Allowing ThreatLocker through your Firewall

Overview

If you utilize any form of internet filtering or proxy, you may need to allow the ThreatLocker Agent access to the ThreatLocker data centers.

Ports

We require port 443 for all traffic to ThreatLocker and basic API communication.

We require port 443 for ThreatLocker Testing Environment/VDI outbound traffic.

By default, Network Control requires port 8810 for Keywords and port 8811 for local objects.

Required API Links

For our API links, you will only need to add the FQDN of the particular instance of which your organization is a part. To see what instance your organization is on, click the Help button within the ThreatLocker portal and note the letter in the parentheses within “ThreatLocker Access.”

For the screenshot example above, only the dropdown for Instance D will be applicable. Please click to expand the dropdown depending on your organization's instance.

Instance A

api.threatlocker.com

portalapi.threatlocker.com

betaapi.threatlocker.com
betaportalapi.threatlocker.com

webapi.threatlocker.com

legacyportal.threatlocker.com

legacybeta.threatlocker.com

Although the Legacy Portal is now defunct, some portal integrations may require access to the LegacyPortal/LegacyBeta links.

Instance B

api.threatlocker.com

api.b.threatlocker.com

portalapi.threatlocker.com

portalapi.b.threatlocker.com

betaapi.threatlocker.com

betaapi.b.threatlocker.com
betaportalapi.threatlocker.com
betaportalapi.b.threatlocker.com

webapi.threatlocker.com

webapi.b.threatlocker.com

legacyportal.threatlocker.com

Legacyportal.b.threatlocker.com

legacybeta.threatlocker.com

legacybeta.b.threatlocker.com

Although the Legacy Portal is now defunct, some portal integrations may require access to the LegacyPortal/LegacyBeta links.

Instance C

api.threatlocker.com

api.c.threatlocker.com

portalapi.threatlocker.com

portalapi.c.threatlocker.com

betaapi.threatlocker.com

betaapi.c.threatlocker.com
betaportalapi.threatlocker.com
betaportalapi.c.threatlocker.com

webapi.threatlocker.com

webapi.c.threatlocker.com

legacyportal.threatlocker.com

legacyportal.c.threatlocker.com

legacybeta.threatlocker.com

legacybeta.c.threatlocker.com

Although the Legacy Portal is now defunct, some portal integrations may require access to the LegacyPortal/LegacyBeta links.

Instance D

api.threatlocker.com

api.d.threatlocker.com

portalapi.threatlocker.com

portalapi.d.threatlocker.com

betaapi.threatlocker.com

betaapi.d.threatlocker.com
betaportalapi.threatlocker.com
betaportalapi.d.threatlocker.com

webapi.threatlocker.com

webapi.d.threatlocker.com

legacyportal.threatlocker.com

legacyportal.d.threatlocker.com

legacybeta.threatlocker.com

legacybeta.d.threatlocker.com

Although the Legacy Portal is now defunct, some portal integrations may require access to the LegacyPortal/LegacyBeta links.

Instance E

api.threatlocker.com

api.e.threatlocker.com

portalapi.threatlocker.com

portalapi.e.threatlocker.com

betaapi.threatlocker.com

betaapi.e.threatlocker.com
betaportalapi.threatlocker.com
betaportalapi.e.threatlocker.com

webapi.threatlocker.com

webapi.e.threatlocker.com

legacyportal.threatlocker.com

legacyportal.e.threatlocker.com

legacybeta.threatlocker.com

legacybeta.e.threatlocker.com

Although the Legacy Portal is now defunct, some portal integrations may require access to the LegacyPortal/LegacyBeta links.

Instance F

api.threatlocker.com

api.f.threatlocker.com

portalapi.threatlocker.com

portalapi.f.threatlocker.com

betaapi.threatlocker.com

betaapi.f.threatlocker.com
betaportalapi.threatlocker.com
betaportalapi.f.threatlocker.com

webapi.threatlocker.com

webapi.f.threatlocker.com

legacyportal.threatlocker.com

legacyportal.f.threatlocker.com

legacybeta.threatlocker.com

legacybeta.f.threatlocker.com

Although the Legacy Portal is now defunct, some portal integrations may require access to the LegacyPortal/LegacyBeta links.

Instance G

api.threatlocker.com

api.g.threatlocker.com

portalapi.threatlocker.com

portalapi.g.threatlocker.com

betaapi.threatlocker.com

betaapi.g.threatlocker.com
betaportalapi.threatlocker.com
betaportalapi.g.threatlocker.com

webapi.threatlocker.com

webapi.g.threatlocker.com

legacyportal.threatlocker.com

legacyportal.g.threatlocker.com

legacybeta.threatlocker.com

legacybeta.g.threatlocker.com

Although the Legacy Portal is now defunct, some portal integrations may require access to the LegacyPortal/LegacyBeta links.

Instance H

api.threatlocker.com

api.h.threatlocker.com

portalapi.threatlocker.com

portalapi.h.threatlocker.com

betaapi.threatlocker.com

betaapi.h.threatlocker.com
betaportalapi.threatlocker.com
betaportalapi.h.threatlocker.com

webapi.threatlocker.com

webapi.h.threatlocker.com

legacyportal.threatlocker.com

legacyportal.h.threatlocker.com

legacybeta.threatlocker.com

legacybeta.h.threatlocker.com

Although the Legacy Portal is now defunct, some portal integrations may require access to the LegacyPortal/LegacyBeta links.

