Fortinet Document Library

Version:


Table of Contents

User Guide

Download PDF
Copy Link

Restricting direct traffic & allowing FortiWeb Cloud IP addresses

Restricting direct traffic

Once you complete setting up FortiWeb Cloud, configure your application servers to only accept traffic from FortiWeb Cloud IP addresses.

  • If CDN is enabled, make sure to accept traffic from all the IP addresses listed in the following tables, including the service management IPs and the scrubbing centers' IPs.
  • If CDN is not enabled, configure to accept traffic from the service management IPs and the scrubbing center assigned to your application server.

However, it's recommended to accept traffic from all the following IP addresses, so that you don't need to go back and accept more IP addresses if you change the CDN status from disabled to enabled.

To know which scrubbing centers are assigned to your application, see How does FortiWeb Cloud choose regions?

Allowing FortiWeb Cloud IP addresses

If you have deployed a DDoS device or system in your environment, it's most likely that FortiWeb Cloud's behavior will be detected as DDoS attacks, because all the requests arriving at your application server have FortiWeb Cloud's IP addresses as their source IP addresses.

To avoid this, highly recommend you to add FortiWeb Cloud IP addresses to the allowlist of your DDoS device or system.

The IP addresses labeled offline in the following tables are backup IP addresses, which can be used when the other IP addresses fail to work.

FortiWeb Cloud service management IP

The IP addresses of FortiWeb Cloud's services interacting with your application server

3.123.68.65
3.226.2.163

 

FortiWeb Cloud scrubbing centers on AWS

 

IPv4 addresses

IPv6 addresses

ap-southeast-1: Asia Pacific (Singapore)

54.179.22.186

18.140.21.233

54.179.24.5 (offline)

18.136.170.71

13.214.45.126

13.250.74.198 (offline)

2406:da18:ad1:1101:da8c:5ad5:b55e:5f54

2406:da18:ad1:1102:4019:44c9:e3ab:b2f6

2406:da18:ad1:1101:f02a:f879:a93f:596f (offline)

2406:da18:ad1:1101:b6ad:34de:de05:5ef3

2406:da18:ad1:1102:9a1c:767e:1e67:4763

2406:da18:ad1:1101:1fb2:25ab:77f1:42e4 (offline)

ap-southeast-2: Asia Pacific (Sydney)

13.236.106.64

13.237.77.127

13.238.166.58 (offline)

13.237.159.2

54.79.207.53

3.104.137.76 (offline)

2406:da1c:607:e201:df9c:6ba:4f89:6fd9

2406:da1c:607:e202:a298:e79a:d84b:cabc

2406:da1c:607:e201:9a4e:cee1:952f:9643 (offline)

2406:da1c:607:e201:dbc1:8ad8:624d:f906

2406:da1c:607:e202:30fe:b581:362b:e8b2

2406:da1c:607:e201:6317:19b6:9504:2d77 (offline)

ap-south-1:Asia Pacific (Mumbai)

15.207.198.87

15.206.52.49

13.234.180.157 (offline)

2406:da1a:31:d501:50e1:400b:5699:2427

2406:da1a:31:d502:c14e:dcc9:5307:e359

2406:da1a:31:d501:5ada:b92:7c3f:b689 (offline)

ca-central-1: Canada (Central)

52.60.112.90

99.79.174.29

35.182.163.10 (offline)

3.97.158.98

3.97.249.50

3.98.118.237 (offline)

2600:1f11:8c:9101:250e:bf5a:6646:e527

2600:1f11:8c:9102:abb2:7f29:6f98:ea53

2600:1f11:8c:9101:8b0d:f48a:d5f9:2bd6 (offline)

2600:1f11:8c:9101:eb3:39f1:1815:884e

2600:1f11:8c:9102:411d:63f2:e5b4:5209

2600:1f11:8c:9101:62aa:927:70dd:acfa (offline)

eu-central-1: Europe (Frankfurt)

3.121.49.99

3.120.253.91

35.158.86.155 (offline)

18.192.229.245

18.192.220.216

18.192.172.36 (offline)

