cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4605
Views
5
Helpful
3
Replies

AMP Update IPs

ross
Level 1
Level 1

Our client only wants to allow connections to the AMP update server and no other website or network.

Could anyone provide the list of IPs it needs to connect to to get updates to signatures and patch updates?

3 Replies 3

ankojha
Level 3
Level 3

Hi,

You can find the url which list the ip and ports for fireamp connections:

http://www.cisco.com/c/en/us/support/docs/security/sourcefire-amp-appliances/118121-technote-sourcefire-00.html

Thanks,

Ankita

I just posted a topic similar to this. SourceFire is in the process of updating their cloud servers to new IP's/Hostnames. Below is a list of the new IP's that AMP will be using.

23.23.197.169

23.23.198.191

23.23.224.83

50.16.244.193

52.0.55.209

52.2.63.194

52.2.128.246

52.3.149.24

52.3.178.163

52.3.190.47

52.4.98.101

52.4.151.41

52.4.245.162

52.4.246.178

52.5.92.125

52.6.103.57

52.6.197.200

52.20.14.163

52.20.123.238

52.20.141.147

52.21.52.149

52.21.117.50

52.21.134.210

52.22.64.192

52.22.156.183

52.23.13.34

52.23.16.199

52.23.73.146

52.23.87.4

52.23.107.89

52.23.134.105

52.23.140.222

52.70.11.137

52.70.13.27

52.70.35.37

52.70.47.45

52.70.56.136

52.70.58.10

52.70.59.59

52.70.59.121

52.70.60.74

52.70.61.174

52.70.61.181

52.70.61.193

52.70.63.25

54.83.45.221

54.88.208.235

54.221.210.7

54.221.255.190

54.225.226.117

54.225.227.9

54.225.227.30

54.225.227.45

54.225.227.105

54.225.228.145

54.225.228.166

54.225.228.244

54.227.247.102

107.20.158.55

107.20.203.8

107.20.229.191

107.20.234.220

107.21.212.157

107.21.217.202

107.21.218.60

128.177.8.0/24

174.129.203.65

STUART RUSSELL
Level 1
Level 1

An issue with the IP address list that there seems to have been additions over time and if you aren't constantly monitoring then you'll miss some.  I built a squid proxy in the DMZ just for AMP (and some infrastructure devices) with a whitelist that only allow specific domains (e.g. sourcefire.com)(had to allow a few IPs here also).