Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
591
Views
2
Helpful
5
Replies

Senderbase IP to allow (firewall configuration)

Go to solution
REJR77
Level 1
Level 1

‎11-16-2023 06:47 AM

Hi,

In the ESA 15.0 documentation we have this in the firewall port definition

53

UDP/TCP

Out

DNS servers

DNS if configured to use Internet root servers or other DNS servers outside the firewall. Also for SenderBase queries.

What are exactly the IP used for Senderbase (if I need to open DNS to the outside)?

Is this still using DNS for validating IP reputation?

Thanks

 

 

Labels:
1 Accepted Solution

Accepted Solutions

Go to solution
UdupiKrishna
Cisco Employee
Cisco Employee

‎11-16-2023 09:13 PM

This is needed only if you configure ESA to use Internet root servers as the configuration. If you choose to use an internal DNS server or a known public server, this access is not required.

ESA doesn't rely on DNS servers to fetch sender base/SBRS score anymore, this logic changed in the code over a period of time.

View solution in original post

5 Replies 5

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎11-16-2023 10:16 AM

DNS servers  - here is the List of the IP address need to add to allow for the DNS queries

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
REJR77
Level 1
Level 1
In response to balaji.bandi

‎11-16-2023 11:22 AM

Hi

What are the IP you mentioned?

0 Helpful

Go to solution
UdupiKrishna
Cisco Employee
Cisco Employee

‎11-16-2023 09:13 PM

This is needed only if you configure ESA to use Internet root servers as the configuration. If you choose to use an internal DNS server or a known public server, this access is not required.

ESA doesn't rely on DNS servers to fetch sender base/SBRS score anymore, this logic changed in the code over a period of time.

Go to solution
REJR77
Level 1
Level 1
In response to UdupiKrishna

‎11-17-2023 12:03 AM

Hi,
Thanks UdupiKrishna
This is now clear for me.
I suppose ESA is now using HTTPS to Cisco services to fetch IP reputation
0 Helpful

Go to solution
UdupiKrishna
Cisco Employee
Cisco Employee
In response to REJR77

‎11-17-2023 06:06 AM

That is correct. Specifically to below list of servers

443

TCP

Out

serviceconfig.talos.cisco.com

grpc.talos.cisco.com

email-sender-ip-rep-grpc.talos.cisco.com

For IP -based firewall:

146.112.62.0/24

146.112.63.0/24

146.112.255.0/24

146.112.59.0/24

2a04:e4c7:ffff::/48

2a04:e4c7:fffe::/48

Cisco Talos Intelligence Services - to obtain IP reputation, URL reputation and category, and to send Service Logs details.
0 Helpful
Customers Also Viewed These Support Documents