Knowledge Base

Showing results for 
Search instead for 
Did you mean: 

SaaS Network Requirements: IP Ranges to connect to AppDynamics SaaS Controller, Analytics and EUM

AppDynamics SaaS customers must make sure that their Agents can communicate to the AppDynamics SaaS Infrasture (including the Controller, Analytics, and EUM) from the customer's network by whitelisting certain IP ranges.


For Controller:

In a SaaS environment, various Agents communicate to the SaaS Controller to publish metrics.


These Agents can be:
1. Application Agent(Java, PHP, .Net, Python etc)
2. Machine Agent
3. Database Agent
4. WebServer Agent
5. Machine Agent
6. Analytics Agent (v4.3.onwards)


Agents need to connect to an AppDynamics Controller in order to retrieve configuration data and send back information about the monitored environment. The connection between the Agent and the Controller is a one-way connection initiated by the Agent.


To enable these Agents to communicate with a Controller, whitelist the IP range below:


Existing AppDynamics ranges: 



In addition to AppDynamics’ existing ranges, whitelist the following additional blocks or ranges of IP addresses. Due to the technical architecture of the DDoS services, the entire set of ranges must be whitelisted.


Additional IP blocks: 

• 2a02:e980::/29


Quick Reference:



Q. I already have AppDynamics whitelisted, what do I need to change?
A. If you whitelist the IP address for your AppDynamics SaaS Controller, these whitelists will need to be updated to include the new address blocks before the service is enabled for your Controller.


Q. How will I be notified of the change?
A. Customers will be notified by Customer Support once implementation for their Controller has been scheduled, not less than 72 hours before the change.


Q. What if I need more than 3 days (72 hours) to make changes to our firewall whitelist?
A. If you are impacted by the new IP ranges and need more time to implement changes within your organization, please contact our Customer Support representative or AppDynamics will work closely with your teams to make sure you receive this newly enhanced security service in a reasonable timeframe.


Note: All communication with the AppDynamics SaaS Platform is OUTBOUND-only, and only uses port 443 for HTTPS over TCP. Our customers do NOT need to allow any inbound communication from the AppDynamics SaaS Platform and our customers do NOT need to allow any other ports or protocols in order to use the AppDynamics SaaS Platform.


For more information, see the following sections App Agent Security and Machine Agent Security.


For Analytics:

SaaS customers' Analytics Agent or on-premise Controller needs to communicate with SaaS Analytics Processor in order to publish application/log events.


For the analytics capabilities of the AppDynamics SaaS Platform, needs to be whitelisted. If a customer is not comfortable with whitelisting based on DNS names, then they should be whitelisting the full IP range for the AWS UsWest2 region.




For EUM:

EUM JavaScript Agents and Mobile Agents (iOS/Android/Xamarin) send beacons to EUM Cloud Collectors, so it's expected that the end-users network should allow communication to the EUM Cloud Collectors located at


Customers with an on-premise Controller will need to whitelist the EUM Cloud Aggregator, located at


Both EUM CloudCollectors and Aggregator are hosted in AWS Region USWest2, same as Analytics.


If the customer can't whitelist based on domain, they should be whitelisting the full IP range for AWS UsWest2 region.



Version history
Revision #:
12 of 12
Last update:
2 weeks ago
Updated by:
Labels (2)