Your device connects to our systems to retrieve its settings, send detections, and more. Please make sure your firewall allows the device to make the following connections.
Base requirements
Our platform mostly uses port 443 HTTPS/TCP to setup connections. Make sure you allow the following IP addresses/ranges in your firewall
136.144.211.175
136.144.214.74
84.247.13.148
34.90.7.211
CloudFlare IP ranges (visit https://www.cloudflare.com/en-gb/ips/)
DNS & Network check
Your device utilizes DNS to retrieve the IP addresses to connect with. By default your device will use one of these DNS servers combined with port 53 UDP or ICMP:
8.8.8.8
1.1.1.1
193.110.81.0
185.253.5.0
Your own (internal DNS) servers
NTP Time servers
Your device connects with NTP Time servers to keep the time synchronized. It will connect to nl.pool.ntp.org on port 123 UDP.
Error tracking servers
Our software utilizes error tracking software to notify SecurityHive engineers of errors/bugs occurred. It helps them to resolve issues before you note them, and help them in resolving any issues you experience.
It's not required to allow traffic to our error tracking services, but we highly recommend to allow this traffic on port 443 HTTPS/TCP:
34.120.62.213
130.211.36.74
DNS Guard
Customers using DNS Guard are recommended to whitelist traffic to *.securityhive-dns.com, and disable SSL inspection, especially on FortiGate firewalls.
*.securityhive-dns.com (HTTPS / DNS over HTTPS on port 443/TCP)
34.90.52.56 (port 53 UDP)
35.204.252.18 (port 53 UDP)
External Scanner Platform (Full allow)
If you use our External Scanner Platform in one of your schedules to scan your targets, you'll need to allow these IP addresses in your firewall to prevent security measures from blocking our scans:
34.34.16.74
34.90.48.174
34.32.215.5
Firewall Alias
Don't want to enter all IP addresses manually? Some firewalls support retrieving IP-addresses from DNS records. Just whitelist fwalias.securityhive.io in your firewall & use the URL list from CloudFlare. It contains all necessary IP addresses as A- and AAAA-record's. You don't have to make any changes if SecurityHive changes its IP addresses in the future.
Note: traffic itself won't flow to fwalias.securityhive.io itself but to the IP-adresses in the A- and AAAA-records of fwalias.securityhive.io
Troubleshooting connectivity issues
Most networks will support SecurityHive's deployment out-of-the-box but you may experience connectivity issues even when you've created firewall rules to allow connections. Often, we see these issues related to secondary security measures like HTTPS inspection, web filters, IDS/IPS or other solutions.
General
Ensure HTTPS inspection/scanning is disabled for the SecurityHive appliance. It will break connectivity to SecurityHive's servers as the chain of trust would be broken.
Sophos
Go to Protect >> Web >> Protection >> Click on Advance. Make sure Block unrecognized SSL protocols is not enabled or is ignored for the SecurityHive appliance.
Add an exception for traffic containing securityhive.io, securityhive.nl and securityhive-dns.com as destination: Sophos knowledgebase: Add an exception
Check if your IPS is triggering: Sophos knowledgebase: Troubleshoot port-agnostic inspection of decrypted HTTPS traffic
FortiNet / FortiGate
If you are using a FortiGate you may see the above log entry. It blocks HTTP Proxy traffic in its Application Control. Allow this traffic in order to make your device work.