18.192.64.32

3.125.233.133

3.64.105.7 (offline)

2a05:d014:f3c:6c01:cf53:8a1:630:517e

2a05:d014:f3c:6c02:30e:dcf4:4b91:8e01

2a05:d014:f3c:6c01:b446:974e:8fa3:7763 (offline)

2a05:d014:f3c:6c01:8571:cefb:8d43:6d3c

2a05:d014:f3c:6c02:2712:69b4:cf65:e99e

2a05:d014:f3c:6c01:1ede:7006:ef0b:1344 (offline)

2a05:d014:f3c:6c01:99d0:8c50:ae51:99ac

2a05:d014:f3c:6c02:58:3e12:a98a:df9f

2a05:d014:f3c:6c01:55bc:c559:8bb1:11e0 (offline)

eu-west-1: Europe (Ireland)

54.72.157.51

52.214.147.155

52.18.252.148 (offline)

54.78.90.129

54.217.132.119

52.18.74.99 (offline)

2a05:d018:77c:d901:e1bc:f536:85bb:5caa

2a05:d018:77c:d902:f60f:e089:c3ca:3743

2a05:d018:77c:d901:cddc:64eb:ca74:df58 (offline)

2a05:d018:77c:d901:4f37:924f:6ea2:5952

2a05:d018:77c:d902:6605:9bef:2ca3:f220

2a05:d018:77c:d901:550f:2833:9dbd:362c (offline)

eu-west-2: Europe (London)

18.130.214.145

3.9.251.147

52.56.104.60 (offline)

18.134.173.119

52.56.112.105

35.178.16.146 (offline)

2a05:d01c:64d:7001:5b0c:f5e1:f737:b883

2a05:d01c:64d:7002:e25b:55e:1564:21fd

2a05:d01c:64d:7001:4c4f:864d:e27a:c7c9 (offline)

2a05:d01c:64d:7001:7f27:28fe:f43b:e55b

2a05:d01c:64d:7002:a0b0:a076:53b2:31e3

2a05:d01c:64d:7001:b99d:28b6:db62:e2bd (offline)

eu-west-3: Europe (Paris)

35.181.28.236

52.47.112.113

35.180.167.124 (offline)

13.36.206.34

15.188.2.107

13.36.73.191 (offline)

2a05:d012:c22:9a01:77e0:8f18:fb7e:fb1e

2a05:d012:c22:9a02:fa49:295e:27d5:1821

2a05:d012:c22:9a01:ed96:fd0a:34e2:a16a (offline)

2a05:d012:c22:9a01:d23a:98af:1e6c:c9fb

2a05:d012:c22:9a02:fc4a:2226:47cd:66f5

2a05:d012:c22:9a01:94d3:5dbc:e470:7b9f (offline)

eu-south-1: Europe (Milan)

15.161.173.116

15.161.10.152

15.161.24.119 (offline)

15.161.215.247

15.161.76.114

15.160.42.32 (offline)

2a05:d01a:9f2:1701:bd84:9314:f93:b2f

2a05:d01a:9f2:1702:aca5:5d4d:1995:50d

2a05:d01a:9f2:1701:3e5:91fb:2690:b114 (offline)

2a05:d01a:9f2:1701:4d5b:f1a8:d291:5a84

2a05:d01a:9f2:1702:8e71:e939:c954:1608

2a05:d01a:9f2:1701:75ab:6622:8788:fdb2 (offline)

us-east-1: US East (N. Virginia)

3.226.118.124

3.210.115.14

3.226.15.207 (offline)

54.144.250.206

23.21.42.132

54.243.58.76 (offline)

34.233.191.126

54.198.165.25

3.93.159.67 (offline)

2600:1f18:1492:1701:5ebe:2322:bb2e:1c87

2600:1f18:1492:1702:af7a:a957:dd53:be07

2600:1f18:1492:1701:bea8:2dfb:134b:cb10 (offline)

2600:1f18:1492:1701:b42b:c8b6:9d9b:5752

2600:1f18:1492:1702:eebf:68e3:7e83:a9a6

2600:1f18:1492:1701:cb6a:5087:57a9:5859 (offline)

