Skip to main content
All CollectionsGeneral
Firewall information
Firewall information

Allow connections to our systems and allow your appliance to function.

Updated over 4 months ago

Your device connects to our systems to retrieve its settings, send detections, and more. Please make sure your firewall allows the device to make the following connections: SecurityHive Cloud communication, detections & statistics communication, and firmware downloads

Recommended (current)

Don't want to enter all IP addresses manually? Some firewalls support retrieving IP-addresses from DNS records. Just whitelist fwalias.securityhive.nl in your firewall. It contains all necessary IP addresses as A- and AAAA-record's. You don't have to make any changes if SecurityHive changes its IP addresses in the future.

Note: traffic itself won't flow to fwalias.securityhive.nl itself but to the IP-adresses in the A- and AAAA-records of fwalias.securityhive.nl

DNS Guard

Customers using DNS Guard are recommended to whitelist traffic to *.securityhive-dns.com and disable SSL inspection, especially on FortiGate firewalls.

  • *.securityhive-dns.com (HTTPS / DNS over HTTPS on port 443/TCP)

  • 34.90.52.56 (port 53 UDP)

  • 35.204.252.18 (port 53 UDP)

External Scanner Platform (Full allow)

If you use our External Scanner Platform in one of your schedules to scan your targets, you'll need to allow these IP addresses in your firewall to prevent security measures from blocking our scans:

  • 34.34.16.74

  • 34.90.48.174

  • 34.32.215.5

SecurityHive network (port 443/TCP)

  • 136.144.211.175

  • 136.144.214.74

  • 84.247.13.148

  • 34.90.7.211

DNS & Network check

Addresses: 8.8.8.8 / 1.1.1.1 / Your own DNS servers
โ€‹Ports: 53 (UDP) / (ICMP)

NTP Time servers

Addresses: nl.pool.ntp.org

Ports: 123 (UDP)

Error tracking servers

Addresses: 34.120.195.249
Ports: 443 (TCP)

Deprecated (legacy)

SecurityHive Cloud communication, detections & statistics communication, and firmware downloads

Addresses:

  • 178.128.143.234

  • 136.144.211.175

  • 34.90.7.211

  • 34.90.103.183

  • 134.122.63.6

  • 136.144.208.165

Ports:

  • 443 (TCP)

  • 873 (TCP)

  • 3142 (TCP)

  • 5000 (TCP)

  • 5001 (TCP)

  • 5044 (TCP)

  • 7999 (TCP)

DNS & Network check

Addresses: 8.8.8.8 / 1.1.1.1 / Your own DNS servers
โ€‹Ports: 53 (UDP) / (ICMP)

NTP Time servers

Addresses: nl.pool.ntp.org

Ports: 123 (UDP)

Error tracking servers

Addresses: 34.120.195.249
Ports: 443 (TCP)

Troubleshooting connectivity issues

Most networks will support SecurityHive's deployment out-of-the-box but you may experience connectivity issues even when you've created firewall rules to allow connections. Often, we see these issues related to secondary security measures like HTTPS inspection, web filters, IDS/IPS or other solutions.

General

  1. Ensure HTTPS inspection/scanning is disabled for the SecurityHive appliance. It will break connectivity to SecurityHive's servers as the chain of trust would be broken.

Sophos

  1. Go to Protect >> Web >> Protection >> Click on Advance. Make sure Block unrecognized SSL protocols is not enabled or is ignored for the SecurityHive appliance.

  2. Add an exception for traffic containing securityhive.io, securityhive.nl and securityhive-dns.com as destination: Sophos knowledgebase: Add an exception

  3. Check if your IPS is triggering: Sophos knowledgebase: Troubleshoot port-agnostic inspection of decrypted HTTPS traffic

FortiNet / FortiGate

fortigateappcontrol

If you are using a FortiGate you may see the above log entry. It blocks HTTP Proxy traffic in its Application Control. Allow this traffic in order to make your device work.

Related Articles
Install Virtual Appliance
Configure Portscan sensor
What is an asset?
Setup IP linking (office network)
pfSense configuration guide (external IP linking)
Did this answer your question?