Zscaler Private Access Firewall Whitelist

Looking for the latest changes? Changelog.

Some organizations choose to firewall or otherwise restrict outbound traffic to the Internet from the datacenter. It is possible to deploy a ZEN connector in such an environment as long as the connector is able to reach all of the Zscaler data centers containing ZPA ZENs. It is important to note that the full set of ZPA-enabled data centers must be allowed, as a partial firewall configuration will result in connectivity problems for end users.

IP Protocol Port Source Description
TCP/UDP Your Application Ports Connector Your Application Servers
TCP 53 Connector Local DNS Servers
UDP 53 Connector Local DNS Servers
UDP 123 Connector Local NTP Servers
TCP 80,443 Connector
  • https://yum.private.zscaler.com/
  • Linux repositories (to enable OS updates). Note that outbound restriction to a specific mirror, or accessing repository through a proxy, requires additional connector configuration. Please refer to configuration guide of the specific platform for details.
TCP 443 Connector, Zscaler App ANY (unrestricted outbound access to TCP 443)

Zscaler strongly recommends that connectors and the Zscaler App have unrestricted outbound access to the Internet on port 443, to ensure access to all Zscaler brokers as our infrastructure evolves and expands. However, if this best practice is not feasible in your environment and outbound Internet access restrictions must be applied with specific exemptions, the following connectivity must be permitted.