2600:1f18:1492:1701:6910:cfcf:2f0a:9102

2600:1f18:1492:1702:d556:77ec:34ad:4cbb

2600:1f18:1492:1701:85ff:7a07:bbbb:6f39 (offline)

us-east-2: US East (Ohio)

3.19.24.89

3.13.39.239

13.58.242.53 (offline)

2600:1f16:160:aa01:f753:ce95:4466:884f

2600:1f16:160:aa02:d842:2cf8:964c:b004

2600:1f16:160:aa01:b00d:d15d:7c00:91a4 (offline)

us-west-1: US West (N. California)

13.56.33.144

52.52.208.2

54.219.141.194 (offline)

52.8.219.206

52.9.219.121

54.215.20.148 (offline)

2600:1f1c:b97:d801:6efe:3295:e11a:e6b

2600:1f1c:b97:d802:d788:18f9:b8e3:a981

2600:1f1c:b97:d801:ca83:e901:3c2:e1fe (offline)

2600:1f1c:b97:d801:ff83:8b03:7a29:5981

2600:1f1c:b97:d802:fe8f:1a5d:5d1:1c6b

2600:1f1c:b97:d801:fd1b:8346:e92e:466b (offline)

us-west-2: US West (Oregon)

54.70.126.22

54.186.80.150

52.24.28.88 (offline)

35.160.55.58

44.241.247.81

52.37.161.224 (offline)

2600:1f14:b5a:da01:d056:d959:eb59:49e2

2600:1f14:b5a:da02:88c1:8365:8baf:677

2600:1f14:b5a:da01:d229:2c4d:a6bf:59aa (offline)

2600:1f14:b5a:da01:a32:4cac:f337:9c00

2600:1f14:b5a:da02:5a8e:d30:ff37:18a9

2600:1f14:b5a:da01:c9ac:e531:128b:ae2c (offline)

sa-east-1:South America (Sao Paulo)

54.207.7.119

18.231.48.25

18.230.158.104 (offline)

54.207.227.252

177.71.170.92

54.232.72.181 (offline)

2600:1f1e:653:3201:e41:9bc0:8071:cec0

2600:1f1e:653:3202:2261:f67:9605:ebbe

2600:1f1e:653:3201:5e6d:df39:2a93:cba6 (offline)

2600:1f1e:653:3201:eac8:161d:c0a:6915

2600:1f1e:653:3202:3615:6e2c:7b0c:85c9

2600:1f1e:653:3201:d1a5:34ae:e023:be2d (offline)

 

FortiWeb Cloud scrubbing centers on Azure

West Europe

52.149.70.62

52.149.99.16

52.149.99.28 (offline)

20.86.129.248

20.86.49.155

20.86.49.12 (offline)

West US2

40.90.196.194

40.90.208.131

40.90.208.130 (offline)

East US

40.90.225.162

40.90.250.88

40.90.250.63 (offline)

52.151.250.58

20.62.192.27

20.62.193.117 (offline)

East US2

20.69.235.177

20.81.153.33

20.81.153.78 (offline)

Australia East

20.70.160.47

20.70.152.97

20.70.152.115 (offline)

Brazil South (São Paulo State)

20.195.163.139

20.197.225.122

20.197.226.167 (offline)

 

FortiWeb Cloud scrubbing centers on Google Cloud

us-west1 (Oregon)

34.83.129.59

34.82.233.199

35.230.95.77 (offline)

us-east1 (South Carolina)

34.74.199.185

35.227.112.86

34.74.124.56 (offline)

europe-west3 (Frankfurt)

35.242.209.119

35.242.218.171

35.246.255.49 (offline)

 

FortiWeb Cloud scrubbing centers on OCI

US East (Ashburn)

193.122.181.94

129.159.75.103

129.159.74.168 (offline)

US West (Phoenix)

158.101.43.252

158.101.43.253

129.146.233.205 (offline)

Germany Central (Frankfurt)

158.101.176.179

193.122.55.66

132.145.248.29 (offline)

 

Restricting direct traffic & allowing FortiWeb Cloud IP addresses

Restricting direct traffic

Once you complete setting up FortiWeb Cloud, configure your application servers to only accept traffic from FortiWeb Cloud IP addresses.

