When you configure VMware identity Manager with an external firewall, whitelist the IP address ranges or URLs for the following VMware Identity Manager services to provide access to that service.

Use the nslookup command or another command-line tool to query the Domain Name System to obtain the IP addresses to add to your external firewall whitelist.

Service Domain Name System Description
VMware Identity Manager Catalog catalog.vmwareidentity.com To make sure that the content of the catalog can be accessed, add the URLs from the list to the whitelist.

That content is also delivered through AWS CloudFront CDN, which maintains its own list of public IP addresses. See http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/LocationsOfEdgeServers.html.

VMware Verify vmware.authy.com


If VMware Verify is configured as an authentication method, add the URLS from these lists to the whitelist.
Hybrid KDC kdc.op.<vmwareidentity.xxx> When hybrid KDC is configured for your VMware Identity Manager on-premises operation, select one of the following domains to look up the URLS.
  • vmwareidentity.ca
  • vmwareidentity.com
  • vmwareidentity.eu
  • vmwareidentity.co.uk
  • vmwareidentity.de
  • vmwareidentity.com.au
  • vmwareidentity.asia
Updates from VMware Identity Manager vapp-updates.vmware.com To receive VMware Identity Manager updates and to download patches from the VMware Update Manager, add the URLs from the list to the whitelist.