When you configure Workspace ONE Access with an external firewall, allow-list the IP address ranges or URLs for the following Workspace ONE Access services to provide access to that service.
Use the nslookup command or another command-line tool to query the Domain Name System to obtain the IP addresses to add to your external firewall allow-list. For example, nslookup vapp-updates.vmware.com.
| Service | Domain Name System | Description |
|---|---|---|
| Workspace ONE Access Catalog | catalog.vmwareidentity.com |
To make sure that the content of the catalog can be accessed, add the URLs from the list to the allowlist. That content is also delivered through AWS CloudFront CDN, which maintains its own list of public IP addresses. See http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/LocationsOfEdgeServers.html. |
| VMware Verify | vmware.authy.com
|
If VMware Verify is configured as an authentication method, add the URLS from these lists to the allowlist. |
| Hybrid KDC | kdc.op.<vmwareidentity.xxx> |
When hybrid KDC is configured for your Workspace ONE Access on-premises operation, select one of the following domains to look up the URLS.
|
| Updates from Workspace ONE Access | vapp-updates.vmware.com |
To receive Workspace ONE Access updates and to download patches from the VMware Update Manager, add the URLs from the list to the allowlist. |
