Skip to main content

What IPs do I need to add to my allowlist?

Select your scan region for the exact IPs you need to allow for scanning of your targets

Updated this week

If you’re using security technologies like an Intrusion Prevention System (IPS), Intrusion Detection System (IDS), or Web Application Firewall (WAF), they may interfere with Intruder’s scanning capabilities. To ensure accurate and uninterrupted scans, it is recommended to allowlist Intruder’s IP addresses within these systems.

⚠️ If you use Cloudflare, please follow these instructions for allowlisting

This article provides the full list of IP ranges you’ll need to configure in your security tools to avoid false positives or blocked traffic during scans.

Please note that all plans are subject to scans from the following IP range:

64.52.19.0/24

Additional IP Range for Support Purposes

In some cases, our team may run scans for technical support or manual investigation purposes. These scans may originate from the following IP range:

18.98.162.96/29

We therefore recommend allowlisting this range in addition to those listed in this article, to ensure we can fully support your account when needed.

Full list of Intruder's scanning IPs​

If you are on Essential or Cloud, you only need to allowlist one IP range:

64.52.19.0/24

Scan region

IP Ranges

Asia Pacific (Tokyo)

*64.52.19.0/24

13.115.104.128/25

35.73.219.128/25

Asia Pacific (Singapore)

*64.52.19.0/24

13.213.79.0/24

18.139.204.0/25

54.255.254.0/26

Asia Pacific (Sydney)

*64.52.19.0/24

13.210.1.64/26

3.106.118.128/25

3.26.100.0/24

Asia Pacific (Mumbai)

*64.52.19.0/24

3.108.37.0/24

Canada (Central)

*64.52.19.0/24

3.98.92.0/25

35.182.14.64/26

Europe (Ireland)

*64.52.19.0/24

3.251.224.0/24

Europe (London)

*64.52.19.0/24

18.168.180.128/25

18.168.224.128/25

3.9.159.128/25

35.177.219.0/26

Europe (Frankfurt)

*64.52.19.0/24

18.194.95.64/26

3.124.123.128/25

3.67.7.128/25

54.93.254.128/26

South America (São Paulo)

*64.52.19.0/24

15.228.125.0/24

US West

*64.52.19.0/24

13.56.21.128/25

34.223.64.0/25

35.82.51.128/25

35.86.126.0/24

35.93.174.0/24

44.242.181.128/25

US East

*64.52.19.0/24

34.201.223.128/25

44.192.244.0/24

44.206.3.0/24

54.175.125.192/26

13.59.252.0/25

18.116.198.0/24

3.132.217.0/25

Updating your scan region

The above IPs can also be found in the portal: Settings > Scans > Scan location. To view them, just select the region, but to ensure that the scans originate from there, you must hit Save scan region.

WAF detection

If we detect that a WAF is present, we'll flag it in three places:

  • Scan settings page (under scan location, see above)

  • Target's detail page:

  • Targets overview page > WAF Interference Detected

FAQs

Where should I add these IPs?

You should add the appropriate IPs to any WAF, IPS, or IDS you have enabled.

Some cloud providers might also ask you for the source IPs from which our scans will be originating. You should also consider if you have any additional DDoS Protection Systems, Web Application Firewalls, or Content Delivery Networks that could be applying IPS/IDS technology, for example, some edge routers now include this as standard.

Should I add your IPs to my perimeter firewall?

We recommend you add our scanning IPs to the allowlist in any IPS, IDS or WAFs you have enabled; but do not to give us access straight through the perimeter firewall – we don't need to see your internal systems if they aren't normally exposed – we just need to see what's normally accessible from the internet.

What about Imperva?

Imperva WAF is designed to interfere with vulnerability scanning, and this behaviour cannot be turned off with allowlisting the scanner. As such, your scan may not complete as expected or may be long-running. In this scenario, we recommend cancelling the scan, restricting scanning to ports 80 and 443 only (this can be configured in advanced settings on the scans page), and running the scan again.

What if I have assets in more than one region?

We'd recommend selecting the region where most of your targets are hosted and allowlisting the IPs for the scan region selected.

What is the purpose of an allowlist?

Our scanners rapidly check for thousands of potential weaknesses. This can sometimes trigger Intrusion Prevention Systems (IPS), resulting in our scanners being blocked. If our scanners are blocked, we can't detect any weaknesses, leaving you vulnerable to attackers who may bypass IPS detection by only probing for one flaw at a time.

Do I need to allowlist IPs for internal targets?

Typically, there aren't controls in place that would necessitate allowlisting for internal targets, but if there are in your environment, please note that any scans running on internal targets require communication with *.cloud.tenable.com, which resolves to the following IP ranges:

162.159.129.83/32 (US)
162.159.130.83/32 (US)
162.159.140.26/32 (US)
172.66.0.26/32 (US)

It is therefore advised to allow the agents installed on your targets to reach out to these IPs.


Related Articles
I need to add my web server as a target. Should I use the hostname or IP address?
My servers are load balanced. What do I do?
Unresponsive external host
How do I add Intruder's IPs to my allowlist in Cloudflare?
Targets overview page
Did this answer your question?