Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Firewall IP ranges address for C160 AS-AV... updates


On our Cisco FW, we have opened tcp 80/443 flow for the sites shown below. We found IP adresses doing DNS Lookup. Unfortunately it seems IPs ares different dependeing the time / date we perform DNS lookup. Result, we didn't open enough, Updates are KO.

What are the IP ranges we should open on our FW?

Any other solution?

Many thanks in advance for the help

Sites List


80 HTTP Out                                                        Service updates, except for AsyncOS upgrades and McAfee definitions.

80 HTTP Out                                                             AsyncOS upgrades and McAfee Anti-Virus definitions.

443 TCP Out                                                                                Cisco Registered Envelope Service

443 TCP Out                                                  Verify the latest files for the update server.

443 TCP Out                                                Receive/Send Virus Outbreak


New Member

Re: Firewall IP ranges address for C160 AS-AV... updates

KB articles #422, #994, #1020 on Ironport's support site list the required IP addresses/URLs and configuration options.

As per #422 " will be served via Akamai's servers. Due to the dynamic nature of this service, this means that the actual IP addresses will be changing constantly. The full URL remains:"

If your FW policy does not allow dynamic connections, use the static IPs/hostnames in the articles. I'd add and to your list.