Firewall IP ranges address for C160 AS-AV... updates

Unanswered Question

On our Cisco FW, we have opened tcp 80/443 flow for the sites shown below. We found IP adresses doing DNS Lookup. Unfortunately it seems IPs ares different dependeing the time / date we perform DNS lookup. Result, we didn't open enough, Updates are KO.

What are the IP ranges we should open on our FW?

Any other solution?

Many thanks in advance for the help

Sites List


80 HTTP Out                                                        Service updates, except for AsyncOS upgrades and McAfee definitions.

80 HTTP Out                                                             AsyncOS upgrades and McAfee Anti-Virus definitions.

443 TCP Out                                                                                Cisco Registered Envelope Service

443 TCP Out                                                  Verify the latest files for the update server.

443 TCP Out                                                Receive/Send Virus Outbreak


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Ferenc Hevesi Fri, 05/14/2010 - 05:49
User Badges:

KB articles #422, #994, #1020 on Ironport's support site list the required IP addresses/URLs and configuration options.

As per #422 " will be served via Akamai's servers. Due to the dynamic nature of this service, this means that the actual IP addresses will be changing constantly. The full URL remains:"

If your FW policy does not allow dynamic connections, use the static IPs/hostnames in the articles. I'd add and to your list.


This Discussion