Solved: Senderbase IP to allow (firewall configuration)

REJR77 · ‎11-16-2023

Hi,

In the ESA 15.0 documentation we have this in the firewall port definition

53

UDP/TCP

Out

DNS servers

DNS if configured to use Internet root servers or other DNS servers outside the firewall. Also for SenderBase queries.

What are exactly the IP used for Senderbase (if I need to open DNS to the outside)?

Is this still using DNS for validating IP reputation?

Thanks

UdupiKrishna · ‎11-16-2023

This is needed only if you configure ESA to use Internet root servers as the configuration. If you choose to use an internal DNS server or a known public server, this access is not required.

ESA doesn't rely on DNS servers to fetch sender base/SBRS score anymore, this logic changed in the code over a period of time.

View solution in original post

balaji.bandi · ‎11-16-2023

DNS servers - here is the List of the IP address need to add to allow for the DNS queries

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

REJR77 · ‎11-16-2023

Hi

What are the IP you mentioned?

UdupiKrishna · ‎11-16-2023

This is needed only if you configure ESA to use Internet root servers as the configuration. If you choose to use an internal DNS server or a known public server, this access is not required.

ESA doesn't rely on DNS servers to fetch sender base/SBRS score anymore, this logic changed in the code over a period of time.

REJR77 · ‎11-17-2023

Hi,
Thanks UdupiKrishna
This is now clear for me.
I suppose ESA is now using HTTPS to Cisco services to fetch IP reputation

UdupiKrishna · ‎11-17-2023

That is correct. Specifically to below list of servers

443

TCP

Out

serviceconfig.talos.cisco.com

grpc.talos.cisco.com

email-sender-ip-rep-grpc.talos.cisco.com

For IP -based firewall:

146.112.62.0/24

146.112.63.0/24

146.112.255.0/24

146.112.59.0/24

2a04:e4c7:ffff::/48

2a04:e4c7:fffe::/48

Cisco Talos Intelligence Services - to obtain IP reputation, URL reputation and category, and to send Service Logs details.