Knowledgebase
McAfee SaaS IP Ranges
Posted by on 10 June 2014 10:12 AM
McAfee SaaS IP Ranges
Question:

What IPs should we lock down to so that only SMTP traffic from McAfee SaaS comes through?
Answer:

 

Five to seven days after redirecting your MX Record, it is recommended that the Customer Administrator for your organization lock down your mail server(s) or create firewall rules that will ensure that only filtered mail from McAfee SaaS will be delivered to your server(s). To ensure that no mail is presented to your mail server without being processed by McAfee SaaS, you will need to restrict all IP access to your mail server with the exception of the following McAfee SaaS subnets. The McAfee SaaS preferred setting is to include the Classless Inter-Domain Routing (CIDR) for the entire Class 8 C notation. Alternate settings are also provided below.

 

The IP ranges below are used for all current McAfee SaaS products, including Web Protection and Email Archiving.

 

Preferred Setting

If your firewall solution accepts Classless Inter-Domain Routing (CIDR) and can support Class 8 C notation please include the following:

 

 

CIDR

Starting IP

Ending IP

208.65.144.0/21

208.65.144.0

208.65.151.255

208.81.64.0/21

208.81.64.0

208.81.71.255

 

Alternate Setting (1)

If your firewall solution accepts Classless Inter-Domain Routing (CIDR) and only supports Class 1 C notation, you will need to include the following entries to the entire subnet:

 

 

CIDR

Starting IP

Ending IP

208.65.144.0/24

208.65.144.0

208.65.144.255

208.65.145.0/24

208.65.145.0

208.65.145.255

208.65.146.0/24

208.65.146.0

208.65.146.255

208.65.147.0/24

208.65.147.0

208.65.147.255

208.65.148.0/24

208.65.148.0

208.65.148.255

208.65.149.0/24

208.65.149.0

208.65.149.255

208.65.150.0/24

208.65.150.0

208.65.150.255

208.65.151.0/24

208.65.151.0

208.65.151.255

208.81.64.0/24

208.81.64.0

208.81.64.255

208.81.65.0/24

208.81.65.0

208.81.65.255

208.81.66.0/24

208.81.66.0

208.81.66.255

208.81.67.0/24

208.81.67.0

208.81.67.255

  208,81.68.0/24                 208.81.68.0                      208.81.68.255

  208.81.69.0/24                 208.81.69.0                      208.81.69.255

  208.81.70.0/24                 208.81.70.0                      208.81.70.255

  208.81.71.0/24                 208.81.71.0                      208.81.71.255


Alternate Setting (2)


If your firewall solution does not accept Classless Inter-Domain Routing (CIDR) notation, you will need to include the starting and ending IP address for either the Class 8 C addresses or the Class 1C addresses which are included above.


For the 208.65.144.0/21 range, use the following:
Netmask = 255.255.248.0.  HostMin = 208.65.144.1  HostMax = 208.65.151.254

For the 208.81.64.0/21 range, use the following:
Netmask = 255.255.248.0.  HostMin = 208.81.64.1  HostMax = 208.81.71.254


ERROR: This domain name does not match domain registered in the license key file (cms.orlinpilot.com), allowed domains: support.excelmicro.com,localhost, please change the product path to match the domain under Admin CP > Settings > General Settings
This product will not work properly unless untill that value is changed.

For more information please contact Kayako support at https://my.kayako.com