Cloudaware Service Endpoints & Public IPs
This page covers outbound firewall and proxy rules for Cloudaware services.
Breeze
Outbound connectivity from Breeze Agents to the Cloudaware Breeze service is required for normal operation.
Connection Details
Hostname:
breeze-server.cloudaware.comProtocol / Port: HTTPS (
TCP 443)Public IP Address:
34.8.229.223
Allowlisting Guidance
Allowlist outbound HTTPS (
TCP 443) from all Breeze Agent hosts tobreeze-server.cloudaware.com.If your security model relies on static IPs, allowlist
34.8.229.223as the Breeze service public IP address.
TunHub
Connection Details
Hostname:
gw.tunhub.cloudaware.com,api.tunhub.cloudaware.comProtocol / Ports: HTTPS (
TCP 443,20000–21999)Public IP Addresses:
136.114.23.96,35.208.52.229
Allowlisting Guidance
Allowlist outbound HTTPS from all TunHub components to:
gw.tunhub.clodaware.com, IP136.114.23.96, ports:443,20000-21999api.tunhub.cloudaware.com, IP35.208.52.229, port443
Operational Notes
Prefer hostname-based allowlisting whenever possible. Hostname rules require fewer updates if Cloudaware rotates or expands IP ranges.
Review this page periodically as part of your baseline security review. Cloudaware may introduce additional endpoints, services, or IP addresses over time.
If your environment relies heavily on static IP allowlists, consider implementing centralized or automated firewall configuration management to streamline updates.
Document History
Version | Description | Date |
|---|---|---|
1.1 | Data about Breeze and TunHub added | 2025-12-05 |
1.0 | Initial draft | 2025-12-05 |