# Configuring the firewall for Test Cloud Public Sector > For general network configuration and firewall information, refer to [Configuring the firewall](https://docs.uipath.com/test-cloud/automation-cloud/latest/admin-guide/configuring-firewall#configuring-the-firewall) For general network configuration and firewall information, refer to [Configuring the firewall](https://docs.uipath.com/test-cloud/automation-cloud/latest/admin-guide/configuring-firewall#configuring-the-firewall) ## Test Cloud Public Sector Portal The following table lists the domains used by Test Cloud Public Sector Portal: Scenario Domains to Allow UiPath Test Cloud Public Sector https://govcloud.uipath.ushttps://govcloud.uipath.us/portal_/cloudrpahttps://govcloud.uipath.us/portal_/signinwithssohttps://govcloud.uipath.us/<accountname>/https://govcloud.uipath.us/<accountname>/<tenantname>/portal Login flows (configured via SSO) https://login.microsoftonline.com Sign in with Azure Active Directory (Azure AD) https://aadcdn.msftauth.nethttps://govcloud.uipath.ushttps://login.microsoftonline.com Sign in with UiPath Assistant (basic email) *-signalr.service.signalr.net For events related to signing in with basic authentication: https://account.uipath.comhttps://govcloud.uipath.ushttps://platform-cdn.uipath.com Sign in with UiPath Studio (basic email) https://api.nuget.org*-signalr.service.signalr.nethttps://gallery.uipath.comhttps://pkgs.dev.azure.com For events related to signing in with basic authentication: https://account.uipath.comhttps://govcloud.uipath.ushttps://platform-cdn.uipath.com Static assets: Fonts, Styling and CDN hosted scripts Fonts: https://use.typekit.nethttps://fonts.gstatic.comhttps://platform-cdn.uipath.com Images: https://s.gravatar.comhttps://secure.gravatar.comhttps://*.wp.comhttps://*.googleusercontent.comhttps://i.ytimg.comhttps://platform-cdn.uipath.com CSS: https://fonts.googleapis.com/csshttps://use.typekit.nethttps://p.typekit.nethttps://platform-cdn.uipath.comhttps://staticresources.uipath.us Scripts: https://primer.typekit.nethttps://use.typekit.nethttps://platform-cdn.uipath.com Sign in via Auth0 (for EU) uipath.eu.auth0.com Update services ctldl.windowsupdate.com To configure network connections, use Microsoft documentation . App Insights / Google Tag Manager https://usgovvirginia-0.in.applicationinsights.azure.ushttps://www.googletagmanager.com/gtm.js?id=GTM-PLLP8Phttps://code.jquery.com/jquery-3.5.1.min.js :::important If you use Azure buckets, they must not be located in the tenant's region or in the failover region. ::: ### Outbound IP ranges To ensure proper functionality for UiPath services, we recommend allowing the following IPs:

52.247.128.100
52.227.65.197
52.245.221.122

## Action Center ### Domains The following table lists the domains used by Action Center that we recommend allowing, based on the functionality you plan to use: Scenario Domains to Allow Navigate to Action Center page https://govcloud.uipath.us/<accountName>/<tenantName>/actions_https://govcloud.uipath.us/<accountName>/<tenantName>/processes_https://govcloud.uipath.us/<accountName>/<tenantName>/bupproxyservice_https://uipath-acc-pgov.uipath.us ## Automation Cloud Robots - Serverless ### Static IP configuration Static IP for Cloud Robot - Serverless enables you to route outbound network traffic through a dedicated, static IP address range managed by UiPath. This allows you to whitelist or securely integrate with external systems that restrict incoming connections to known IPs. ### Configuration You can enable Static IP while [creating the Serverless template](https://docs.uipath.com/orchestrator/automation-cloud/latest/user-guide/executing-unattended-automations-with-serverless-robots#step-2-adding-serverless-robots-to-your-tenant) and going to the **Network Configuration** page. ### Availability The Stable IP feature is available for Cloud Robot - Serverless in supported regions. These static IP addresses can sometimes change as a result of infrastructure deployments. To help keep you on top of any changes, we have compiled a list of up-to-date static egress IPs, which you can check in the following tables. Table 1. Community users Region CIDR Outbound IP ranges Europe