  • If CDN is enabled, make sure to accept traffic from all the IP addresses listed in the following tables, including the service management IPs and the scrubbing centers' IPs.
  • If CDN is not enabled, configure to accept traffic from the service management IPs and the scrubbing center assigned to your application server.

However, it's recommended to accept traffic from all the following IP addresses, so that you don't need to go back and accept more IP addresses if you change the CDN status from disabled to enabled.

To know which scrubbing centers are assigned to your application, see How does FortiWeb Cloud choose regions?

Allowing FortiWeb Cloud IP addresses

If you have deployed a DDoS device or system in your environment, it's most likely that FortiWeb Cloud's behavior will be detected as DDoS attacks, because all the requests arriving at your application server have FortiWeb Cloud's IP addresses as their source IP addresses.

To avoid this, highly recommend you to add FortiWeb Cloud IP addresses to the allowlist of your DDoS device or system.

The IP addresses labeled offline in the following tables are backup IP addresses, which can be used when the other IP addresses fail to work.

FortiWeb Cloud service management IP

The IP addresses of FortiWeb Cloud's services interacting with your application server

3.123.68.65
3.226.2.163

 

FortiWeb Cloud scrubbing centers on AWS

 

IPv4 addresses

IPv6 addresses

ap-southeast-1: Asia Pacific (Singapore)

54.179.22.186

18.140.21.233

54.179.24.5 (offline)

18.136.170.71

13.214.45.126

13.250.74.198 (offline)

2406:da18:ad1:1101:da8c:5ad5:b55e:5f54

2406:da18:ad1:1102:4019:44c9:e3ab:b2f6

2406:da18:ad1:1101:f02a:f879:a93f:596f (offline)

2406:da18:ad1:1101:b6ad:34de:de05:5ef3

2406:da18:ad1:1102:9a1c:767e:1e67:4763

2406:da18:ad1:1101:1fb2:25ab:77f1:42e4 (offline)

ap-southeast-2: Asia Pacific (Sydney)

13.236.106.64

13.237.77.127

13.238.166.58 (offline)

13.237.159.2

54.79.207.53

3.104.137.76 (offline)

2406:da1c:607:e201:df9c:6ba:4f89:6fd9

2406:da1c:607:e202:a298:e79a:d84b:cabc

2406:da1c:607:e201:9a4e:cee1:952f:9643 (offline)

2406:da1c:607:e201:dbc1:8ad8:624d:f906

2406:da1c:607:e202:30fe:b581:362b:e8b2

2406:da1c:607:e201:6317:19b6:9504:2d77 (offline)

ap-south-1:Asia Pacific (Mumbai)

15.207.198.87

15.206.52.49

13.234.180.157 (offline)

2406:da1a:31:d501:50e1:400b:5699:2427

2406:da1a:31:d502:c14e:dcc9:5307:e359

2406:da1a:31:d501:5ada:b92:7c3f:b689 (offline)

ca-central-1: Canada (Central)

52.60.112.90

99.79.174.29

35.182.163.10 (offline)

3.97.158.98

3.97.249.50

3.98.118.237 (offline)

2600:1f11:8c:9101:250e:bf5a:6646:e527

2600:1f11:8c:9102:abb2:7f29:6f98:ea53

2600:1f11:8c:9101:8b0d:f48a:d5f9:2bd6 (offline)

2600:1f11:8c:9101:eb3:39f1:1815:884e

2600:1f11:8c:9102:411d:63f2:e5b4:5209

2600:1f11:8c:9101:62aa:927:70dd:acfa (offline)

eu-central-1: Europe (Frankfurt)

3.121.49.99

3.120.253.91

35.158.86.155 (offline)

18.192.229.245

18.192.220.216

18.192.172.36 (offline)

