Allow Resource Connector Traffic to Secure Access
Your firewall must allow the organization's resource connectors to reach the destinations that are listed on this page. All connections are outbound from your network.
Region-Specific Destinations
Allow traffic to the applicable regional destination FQDNs or addresses on UDP/443 (DTLS) and TCP/443 (TLS).
| Continent | Region | FQDN | Resolves To |
|---|---|---|---|
| Africa | Africa (South Africa) | prod.afs1.acgw.sse.cisco.com | 151.186.161.0/24 |
| Asia | Asia Pacific (Hong Kong) | prod.ape1.acgw.sse.cisco.com | 151.186.169.0/24 |
| Asia Pacific (Jakarta) | prod.apse3.acgw.sse.cisco.com | 151.186.205.0/24 | |
| Asia Pacific (Osaka) | prod.apne3.acgw.sse.cisco.com | 151.186.170.0/24 | |
| Asia Pacific (Singapore) | prod.apse1.acgw.sse.cisco.com | 151.186.195.0/24 | |
| Asia Pacific (Tokyo) | prod.apne1.acgw.sse.cisco.com | 151.186.193.0/24 | |
| India (South) | prod.aps2.acgw.sse.cisco.com | 151.186.166.0/24 | |
| India (West) | prod.aps1.acgw.sse.cisco.com | 151.186.194.0/24 | |
| Israel (Tel Aviv) | prod.ilc1.acgw.sse.cisco.com | 151.186.203.0/24 | |
| Middle East (UAE) | prod.mec1.acgw.sse.cisco.com | 151.186.171.0/24 | |
| Australia | Sydney | prod.apse2.acgw.sse.cisco.com | 151.186.196.0/24 |
| Europe | Germany | prod.euc1.acgw.sse.cisco.com | 151.186.197.0/24 |
| Stockholm | prod.eun1.acgw.sse.cisco.com | 151.186.162.0/24 | |
| Switzerland (Zurich) | prod.euc2.acgw.sse.cisco.com | 151.186.207.0/24 | |
| United Kingdom | prod.euw2.acgw.sse.cisco.com | 151.186.198.0/24 | |
| North America | Canada (Central) | prod.cac1.acgw.sse.cisco.com | 151.186.206.0/24 |
| US (Pacific Northwest) | prod.usw2.acgw.sse.cisco.com | 151.186.192.0/24 | |
| US (Virginia) | prod.use1.acgw.sse.cisco.com | 151.186.199.0/24 | |
| South America | Brazil | prod.sae1.acgw.sse.cisco.com | 151.186.168.0/24 |
Destinations For All Regions
Allow outbound traffic to all of the listed destinations.
| FQDN | Resolves To | Port and Protocol |
|---|---|---|
| us.repo.acgw.sse.cisco.com | 44.219.201.178 3.216.0.64 52.25.242.148 52.43.27.33 | TCP/443 |
| me.repo.acgw.sse.cisco.com | 51.17.119.174 51.16.220.207 157.241.89.41 15.184.106.65 | TCP/443 |
| eu.repo.acgw.sse.cisco.com | 3.69.139.181 3.65.114.4 13.43.63.69 18.132.151.163 | TCP/443 |
| ap.repo.acgw.sse.cisco.com | 13.114.55.164 57.181.78.26 52.64.179.81 52.65.178.47 | TCP/443 |
| us.controller.acgw.sse.cisco.com | 54.188.111.4 35.165.184.17 54.152.122.37 3.211.159.37 | TCP/443 |
| eu.controller.acgw.sse.cisco.com | 35.156.127.26 52.57.119.242 18.135.181.212 18.135.254.39 | TCP/443 |
| ap.controller.acgw.sse.cisco.com | 3.105.121.195 13.211.184.71 54.199.90.120 18.178.227.126 | TCP/443 |
| api.sse.cisco.com | 146.112.59.20 | TCP/443 |
| prod.acme.sse.cisco.com | TCP/443 | |
| ssepki.cryptosvcs.cisco.com | TCP/80 | |
| prod-us-east-1-starport-layer-bucket.s3.us-east-1.amazonaws.com | TCP/443 | |
| prod-us-west-2-starport-layer-bucket.s3.us-west-2.amazonaws.com | TCP/443 | |
| prod-eu-central-1-starport-layer-bucket.s3.eu-central-1.amazonaws.com | TCP/443 | |
| prod-eu-west-2-starport-layer-bucket.s3.eu-west-2.amazonaws.com | TCP/443 | |
| prod-ap-northeast-1-starport-layer-bucket.s3.ap-northeast-1.amazonaws.com | TCP/443 | |
| prod-ap-southeast-2-starport-layer-bucket.s3.ap-southeast-2.amazonaws.com | TCP/443 | |
| prod-il-central-1-starport-layer-bucket.s3.il-central-1.amazonaws.com | TCP/443 | |
| prod-me-south-1-starport-layer-bucket.s3.me-south-1.amazonaws.com | TCP/443 | |
| index.docker.io | TCP/443 | |
| docker.io | TCP/443 | |
| auth.docker.io | TCP/443 | |
| cdn.auth0.com | TCP/443 | |
| login.docker.com | TCP/443 | |
| hub.docker.com | TCP/443 | |
| registry-1.docker.io | TCP/443 | |
| production.cloudflare.docker.com | TCP/443 | |
| docker-images-prod.r2.cloudflarestorage.com | TCP/443 |
Requirements and Prerequisites for Resource Connectors and Connector Groups < Allow Resource Connector Traffic to Secure Access > Add Resource Connector Groups
Updated 7 days ago