IP Protocol Port Source Domains & IPs Date Added
TCP 443 Connector, Zscaler App *.prod.zpath.net
*.private.zscaler.com
8.25.203.0/24
8.34.34.0/24
8.35.35.0/24
52.18.93.240/32
52.19.38.71/32
52.197.70.230/32
52.198.19.112/32
52.198.72.244/32
52.207.198.29/32
52.209.45.220/32
52.210.11.225/32
52.220.100.223/32
52.220.100.69/32
52.220.99.252/32
52.24.149.190/32
52.25.2.198/32
52.28.207.67/32
52.28.37.10/32
52.29.240.114/32
52.29.98.93/32
52.33.154.59/32
52.4.154.137/32
52.5.144.98/32
52.52.92.202/32
52.52.95.220/32
52.52.95.235/32
52.52.96.24/32
52.58.125.47/32
52.58.78.135/32
52.63.157.237/32
52.63.158.184/32
52.63.58.54/32
52.65.142.146/32
52.65.152.196/32
52.65.40.115/32
52.66.115.172/32
52.66.116.178/32
52.66.123.138/32
52.66.51.4/32
52.67.117.30/32
52.67.117.80/32
52.67.78.111/32
52.67.87.60/32
52.68.138.157/32
52.68.4.241/32
52.69.146.228/32
52.74.48.141/32
52.74.58.135/32
52.74.92.94/32
52.78.59.243/32
52.78.73.223/32
52.78.79.105/32
52.78.81.101/32
52.79.50.105/32
52.79.52.245/32
52.8.120.78/32
52.8.174.227/32
52.88.221.173/32
52.89.25.231/32
52.89.62.191/32
52.89.62.191/32
54.154.100.194/32
54.154.100.215/32
54.86.169.181/32
54.87.158.111/32
72.37.140.0/24
89.167.129.0/24
89.191.7.16/28
94.188.139.64/26
94.188.248.64/26
104.129.192.0/20
128.177.125.0/24
128.177.129.0/24
128.177.135.0/24
128.177.136.0/24
165.225.0.0/17
165.225.192.0/18
165.225.36.0/23
185.46.212.0/22
185.46.212.0/23
185.46.214.0/23
188.116.35.32/28
199.168.148.0/22
209.51.184.0/26
213.152.228.0/24
216.66.5.0/24
Initial Publication
TCP 443 Connector, Zscaler App *.prod.zpath.net
*.private.zscaler.com
13.59.180.7/32
13.59.141.201/32
13.59.14.90/32
13.58.243.5/32
35.182.57.197/32
35.182.72.155/32
35.182.41.239/32
35.182.113.223/32
35.176.70.72/32
35.176.178.43/32
35.176.174.248/32
35.176.170.178/32
13.64.250.38/32
40.86.176.165/32
40.86.182.64/32
40.86.183.239/32
104.45.131.108/32
104.45.128.192/32
104.45.151.52/32
104.45.148.204/32
52.169.125.252/32
13.74.157.78/32
13.79.33.253/32
40.113.92.79/32
40.68.30.189/32
23.101.72.77/32
40.68.25.125/32
23.100.7.240/32
52.175.24.162/32
52.175.26.143/32
52.175.30.139/32
52.175.29.8/32
52.187.19.12/32
52.187.23.160/32
52.187.17.199/32
52.187.66.156/32
52.240.159.223/32
52.240.157.136/32
52.240.154.114/32
52.240.155.200/32
13.65.36.86/32
13.85.19.207/32
13.65.33.5/32
13.85.78.38/32
52.173.149.37/32
52.165.218.125/32
52.173.147.246/32
52.165.216.94/32
40.84.53.118/32
13.77.82.151/32
13.77.86.84/32
13.77.82.96/32
13.71.158.244/32
13.73.1.205/32
13.78.126.65/32
13.71.159.30/32
104.215.27.73/32
104.215.31.13/32
104.215.26.115/32
104.215.26.249/32
104.41.24.112/32
104.41.26.126/32
104.41.27.137/32
104.41.31.133/32
13.75.143.33/32
13.75.136.115/32
13.75.137.223/32
13.75.143.22/32
13.70.159.20/32
13.77.5.206/32
13.70.184.227/32
13.77.7.178/32
52.172.216.84/32
52.172.209.202/32
52.172.209.243/32
52.172.209.244/32
13.71.121.83/32
52.172.50.146/32
52.172.54.58/32
52.172.53.133/32
104.211.186.221/32
104.211.187.48/32
104.211.188.142/32
104.211.188.122/32
52.237.19.166/32
52.237.21.25/32
52.233.42.219/32
52.237.30.86/32
52.242.19.28/32
52.235.43.198/32
52.235.43.151/32
52.235.43.152/32
52.161.100.200/32
52.161.97.167/32
52.161.99.87/32
52.161.97.78/32
52.183.125.224/32
52.175.255.83/32
52.229.39.139/32
52.175.208.105/32
51.141.55.81/32
51.141.42.174/32
51.141.46.82/32
51.141.43.174/32
51.140.74.255/32
51.140.122.102/32
51.140.125.127/32
51.140.114.120/32
52.231.27.82/32
52.231.26.225/32
52.231.25.14/32
52.231.34.139/32
52.231.204.27/32
52.231.201.255/32
52.231.206.16/32
52.231.202.42/32
September 2017
TCP 443 Connector, Zscaler App *.prod.zpath.net
*.private.zscaler.com
13.127.148.174/32
13.127.212.107/32
13.127.26.17/32
13.127.99.160/32
18.195.128.118/32
18.197.86.201/32
18.216.119.57/32
18.216.189.99/32
18.218.12.27/32
18.218.255.136/32
18.219.166.28/32
18.219.20.193/32
35.154.244.217/32
52.193.218.29/32
52.21.189.133/32
52.29.32.101/32
52.30.84.113/32
52.57.178.48/32
52.57.7.227/32
52.58.125.47/32
52.58.193.16/32
52.58.74.51/32
52.59.55.235/32
52.6.210.8/32
52.63.135.169/32
52.66.161.176/32
52.76.31.172/32
52.78.18.147/32
52.79.166.240/32
52.79.199.218/32
54.154.61.187/32
April 2018
TCP 443 Connector, Zscaler App *.prod.zpath.net
*.private.zscaler.com
35.180.108.229/32
35.180.12.19/32
35.180.16.134/32
35.180.49.249/32
35.180.59.62/32
35.180.59.240/32
52.47.53.30/32
52.47.207.196/32
52.47.104.132/32
52.47.109.64/32
June 2018
TCP 443 Connector, Zscaler App *.prod.zpath.net
*.private.zscaler.com
58.220.95.0/24
54.200.239.74/32
54.201.110.181/32
54.201.127.141/32
54.201.165.179/32
54.201.165.199/32
54.201.165.200/32
54.201.92.80/32
September 2018
TCP 443 Connector, Zscaler App *.prod.zpath.net
*.private.zscaler.com
13.53.102.181/32
13.53.105.156/32
13.53.115.185/32
13.53.120.157/32
13.53.141.39/32
13.53.160.23/32
13.53.163.129/32
13.53.167.43/32
13.53.58.60/32
13.53.88.9/32
54.219.164.222/32
January 2019
TCP 443 Connector, Zscaler App *.prod.zpath.net
*.private.zscaler.com
137.83.128.0/18
211.144.19.123/32
211.144.19.124/32
211.144.19.125/32
211.144.19.126/32
Feburary 2019
TCP 443 Browser Access *.zpa-auth.net
*.zpa-app.net
13.57.83.247
54.241.203.204
18.188.194.192
18.219.93.204
18.185.61.138
18.185.2.252
52.220.155.136
13.251.121.105
June 2019