search

cloudflare / cloudflare-docs

Cloudflare’s documentation
https://developers.cloudflare.com
Creative Commons Attribution 4.0 International
3.04k stars 4.38k forks source link

connectivity.cloudflareclient.com IP Addresses #16062

Open jamie-sandbox opened 2 months ago

jamie-sandbox commented 2 months ago

Existing documentation URL(s)

https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/deployment/firewall/#connectivity-check

What changes are you suggesting?

The documentation states the following:

“Because this check happens inside of the tunnel, you do not need to add connectivity.cloudflareclient.com to your firewall allowlist.”

This is not necessarily correct, since on a Windows system with a firewall policy where outbound traffic is blocked by default, a rule must be added to allow warp-svc.exe to generate outbound network traffic to connectivity.cloudflareclient.com.

The hostname connectivity.cloudflareclient.com currently resolves to 162.159.138.65 and 162.159.137.65. However, these IPs are not referenced or contained elsewhere within the documentation.

Please can clarification be provided? Are 162.159.138.65 and 162.159.137.65 static addresses which we can create a firewall rule for? Or are they part of a range which we need to include the entirety of? If so, what is the range?

Additional information

No response

jamie-sandbox commented 2 months ago

Resolves to 162.159.138.65 and 162.159.137.65 when queried both inside and outside of the tunnel.

Hopefully these are static. :pray: