This notice is intended for customers who have configured allow-lists for Global Threat Intelligence (GTI) IP addresses.
Be advised that certain GTI IP addresses have recently been decommissioned and are no longer in use. The Thrive Knowledge Base article linked below has been updated to reflect the complete and current list of GTI IP addresses, including those that have been decommissioned:
Connecting to Global Threat Intelligence (GTI)
As GTI is a globally hosted cloud service, Trellix recommends allowing all published GTI IP addresses to ensure uninterrupted service. If your organization enforces strict outbound traffic controls, we strongly recommend allowing GTI traffic based on the destination host name.
If allowing traffic by destination host name is not feasible due to technical constraints, ensure that outbound access is permitted to all listed Public Cloud resource IPv4 addresses and IPv6 CIDR blocks. The Knowledge Base article referenced above contains the up-to-date list of all IP addresses required for GTI connectivity.
Note: To receive information about product updates, sign up for the Support Notification Service.
For instructions, see the Thrive Portal User Guide and navigate to Profile and Settings > My Settings > Manage Support Notification Services (SNS) subscription preferences.