Find an Answer
Citrix SaaS products are configured to work outbound through ports 8200, 80 or 443. In a restricted environment, port 8200 can be set up for outbound connections. Our products do not listen for, nor do they require, any inbound connections. Connections outbound via port 8200 are optimal, although connections through ports 80 and 443 can also be used.
Integrated Voice over IP (VoIP) connections are configured to work outbound through UDP port 8200. Integrated webcam video support is configured through UDP port 1853.
For most firewall or proxy systems, we recommend specifying a whitelist of DNS addresses for Citrix services so outbound connections can be made. The list of Citrix domains currently includes (but is not limited to) the following:
Important Note: Changes to the firewall configuration are discouraged unless absolutely necessary because our IP ranges and those of our provider networks need to be periodically audited and modified, creating additional maintenance to your network. These changes are necessary to continue to provide the maximum performance for the Citrix SaaS family of applications. Maintenance and failover events may cause you to connect to servers within any of the ranges.
If your firewall includes a content or application data scanning filter, this may cause blocking or latency, which would be indicated in the log files for the filter. To address this problem, verify the below IP ranges will not be scanned or filtered by specifying exception IP ranges that will not be filtered. If your security policy requires you to specify explicit IP ranges, then configure your firewall to limit port 8200 or 80 or 443 destination, UDP ports 8200 and 1853 and IP addresses to only the Citrix ranges and those of our provider networks given below.
Citrix server / Datacenter IP addresses for use in firewall configurations
Equivalent specifications in 3 common formats
Range by Block
|Netmask Notation||CIDR Notation|
|Block 1||220.127.116.11 - 18.104.22.168||22.214.171.124 255.255.240.0||126.96.36.199/20|
|Block 2||188.8.131.52 - 184.108.40.206||220.127.116.11 255.255.240.0||18.104.22.168/20|
|Block 3||22.214.171.124 - 126.96.36.199||188.8.131.52 255.255.255.0||184.108.40.206/24|
|Block 4||220.127.116.11 - 18.104.22.168||22.214.171.124 255.255.255.224||126.96.36.199/27|
|Block 5||188.8.131.52 - 184.108.40.206||220.127.116.11 255.255.255.192||18.104.22.168/26|
|Block 6||22.214.171.124 - 126.96.36.199||188.8.131.52 255.255.255.0||184.108.40.206/24|
|Block 7||220.127.116.11 - 18.104.22.168||22.214.171.124 255.255.248.0||126.96.36.199/21|
|Block 8||188.8.131.52 - 184.108.40.206||220.127.116.11 255.255.224.0||18.104.22.168/19|
|Block 9||22.214.171.124 - 126.96.36.199||188.8.131.52 255.255.240.0||184.108.40.206/20|
|Block 10||220.127.116.11 - 18.104.22.168||22.214.171.124 255.255.224.0||126.96.36.199/19|
|Block 11||188.8.131.52 - 184.108.40.206||220.127.116.11 255.255.252.0||18.104.22.168/22|
|Block 12||22.214.171.124 - 126.96.36.199||188.8.131.52 255.255.192.0||184.108.40.206/18|
|Block 13||220.127.116.11 - 18.104.22.168||22.214.171.124 255.255.252.0||126.96.36.199/22|
|Block 14||188.8.131.52 - 184.108.40.206||220.127.116.11 255.255.254.0||18.104.22.168/23|
|Block 15||22.214.171.124 - 126.96.36.199||188.8.131.52 255.255.254.0||184.108.40.206/23|
|Block 16||220.127.116.11 - 18.104.22.168||22.214.171.124 255.255.224.0||126.96.36.199/19|
|Block 17||188.8.131.52 - 184.108.40.206||220.127.116.11 255.255.252.0||18.104.22.168/22|
IPv6 addresses space
Range by Block
|Classless Inter-Domain Routing (CIDR) format|
Citrix scales its services into third-party cloud and carrier networks for improved performance. To ensure continuous uptime, Citrix also maintains datacenters in San Jose, Las Vegas, Chicago, New York, Atlanta, Washington D.C., Hong Kong, Sydney, Amsterdam, Frankfurt, Bangalore and Shanghai.