Blocked domain error when configuring Dedicated IP address
search cancel

Blocked domain error when configuring Dedicated IP address


Article ID: 261118


Updated On:


Cloud Secure Web Gateway - Cloud SWG


Adding a domain to our Dedicated IP configuration triggers a "banned domain" error as shown below:


Why would this domain be banned, when our users can successfully access it when dedicated IP address is not enabled?


Cloud SWG Portal.

Dedicated IP address enabled.


Dedicated IPs are not supported for use with bandwidth-intensive applications. The portal disallows adding high-load applications, such as YouTube, Office 365, Windows Updates and other selected domains.


Remove the 'banned domain' from the dedicated IP address domain configuration.

Additional Information

Dedicated IP change the egress flow where requests go out with the tenant assigned IP address. Since this is a limited number of assigned IP addresses, there may be issues with TCP port exhaustion. The above banned domain handles a huge volume of API requests, which could potentially max out available TCP connections to the destination host - one egress IP address with one destination IP address will have 64k max concurrent connections so the risk of port exhaustion increases.
Our initial guidance is to use if for SaaS applications that do ACLs based on IP addresses e.g. the Microsoft Azure login domains, Okta authentication endpoints, etc. These will handle auth requests that are limited in numbers.