Cloudaware Service Endpoints & Public IPs
This page covers outbound firewall and proxy rules for Cloudaware services.
Breeze
Outbound connectivity from Breeze Agents to the Cloudaware Breeze service is required for normal operation.
Connection Details
Hostname:
breeze-server.cloudaware.comProtocol / Port: HTTPS (
TCP 443)Public IP Address:
34.8.229.223
Allowlisting Guidance
Allowlist outbound HTTPS (
TCP 443) from all Breeze Agent hosts tobreeze-server.cloudaware.com.If your security model relies on static IPs, allowlist
34.8.229.223as the Breeze service public IP address.
TunHub
TunHub connectors require outbound HTTPS access to the Cloudaware TunHub service.
Connection Details
Hostname:
gw.tunhub.cloudaware.com,api.tunhub.cloudaware.comProtocol / Port: HTTPS (
TCP 443,20000–21999)Public IP Addresses:
136.114.23.96,35.208.52.229Google Cloud Project:
tunhub(Project ID:1558855362)
Allowlisting Guidance
Allowlist outbound HTTPS (
TCP 443,20000–21999) from all TunHub components togw.tunhub.cloudaware.comandapi.tunhub.cloudaware.comIf you maintain IP-based firewall rules, allowlist the TunHub service public IPs:
136.114.23.9635.208.52.229
Operational Notes
Prefer hostname-based allowlisting whenever possible. Hostname rules require fewer updates if Cloudaware rotates or expands IP ranges.
Review this page periodically as part of your baseline security review. Cloudaware may introduce additional endpoints, services, or IP addresses over time.
If your environment relies heavily on static IP allowlists, consider implementing centralized or automated firewall configuration management to streamline updates.
Document History
Version | Description | Date |
|---|---|---|
1.1 | Data about Breeze and TunHub added | 2025-12-05 |
1.0 | Initial draft | 2025-12-05 |