The ZTNA Connector requires external connectivity to several endpoints depending on the location of the tenant.
For all other connections, port 443 is required.
You can verify the IP address is accessible and the port is open by running a telnet command from the connector's host:
>> telnet <IP> <PORT>
The tenants are divided into two geographical areas: USA and Europe.
Per region, the list of ZTNA fixed IP-Addresses could be found here:
- US: https://download.us-west-2.luminatesec.com/public-ips
- EU: https://download.eu-west-1.luminatesec.com/public-ips
If you are not sure where is your tenant located:
nslookup tenant_name.luminatesite.com
Locate the region in the response:
nslookup tenant_name.luminatesite.com :
xdxdxdxd.production.us-west-2.luminatesite.com
nslookup tenant_name.luminatesite.com: xdxdxdxd-5188d660a31.elb.europe-west1.luminatesite.com
Required URLs
The following URLs must be allowed by any firewalls present (for egress). The URLs are required for installing ZTNA site connectors.
http://sac-docker.packages.broadcom.com/luminate/connector (Resources (for site connectors) set to Broadcom Repository)
https://hub.docker.com/u/luminate (Resources (for site connectors) set to Docker Hub)
Note: Only one of the preceding URLs is required, depending on the repository you use for the connector deployment.
https://downloads.luminate.io (Connector upgrades)
*.luminatesec.com (ZTNA admin console)
Additional information can also be found here:
ZTNA Cloud Connector: Required Ports, Addresses, and Services