Allowing ThreatLocker through your Firewall
Overview
If you utilize any form of internet filtering or proxy, you may need to allow the ThreatLocker Agent access to the ThreatLocker Datacenters.
Ports
We require port 443 for all traffic to ThreatLocker and basic api communication.
We require port 8443 for ThreatLocker Testing Environment/VDI outbound traffic.
Network Control requires port 8810 for Keywords and port 8811 for local objects.
By Hostname
You will need to allow access to:
- cdn.threatlocker.com (Our cdn is hosted via AWS and utilizes various IP addresses around the world.)
- corecdn.threatlocker.com
- api.threatlocker.com
- api.b.threatlocker.com
- api.c.threatlocker.com
- api.d.threatlocker.com
- api.e.threatlocker.com
- api.f.threatlocker.com
- api.g.threatlocker.com
- api.ae1.threatlocker.com
- api.au1.threatlocker.com
- api.eu1.threatlocker.com
- apps.threatlocker.com
- core.threatlocker.com
- portal.threatlocker.com
- portal.b.threatlocker.com
- portal.c.threatlocker.com
- portal.d.threatlocker.com
- portal.e.threatlocker.com
- portal.f.threatlocker.com
- portal.g.threatlocker.com
- portal.ae1.threatlocker.com
- portal.au1.threatlocker.com
- portal.eu1.threatlocker.com
- webapi.threatlocker.com
- webapi.b.threatlocker.com
- webapi.c.threatlocker.com
- webapi.d.threatlocker.com
- webapi.e.threatlocker.com
- webapi.f.threatlocker.com
- webapi.g.threatlocker.com
- webapi.ae1.threatlocker.com
- webapi.au1.threatlocker.com
- webapi.eu1.threatlocker.com
- updates.threatlocker.com
By IP Addresses
If you are unable to allow by hostname or if adding by hostname results in no positive changes, you will need to allow the following IP ranges:
- 3.29.84.145
- 3.29.116.80
- 13.236.74.132
- 13.237.45.182
- 34.23.91.229
- 34.74.220.44
- 34.138.26.207
- 34.138.119.231
- 34.148.190.241
- 35.196.188.218
- 38.77.137.0/24
- 38.32.184.224/29
- 38.77.143.0/24
- 38.142.102.88/30
- 66.35.69.80/29
- 66.35.75.34/27
- 66.35.91.32/27
- 66.35.91.35/27
- 71.74.161.192/26
- 71.74.165.192/26
- 71.74.166.64/26
- 71.74.166.192/26
- 84.207.211.144/28
- 97.71.200.82
- 148.51.137.104/29
- 148.51.137.160/27
- 149.5.35.0/24
Additional Hostnames relating to our Cyber Hero LiveChat
Please also add our third-party chat resource to your list of exclusions to prevent any potential issues related to using our Cyber Hero chat system. They are as follows:
- *.cdn.livechatinc.com
- *.livechat.com
- *.livechatinc.com
- *.livechat-static.com
- *.recurly.com
Accessing the ThreatLocker Portal
To access only ThreatLocker’s Portal or Beta Portal, you will need to allow access to the following Hostnames on Port 443:
- portal.threatlocker.com
- portal.b.threatlocker.com
- portal.c.threatlocker.com
- portal.d.threatlocker.com
- portal.e.threatlocker.com
- portal.f.threatlocker.com
- portal.g.threatlocker.com
- portal.ae1.threatlocker.com
- portal.au1.threatlocker.com
- portal.eu1.threatlocker.com
- webapi.threatlocker.com
- webapi.b.threatlocker.com
- webapi.c.threatlocker.com
- webapi.d.threatlocker.com
- webapi.e.threatlocker.com
- webapi.f.threatlocker.com
- webapi.g.threatlocker.com
- webapi.eu1.threatlocker.com
Note: You only need the hostname for the instance you are running.
Accessing the ThreatLocker Testing Environment
To use ThreatLocker’s Testing Environment, you will also need to allow access to the hostname test.env.threatlocker.com on Port 8443.