18.192.64.32

3.125.233.133

3.64.105.7 (offline)

2a05:d014:f3c:6c01:cf53:8a1:630:517e

2a05:d014:f3c:6c02:30e:dcf4:4b91:8e01

2a05:d014:f3c:6c01:b446:974e:8fa3:7763 (offline)

2a05:d014:f3c:6c01:8571:cefb:8d43:6d3c

2a05:d014:f3c:6c02:2712:69b4:cf65:e99e

2a05:d014:f3c:6c01:1ede:7006:ef0b:1344 (offline)

2a05:d014:f3c:6c01:99d0:8c50:ae51:99ac

2a05:d014:f3c:6c02:58:3e12:a98a:df9f

2a05:d014:f3c:6c01:55bc:c559:8bb1:11e0 (offline)

eu-west-1: Europe (Ireland)

54.72.157.51

52.214.147.155

52.18.252.148 (offline)

54.78.90.129

54.217.132.119

52.18.74.99 (offline)

2a05:d018:77c:d901:e1bc:f536:85bb:5caa

2a05:d018:77c:d902:f60f:e089:c3ca:3743

2a05:d018:77c:d901:cddc:64eb:ca74:df58 (offline)

2a05:d018:77c:d901:4f37:924f:6ea2:5952

2a05:d018:77c:d902:6605:9bef:2ca3:f220

2a05:d018:77c:d901:550f:2833:9dbd:362c (offline)

eu-west-2: Europe (London)

18.130.214.145

3.9.251.147

52.56.104.60 (offline)

18.134.173.119

52.56.112.105

35.178.16.146 (offline)

2a05:d01c:64d:7001:5b0c:f5e1:f737:b883

2a05:d01c:64d:7002:e25b:55e:1564:21fd

2a05:d01c:64d:7001:4c4f:864d:e27a:c7c9 (offline)

2a05:d01c:64d:7001:7f27:28fe:f43b:e55b

2a05:d01c:64d:7002:a0b0:a076:53b2:31e3

2a05:d01c:64d:7001:b99d:28b6:db62:e2bd (offline)

eu-west-3: Europe (Paris)

35.181.28.236

52.47.112.113

35.180.167.124 (offline)

13.36.206.34

15.188.2.107

13.36.73.191 (offline)

2a05:d012:c22:9a01:77e0:8f18:fb7e:fb1e

2a05:d012:c22:9a02:fa49:295e:27d5:1821

2a05:d012:c22:9a01:ed96:fd0a:34e2:a16a (offline)

2a05:d012:c22:9a01:d23a:98af:1e6c:c9fb

2a05:d012:c22:9a02:fc4a:2226:47cd:66f5

2a05:d012:c22:9a01:94d3:5dbc:e470:7b9f (offline)

eu-south-1: Europe (Milan)

15.161.173.116

15.161.10.152

15.161.24.119 (offline)

15.161.215.247

15.161.76.114

15.160.42.32 (offline)

2a05:d01a:9f2:1701:bd84:9314:f93:b2f

2a05:d01a:9f2:1702:aca5:5d4d:1995:50d

2a05:d01a:9f2:1701:3e5:91fb:2690:b114 (offline)

2a05:d01a:9f2:1701:4d5b:f1a8:d291:5a84

2a05:d01a:9f2:1702:8e71:e939:c954:1608

2a05:d01a:9f2:1701:75ab:6622:8788:fdb2 (offline)

us-east-1: US East (N. Virginia)

3.226.118.124

3.210.115.14

3.226.15.207 (offline)

54.144.250.206

23.21.42.132

54.243.58.76 (offline)

34.233.191.126

54.198.165.25

3.93.159.67 (offline)

2600:1f18:1492:1701:5ebe:2322:bb2e:1c87

2600:1f18:1492:1702:af7a:a957:dd53:be07

2600:1f18:1492:1701:bea8:2dfb:134b:cb10 (offline)

2600:1f18:1492:1701:b42b:c8b6:9d9b:5752

2600:1f18:1492:1702:eebf:68e3:7e83:a9a6

2600:1f18:1492:1701:cb6a:5087:57a9:5859 (offline)

