Network connectivity for CloudBees Unify requires specific domains, IP addresses, and firewall configurations organized by service category and communication direction. Use this reference when configuring firewall allowlists or troubleshooting connectivity issues.
Core platform domains
Multiple CloudBees Unify capabilities use the following domains for essential platform functionality:
-
cloudbees.io: Main user interface and dashboard access. Required for all users accessing the platform via web browser.
-
api.cloudbees.io: API requests across many platform services. Required for API integrations, CLI tools, and automated platform interactions.
Feature management domains
The following domains are used specifically by feature management SDKs for flag evaluation, targeting, and analytics. Required only if your organization uses CloudBees Unify feature management capabilities.
-
rox-state.cloudbees.io: Retrieves the latest state of feature flags and customer properties. Required for SDK flag evaluation and real-time flag state updates.
-
rox-conf.cloudbees.io: Retrieves configuration and targeting rules. Required for SDK initialization and targeting logic.
-
fm-analytics.cloudbees.io: Sends flag usage and analytics data to the feature management dashboard. Required for feature flag usage analytics and reporting.
-
sdk-notification-service.cloudbees.io/sse: Server-Sent Events used by the SDK to receive live updates when flag configurations change. Protocol: Server-Sent Events over HTTPS. Required for real-time flag configuration updates. No special firewall rules required beyond general allowlisting.
Gateway IP addresses
Some CloudBees Unify features, such as webhook notifications, initiate requests from CloudBees infrastructure to customer systems. Allow inbound traffic from these specific egress/source IP addresses to receive communications from CloudBees Unify.
-
100.21.184.186: Regional gateway for US West (Oregon, us-west-2). Purpose: Inbound webhook notifications and platform-initiated communications. Protocol: HTTPS inbound on port 443.
-
54.236.193.143: Regional gateway for US East (N. Virginia, us-east-1). Purpose: Inbound webhook notifications and platform-initiated communications. Protocol: HTTPS inbound on port 443.
Deprecated IP addresses
-
52.24.30.200: Former US West gateway (deprecated). Status: Superseded by 100.21.184.186. Migration note: Remove from allowlists if previously configured.
-
54.156.242.224: Former US East gateway (deprecated). Status: Superseded by 54.236.193.143. Migration note: Remove from allowlists if previously configured.
Last updated: October 21, 2025.
Network protocol requirements
- HTTPS outbound (port 443)
-
Required for all CloudBees Unify domain communications. Applies to: All core platform and feature management domains. Direction: Customer infrastructure to CloudBees Unify services.
- HTTPS inbound (port 443)
-
Required for webhook and notification delivery. Applies to: Communications from CloudBees Unify gateway IP addresses. Direction: CloudBees Unify services to customer infrastructure. Note: Only required if using webhook notifications or similar inbound features.