Allowing ThreatLocker through your Firewall

Overview

If you utilize any form of internet filtering or proxy, you may need to allow the ThreatLocker Agent access to the ThreatLocker Datacenters.

Ports

We require port 443 for all traffic to ThreatLocker and basic api communication.

We require port 8443 for ThreatLocker Testing Environment/VDI outbound traffic.

Network Control requires port 8810 for Keywords and port 8811 for local objects.

By Hostname

You will need to allow access to:

api.threatlocker.com
api.b.threatlocker.com
api.c.threatlocker.com
api.d.threatlocker.com
api.e.threatlocker.com
api.f.threatlocker.com
api.g.threatlocker.com
api.h.threatlocker.com
api.ae1.threatlocker.com
api.au1.threatlocker.com
api.ca1.threatlocker.com
api.eu1.threatlocker.com
apps.threatlocker.com
betaportalapi.ae1.threatlocker.com
betaportalapi.ca1.threatlocker.com
cdn.threatlocker.com (Our cdn is hosted via AWS and utilizes various IP addresses around the world.)
core.threatlocker.com
corecdn.threatlocker.com
legacyportal.ae1.threatlocker.com
legacyportal.ca1.threatlocker.com
macapps.threatlocker.com
portal.threatlocker.com
portal.b.threatlocker.com
portal.c.threatlocker.com
portal.d.threatlocker.com
portal.e.threatlocker.com
portal.f.threatlocker.com
portal.g.threatlocker.com
portal.h.threatlocker.com
portal.ae1.threatlocker.com
portal.au1.threatlocker.com
portalapi.ae1.threatlocker.com
portalapi.ca1.threatlocker.com
portal.ca1.threatlocker.com
portal.eu1.threatlocker.com
webapi.threatlocker.com
webapi.b.threatlocker.com
webapi.c.threatlocker.com
webapi.d.threatlocker.com
webapi.e.threatlocker.com
webapi.f.threatlocker.com
webapi.g.threatlocker.com
webapi.h.threatlocker.com
webapi.ae1.threatlocker.com
webapi.au1.threatlocker.com
webapi.ca1.threatlocker.com
webapi.eu1.threatlocker.com
updates.threatlocker.com
upload.threatlocker.com

By IP Addresses

If you are unable to allow by hostname or if adding by hostname results in no positive changes, you will need to allow the following IP ranges:

3.29.84.145
3.29.116.80
13.236.74.132
13.237.45.182
34.23.91.229
34.74.220.44
34.138.26.207
34.138.119.231
34.139.193.237
34.148.46.9
34.148.190.241
35.196.188.218
38.77.137.0/24
38.32.184.224/29
38.68.197.27
38.77.143.0/24
38.142.102.88/30
60.242.12.32/28
66.35.69.80/29
66.35.75.32/27
66.35.91.32/27
71.74.161.192/26
71.74.165.192/26
71.74.166.64/26
71.74.166.192/26
84.207.211.144/28
148.51.137.104/29
148.51.137.160/27
149.5.35.0/24
175.45.118.80/28

Additional Hostnames relating to our Cyber Hero LiveChat

Please also add our third-party chat resource to your list of exclusions to prevent any potential issues related to using our Cyber Hero chat system. They are as follows:

*.cdn.livechatinc.com
*.livechat.com
*.livechatinc.com
*.livechat-static.com
*.recurly.com

Accessing the ThreatLocker Portal

To access only ThreatLocker’s Portal or Beta Portal, you will need to allow access to the following Hostnames on Port 443:

api.ae1.threatlocker.com
api.ca1.threatlocker.com
betaportalapi.ae1.threatlocker.com
betaportalapi.ca1.threatlocker.com
portal.threatlocker.com
portal.b.threatlocker.com
portal.c.threatlocker.com
portal.d.threatlocker.com
portal.e.threatlocker.com
portal.f.threatlocker.com
portal.g.threatlocker.com
portal.h.threatlocker.com
portal.ae1.threatlocker.com
portal.au1.threatlocker.com
portal.ca1.threatlocker.com
portalapi.ae1.threatlocker.com
portalapi.ca1.threatlocker.com
portal.eu1.threatlocker.com
legacyportal.ae1.threatlocker.com
legacyportal.ca1.threatlocker.com
webapi.threatlocker.com
webapi.b.threatlocker.com
webapi.c.threatlocker.com
webapi.d.threatlocker.com
webapi.e.threatlocker.com
webapi.f.threatlocker.com
webapi.g.threatlocker.com
webapi.h.threatlocker.com
webapi.ae1.threatlocker.com
webapi.ca1.threatlocker.com
webapi.eu1.threatlocker.com

Note: You only need the hostname for the instance you are running.

Accessing the ThreatLocker Testing Environment

To use ThreatLocker’s Testing Environment, you will also need to allow access to the hostname test.env.threatlocker.com on Port 8443.