IP Allow Keeper
IP Allow lists for Keeper network communications
Overview
This page contains information on restricting access to Keeper's communications based on end-user application access, email delivery, SIEM and Automator requests.
For enhanced security, if you have deployed a firewall or zero trust network which restricts end-user network traffic to specific services, you can add Keeper to your AllowList based on FQDN. We recommend using FQDN since some of Keeper's services use dynamic IPs.
FQDN Allow List for End-User Applications
Outbound TCP port 443 should be open to your users for the following endpoints, depending on your tenant location.
Global - All Customers
keepersecurity.com
keeper.io
gitbook.io (documentation portal)
PLUS.. add additional endpoints listed below.
US Hosted Customers
keepersecurity.com
push.services.keepersecurity.com
files.services.keepersecurity.com
connect.keepersecurity.com
US / GovCloud Hosted Customers
govcloud.keepersecurity.us
push.services.keepersecurity.us
files.services.keepersecurity.us
connect.govcloud.keepersecurity.us
EU Hosted Customers
keepersecurity.eu
push.services.keepersecurity.eu
files.services.keepersecurity.eu
connect.keepersecurity.eu
AU Hosted Customers
keepersecurity.com.au
push.services.keepersecurity.com.au
files.services.keepersecurity.com.au
connect.keepersecurity.com.au
CA / Canada Hosted Customers
keepersecurity.ca
push.services.keepersecurity.ca
files.services.keepersecurity.ca
connect.keepersecurity.ca
JP / Tokyo Hosted Customers
keepersecurity.jp
push.services.keepersecurity.jp
files.services.keepersecurity.jp
connect.keepersecurity.jp
Emails from Keeper Security
Keeper sends several types of transactional emails.
If the role enforcement policy is enabled, email invitations are sent to newly provisioned end-users via the Admin Console, Bridge or SCIM methods. The content of the email invites can be customized by the Admin in the console configurations screen.
Keeper does not send marketing communications or any other product marketing emails to enterprise end-users.
Users with Administrative rights will receive emails related to account status and billing. End-users will not receive account related emails.
The primary account owner who signs up for Keeper will receive an onboarding email and documentation links, as well as direct communication from a Keeper customer success manager.
Device verification emails (when logging into a new device) are sent to end-users for authentication purposes.
Alerts configured by the Keeper Admin in the Advanced Reporting & Alerts application can be optionally sent to end-users, but this is not activated by default.
Email Delivery
Keeper's email services are hosted with Amazon SES using dedicated IPs. To ensure that emails from Keeper Security are delivered to users with high success, we recommend ensuring that your mail filters accept email from the below FQDNs and IP Senders. Domains:
keepersecurity.com
keepersecurity.com.au
keepersecurity.eu
keepersecurity.ca
govcloud.keepersecurity.us
keepersecurity.jp
Email Sender IPs:
54.240.35.231, 54.240.35.230, 54.240.34.220, 54.240.34.131, 54.240.34.133, 54.240.34.219, 54.240.34.135, 54.240.34.132, 54.240.34.134, 54.240.35.227, 54.240.55.117, 54.240.55.118, 69.169.235.44, 69.169.235.45, 69.169.235.46, 69.169.235.47, 69.169.235.48
Canada, Japan and GovCloud regions do not currently have static IPs for Email Senders. This is coming soon.
SIEM Events and Automator Device Approvals
For customers who are receiving inbound SIEM events and Automator device approval requests from the Keeper production environment, you can lock down traffic to the below IP addresses.
US / Global
34.194.242.137/32
18.235.39.229/32
54.208.20.102/32
34.203.159.189/32
EU / Dublin
54.246.149.209/32
34.250.37.43/32
52.210.163.45/32
54.246.185.95/32
AU / Sydney
54.206.253.126/32
52.64.85.78/32
3.106.40.41/32
54.206.208.132/32
US / GovCloud
18.253.101.55/32
18.253.102.58/32
18.252.135.74/32
18.253.212.59/32
CA / Canada Hosted Customers
35.182.155.224/32
35.182.216.11/32
15.223.136.134/32
JP / Tokyo Hosted Customers
35.74.131.237/32
54.150.11.204/32
52.68.53.105/32
After external logging is established, it might be automatically put on pause if the external system becomes unavailable and the number of the events in the queue reaches a threshold of 50. If this happens, you will have to manually resume the external logging after correcting the issue. We recommend setting up an alert for the "Paused Audit log Sync" event so you get notified if the external logging is paused.
Last updated