2600:1f18:1492:1701:6910:cfcf:2f0a:9102

2600:1f18:1492:1702:d556:77ec:34ad:4cbb

2600:1f18:1492:1701:85ff:7a07:bbbb:6f39 (offline)

us-east-2: US East (Ohio)

3.19.24.89

3.13.39.239

13.58.242.53 (offline)

2600:1f16:160:aa01:f753:ce95:4466:884f

2600:1f16:160:aa02:d842:2cf8:964c:b004

2600:1f16:160:aa01:b00d:d15d:7c00:91a4 (offline)

us-west-1: US West (N. California)

13.56.33.144

52.52.208.2

54.219.141.194 (offline)

52.8.219.206

52.9.219.121

54.215.20.148 (offline)

2600:1f1c:b97:d801:6efe:3295:e11a:e6b

2600:1f1c:b97:d802:d788:18f9:b8e3:a981

2600:1f1c:b97:d801:ca83:e901:3c2:e1fe (offline)

2600:1f1c:b97:d801:ff83:8b03:7a29:5981

2600:1f1c:b97:d802:fe8f:1a5d:5d1:1c6b

2600:1f1c:b97:d801:fd1b:8346:e92e:466b (offline)

us-west-2: US West (Oregon)

54.70.126.22

54.186.80.150

52.24.28.88 (offline)

35.160.55.58

44.241.247.81

52.37.161.224 (offline)

2600:1f14:b5a:da01:d056:d959:eb59:49e2

2600:1f14:b5a:da02:88c1:8365:8baf:677

2600:1f14:b5a:da01:d229:2c4d:a6bf:59aa (offline)

2600:1f14:b5a:da01:a32:4cac:f337:9c00

2600:1f14:b5a:da02:5a8e:d30:ff37:18a9

2600:1f14:b5a:da01:c9ac:e531:128b:ae2c (offline)

sa-east-1:South America (Sao Paulo)

54.207.7.119

18.231.48.25

18.230.158.104 (offline)

54.207.227.252

177.71.170.92

54.232.72.181 (offline)

2600:1f1e:653:3201:e41:9bc0:8071:cec0

2600:1f1e:653:3202:2261:f67:9605:ebbe

2600:1f1e:653:3201:5e6d:df39:2a93:cba6 (offline)

2600:1f1e:653:3201:eac8:161d:c0a:6915

2600:1f1e:653:3202:3615:6e2c:7b0c:85c9

2600:1f1e:653:3201:d1a5:34ae:e023:be2d (offline)

 

FortiWeb Cloud scrubbing centers on Azure

West Europe

52.149.70.62

52.149.99.16

52.149.99.28 (offline)

20.86.129.248

20.86.49.155

20.86.49.12 (offline)

West US2

40.90.196.194

40.90.208.131

40.90.208.130 (offline)

East US

40.90.225.162

40.90.250.88

40.90.250.63 (offline)

52.151.250.58

20.62.192.27

20.62.193.117 (offline)

East US2

20.69.235.177

20.81.153.33

20.81.153.78 (offline)

Australia East

20.70.160.47

20.70.152.97

20.70.152.115 (offline)

Brazil South (São Paulo State)

20.195.163.139

20.197.225.122

20.197.226.167 (offline)

 

FortiWeb Cloud scrubbing centers on Google Cloud

us-west1 (Oregon)

34.83.129.59

34.82.233.199

35.230.95.77 (offline)

us-east1 (South Carolina)

34.74.199.185

35.227.112.86

34.74.124.56 (offline)

europe-west3 (Frankfurt)

35.242.209.119

35.242.218.171

35.246.255.49 (offline)

 

FortiWeb Cloud scrubbing centers on OCI

US East (Ashburn)

193.122.181.94

129.159.75.103

129.159.74.168 (offline)

US West (Phoenix)

158.101.43.252

158.101.43.253

129.146.233.205 (offline)

Germany Central (Frankfurt)

158.101.176.179

193.122.55.66

132.145.248.29 (offline)