This guide is for organizations that use firewalls or similar technology to do any of the following:

  • Restrict network egress traffic from servers with the Cmd agent installed.
  • Restrict network egress traffic from computers that must access the Cmd web app.
  • Use a webhook receiver that can only receive from allowed senders.

The following sections list the IPs/domains that pertain to each component. Allowlist them on TCP port 443:

Servers with the agent installed

If your servers with the agent installed are protected by firewalls (or similar), allow them to access to these IPs/domains:

35.227.219.212 — c-app.cmd.com

35.233.232.175 — sosping.prod.cmdwatch.com

35.227.208.65 — sub1.c-app.cmd.com

34.107.186.66 — sub1.sos-app.cmd.com   

107.178.242.221 — sub2.c-app.cmd.com

34.102.216.99 — sub2.sos-app.cmd.com

34.107.179.63 — sub3.c-app.cmd.com

34.107.213.225 — sub3.sos-app.cmd.com

34.96.105.229 — sub4.c-app.cmd.com

35.244.135.246 — sub4.sos-app.cmd.com

34.98.116.124 — free1.c-app.cmd.com

34.107.246.54 — free1.sos-app.cmd.com

Webhook receivers

Your webhook receivers should allow https connections from the following source IPs, which Cmd uses to send webhooks:

35.247.98.125

35.227.182.53

35.230.89.107

34.83.81.183

34.83.125.135

104.196.253.145

(There are no URLs associated with these IPs).

Computers that access the web app

If the computers your team will use to access the Cmd web app are protected by firewalls (or similar), allow them to access these IPs/domains:

35.227.228.64 — accounts.app.cmd.com

130.211.24.249 — app.cmd.com

34.102.253.55 — free1.app.cmd.com

34.107.212.134 — sub1.app.cmd.com

35.227.244.218 — sub2.app.cmd.com

34.120.212.56 — sub3.app.cmd.com

35.227.209.188 — sub4.app.cmd.com

Did this answer your question?