This guide is for organizations that use firewalls or similar technology to do any of the following:
Restrict network egress traffic from servers with the Cmd agent installed.
Restrict network egress traffic from computers that must access the Cmd web app.
Use a webhook receiver that can only receive from allowed senders.
The following sections list the IPs/domains that pertain to each component. Allowlist them on TCP port 443:
Servers with the agent installed
If your servers with the agent installed are protected by firewalls (or similar), allow them to access to these IPs/domains:
35.227.208.65 — c-app.cmd.com
35.233.232.175 — sosping.prod.cmdwatch.com
35.227.208.65 — sub1.c-app.cmd.com
34.107.186.66 — sub1.sos-app.cmd.com
107.178.242.221 — sub2.c-app.cmd.com
34.102.216.99 — sub2.sos-app.cmd.com
34.107.179.63 — sub3.c-app.cmd.com
34.107.213.225 — sub3.sos-app.cmd.com
34.96.105.229 — sub4.c-app.cmd.com
35.244.135.246 — sub4.sos-app.cmd.com
34.120.151.227 — sub6.c-app.cmd.com
34.120.70.115 — sub6.sos-app.cmd.com
34.98.116.124 — free1.c-app.cmd.com
34.107.246.54 — free1.sos-app.cmd.com
Webhook receivers
Your webhook receivers should allow https connections from the following source IPs, which Cmd uses to send webhooks:
35.247.98.125
35.227.182.53
35.230.89.107
34.83.81.183
34.83.125.135
34.83.243.232
104.196.253.145
(There are no URLs associated with these IPs).
Computers that access the web app
If the computers your team will use to access the Cmd web app are protected by firewalls (or similar), allow them to access these IPs/domains:
35.227.228.64 — accounts.app.cmd.com
130.211.24.249 — app.cmd.com
34.102.253.55 — free1.app.cmd.com
34.107.212.134 — sub1.app.cmd.com
35.227.244.218 — sub2.app.cmd.com
34.120.212.56 — sub3.app.cmd.com
35.227.209.188 — sub4.app.cmd.com
34.120.26.222 — sub6.app.cmd.com