlocker.com 

Although the Legacy Portal is now defunct, some portal integrations may require access to the LegacyPortal/LegacyBeta links.

Instance CA1

  • api.threatlocker.com 

  • api.ca1.threatlocker.com 

  • portalapi.threatlocker.com 

  • portalapi.ca1.threatlocker.com 

  • betaapi.threatlocker.com 

  • betaapi.ca1.threatlocker.com

  • betaportalapi.threatlocker.com

  • betaportalapi.ca1.threatlocker.com

  • webapi.threatlocker.com 

  • webapi.ca1.threatlocker.com 

  • legacyportal.threatlocker.com 

  • legacyportal.ca1.threatlocker.com 

  • legacybeta.threatlocker.com 

  • legacybeta.ca1.threatlocker.com 

Although the Legacy Portal is now defunct, some portal integrations may require access to the LegacyPortal/LegacyBeta links.

Instance EU1

  • api.threatlocker.com 

  • api.eu1.threatlocker.com 

  • portalapi.threatlocker.com 

  • portalapi.eu1.threatlocker.com 

  • betaapi.threatlocker.com 

  • betaapi.eu1.threatlocker.com

  • betaportalapi.threatlocker.com

  • betaportalapi.eu1.threatlocker.com

  • webapi.threatlocker.com 

  • webapi.eu1.threatlocker.com 

  • legacyportal.threatlocker.com 

  • legacyportal.eu1.threatlocker.com 

  • legacybeta.threatlocker.com 

  • legacybeta.eu1.threatlocker.com 

Although the Legacy Portal is now defunct, some portal integrations may require access to the LegacyPortal/LegacyBeta links.

Instance FR1/FedRAMP

  • api.fr1.threatlocker.com 

  • api.threatlockerfed.com 

  • portalapi.fr1.threatlocker.com 

  • portalapi.threatlockerfed.com 

  • betaportalapi.fr1.threatlocker.com 

  • betaportalapi.threatlockerfed.com 

  • webapi.fr1.threatlocker.com 

  • Webapi.threatlockerfed.com 

  • legacyportal.threatlockerfed.com 

  • portal.threatlockerfed.com 

  • Beta.threatlockerfed.com 

Although the Legacy Portal is now defunct, some portal integrations may require access to the LegacyPortal link.

Instance SA1

  • api.threatlocker.com 

  • api.sa1.threatlocker.com 

  • portalapi.threatlocker.com 

  • portalapi.sa1.threatlocker.com 

  • betaapi.threatlocker.com 

  • betaapi.sa1.threatlocker.com

  • betaportalapi.threatlocker.com

  • betaportalapi.sa1.threatlocker.com

  • webapi.threatlocker.com 

  • webapi.sa1.threatlocker.com 

  • legacyportal.threatlocker.com 

  • legacyportal.sa1.threatlocker.com 

  • legacybeta.threatlocker.com 

  • legacybeta.sa1.threatlocker.com 

Although the Legacy Portal is now defunct, some portal integrations may require access to the LegacyPortal/LegacyBeta links.

Required FQDNs 

These are required to permit, regardless of what instance you are in. 

These links will provide you with Portal access: 

  • portal.threatlocker.com 

  • beta.threatlocker.com 

These links will ensure machines are up-to-date with the latest definitions and policies: 

  • apps.threatlocker.com 

  • core.threatlocker.com 

  • corecdn.threatlocker.com

  • corecdn_us.threatlocker.com 

  • corecdn_jordan.threatlocker.com 

  • insights.threatlocker.com 

  • linuxapps.threatlocker.com 

  • macapps.threatlocker.com 

  • updates.threatlocker.com

  • upload.threatlocker.com

These links will provide access to our Testing Environment: 

  • vm.testenv.threatlocker.com 

  • vm2.testenv.threatlocker.com 

  • vmapi.testenv.threatlocker.com 

  • vmapi2.testenv.threatlocker.com 

  • vmconsole.testenv.threatlocker.com 

  • vmconsole2.testenv.threatlocker.com 

  • vm3.testenv.threatlocker.com

  • vmapi3.testenv.threatlocker.com

  • vmconsole3.testenv.threatlocker.com

Additional Hostnames relating to our Cyber Hero LiveChat 

Please also add our third-party chat resource to your list of exclusions to prevent any potential issues related to using our Cyber Hero chat system. They are as follows: 

  • *.cdn.livechatinc.com 

  • *.livechat.com 

  • *.livechatinc.com 

  • *.livechat-static.com 

  • *.recurly.com 

Our LiveChat widget also utilizes JavaScript; please ensure this is enabled on your browser before initiating a chat. 

By IP Addresses 

If you cannot allow by hostname or adding by hostname does not result in positive changes, you must allow the following IP ranges.  

Please note that IPs are subject to change based on our web service provider. 

  • Canada
    • 155.204.122.96/28
    • 38.22.73.96/28
  • Chicago
    • 38.99.229.32/28
    • 184.105.26.128/27
  • Orlando
    • 38.77.143.0/24
    • 71.74.166.192/26
    • 71.74.165.192/26
    • 71.74.161.192/26
    • 71.74.166.64/26
    • 38.77.137.0/24
    • 66.35.91.50
  • Dublin
    • 149.5.35.0/24
    • 84.207.211.144/28
  • Virginia
    • 38.68.197.0/24
    • 148.51.137.160/27
  • Australia
    • 175.45.118.80/28
    • 60.242.12.32/28
  • Saudi Arabia
    • 34.1.56.105
    • 34.1.50.186
    • 34.166.125.54

Deep Packet Inspection (DPI) / SSL/TLS Inspection Notice

For environments utilizing Deep Packet Inspection (DPI) or SSL/TLS Inspection, it is essential to ensure that all ThreatLocker domains and traffic are excluded from inspection.

Interception or re‑signing of HTTPS traffic by a firewall or security appliance can break the TLS trust relationship between your endpoints and the ThreatLocker services.

When ThreatLocker traffic is inspected or altered, it may result in:

  • Agent communication failures
  • Agent deployment issues
  • TLS handshake errors (e.g., “Could not establish trust relationship”)
  • Failed updates or policy synchronization

To prevent these issues, please configure your firewall or security appliance to bypass SSL/TLS inspection for all ThreatLocker-related domains and endpoints.

Was this article helpful?