Instance AU1

api.threatlocker.com

api.au1.threatlocker.com

portalapi.threatlocker.com

portalapi.au1.threatlocker.com

betaapi.threatlocker.com

betaapi.au1.threatlocker.com
betaportalapi.threatlocker.com
betaportalapi.au1.threatlocker.com

webapi.threatlocker.com

webapi.au1.threatlocker.com

legacyportal.threatlocker.com

legacyportal.au1.threatlocker.com

legacybeta.threatlocker.com

legacybeta.au1.threatlocker.com

Although the Legacy Portal is now defunct, some portal integrations may require access to the LegacyPortal/LegacyBeta links.

Instance AE1

api.threatlocker.com

api.ae1.threatlocker.com

portalapi.threatlocker.com

portalapi.ae1.threatlocker.com

betaapi.threatlocker.com

betaapi.ae1.threatlocker.com
betaportalapi.threatlocker.com
betaportalapi.ae1.threatlocker.com

webapi.threatlocker.com

webapi.ae1.threatlocker.com

legacyportal.threatlocker.com

legacyportal.ae1.threatlocker.com

legacybeta.threatlocker.com

legacybeta.ae1.threatlocker.com

Although the Legacy Portal is now defunct, some portal integrations may require access to the LegacyPortal/LegacyBeta links.

Instance CA1

api.threatlocker.com

api.ca1.threatlocker.com

portalapi.threatlocker.com

portalapi.ca1.threatlocker.com

betaapi.threatlocker.com

betaapi.ca1.threatlocker.com
betaportalapi.threatlocker.com
betaportalapi.ca1.threatlocker.com

webapi.threatlocker.com

webapi.ca1.threatlocker.com

legacyportal.threatlocker.com

legacyportal.ca1.threatlocker.com

legacybeta.threatlocker.com

legacybeta.ca1.threatlocker.com

Although the Legacy Portal is now defunct, some portal integrations may require access to the LegacyPortal/LegacyBeta links.

Instance EU1

api.threatlocker.com

api.eu1.threatlocker.com

portalapi.threatlocker.com

portalapi.eu1.threatlocker.com

betaapi.threatlocker.com

betaapi.eu1.threatlocker.com
betaportalapi.threatlocker.com
betaportalapi.eu1.threatlocker.com

webapi.threatlocker.com

webapi.eu1.threatlocker.com

legacyportal.threatlocker.com

legacyportal.eu1.threatlocker.com

legacybeta.threatlocker.com

legacybeta.eu1.threatlocker.com

Although the Legacy Portal is now defunct, some portal integrations may require access to the LegacyPortal/LegacyBeta links.

Instance FR1/FedRAMP

api.fr1.threatlocker.com

api.threatlockerfed.com

portalapi.fr1.threatlocker.com

portalapi.threatlockerfed.com

betaportalapi.fr1.threatlocker.com

betaportalapi.threatlockerfed.com

webapi.fr1.threatlocker.com

Webapi.threatlockerfed.com

legacyportal.threatlockerfed.com

portal.threatlockerfed.com

Beta.threatlockerfed.com

Although the Legacy Portal is now defunct, some portal integrations may require access to the LegacyPortal link.

Instance SA1

api.threatlocker.com

api.sa1.threatlocker.com

portalapi.threatlocker.com

portalapi.sa1.threatlocker.com

betaapi.threatlocker.com

betaapi.sa1.threatlocker.com
betaportalapi.threatlocker.com
betaportalapi.sa1.threatlocker.com

webapi.threatlocker.com

webapi.sa1.threatlocker.com

legacyportal.threatlocker.com

legacyportal.sa1.threatlocker.com

legacybeta.threatlocker.com

legacybeta.sa1.threatlocker.com

Although the Legacy Portal is now defunct, some portal integrations may require access to the LegacyPortal/LegacyBeta links.

Required FQDNs

These are required to permit, regardless of what instance you are in.

These links will provide you with Portal access:

portal.threatlocker.com

beta.threatlocker.com

These links will ensure machines are up-to-date with the latest definitions and policies:

apps.threatlocker.com

core.threatlocker.com
corecdn.threatlocker.com

corecdn_us.threatlocker.com

corecdn_jordan.threatlocker.com

insights.threatlocker.com

linuxapps.threatlocker.com

macapps.threatlocker.com
updates.threatlocker.com
upload.threatlocker.com

These links will provide access to our Testing Environment:

vm.testenv.threatlocker.com

vm2.testenv.threatlocker.com

vmapi.testenv.threatlocker.com

vmapi2.testenv.threatlocker.com

vmconsole.testenv.threatlocker.com

vmconsole2.testenv.threatlocker.com

Additional Hostnames relating to our Cyber Hero LiveChat

Please also add our third-party chat resource to your list of exclusions to prevent any potential issues related to using our Cyber Hero chat system. They are as follows:

*.cdn.livechatinc.com

*.livechat.com

*.livechatinc.com

*.livechat-static.com

*.recurly.com

Our LiveChat widget also utilizes JavaScript; please ensure this is enabled on your browser before initiating a chat.

By IP Addresses

If you cannot allow by hostname or adding by hostname does not result in positive changes, you must allow the following IP ranges.

Please note that IPs are subject to change based on our web service provider.

Canada
- 155.204.122.96/28
- 38.22.73.99/28
Chicago
- 38.99.229.32/28
- 184.105.26.128/27
Orlando
- 71.74.165.193/26
- 38.77.143.0/24
- 71.74.166.193/26
- 71.74.165.193/26
- 71.74.161.193/26
Dublin
- 149.5.35.0/24
- 84.207.211.144/28
Virginia
- 38.68.197.0/24
- 148.51.137.160/27
Australia
- 175.45.118.80/28
- 60.242.12.32/28
Saudi Arabia
- 34.1.56.105
- 34.1.50.186