20.191.43.0/30
20.191.42.240/30

20.191.43.0
20.191.43.1
20.191.43.2
20.191.43.3
20.191.42.240
20.191.42.241
20.191.42.242
20.191.42.243

Table 2. Enterprise users Region CIDR Outbound IP ranges Australia

20.53.170.116/30
20.53.170.208/30

20.53.170.116
20.53.170.117
20.53.170.118
20.53.170.119
20.53.170.208
20.53.170.209
20.53.170.210
20.53.170.211

United States

20.102.5.168/30
20.102.0.76/30

20.102.5.168
20.102.5.169
20.102.5.170
20.102.5.171
20.102.0.76
20.102.0.77
20.102.0.78
20.102.0.79

Japan

20.44.188.168/30
20.44.185.192/30

20.44.188.168
20.44.188.169
20.44.188.170
20.44.188.171
20.44.185.192
20.44.185.193
20.44.185.194
20.44.185.195

Europe (European Union)

20.191.46.104/30
20.191.43.60/30

20.191.46.104
20.191.46.105
20.191.46.106
20.191.46.107
20.191.43.60
20.191.43.61
20.191.43.62
20.191.43.63

## Automation Hub ### Domains The following table lists the domains used by Automation Hub: Scenario Domains to Allow Navigate to the Automation Hub page https://govcloud.uipath.ushttp://*.userpilot.iohttps://dc.services.visualstudio.comhttps://ah-prod-ts-blue-eu.uipath.comhttps://ah-prod-ts-blue-us.uipath.comhttps://ah-prod-ts-blue-ja.uipath.comhttps://ah-prod-ts-blue-au.uipath.comhttps://ah-prod-ts-blue-ca.uipath.comhttps://ah-prod-ts-blue-sea.uipath.comhttps://ah-prod-ts-blue-uk.uipath.comhttps://ah-prod-ts-blue-in.uipath.comhttps://ah-gxp-ts-blue-us.uipath.com Use OpenAPI for Automation Hub https://automation-hub.uipath.comhttp://ah-gxp-openapi-us.uipath.com Access Public Sector in Automation Hub https://govcloud.uipath.us ## Automation Ops ### Domains The following table lists the domains used by Automation Ops: Scenario Domains to Allow Navigate to the Automation Ops page https://usgovvirginia-0.in.applicationinsights.azure.ushttps://govcloud.uipath.ushttps://staticresources.uipath.us*-signalr.signalr.azure.ushttps://use.typekit.nethttps://p.typekit.net ## Data Service ### Domains The following table lists the domains used by Data Service: Scenario Domains to Allow All Data Service operations https://govcloud.uipath.us Fetching static frontend content https://staticds.uipath.us ## Document Understanding ### Domains The following table lists the domains used by Document Understanding: | Module or Scenario | Domains to Allow | | --- | --- | | Network and Storage | `https://*.uipath.us` | | Telemetry and SignalR | `https://*.azure.us` | | Public endpoints | Check the [Public endpoints](https://docs.uipath.com/document-understanding/automation-cloud-public-sector/latest/user-guide/public-endpoints) page for the full list of public endpoints URLs. | ## Insights ### Domains The following table lists the domains used by Insights: Scenario Domains to Allow Navigate to the Insights page https://govcloud.uipath.ushttps://*.lookercdn.comhttps://uipath-insights-statics.azureedge.net/https://*.looker.uipath.com/ ### Outbound static IP ranges Outbound static IP ranges allow you to add a list of IPs for the Log Export functionality to the allowlist and not open your network to all external IPs. To ensure proper performance for the Log Export functionality, make sure to add the [Outbound IP ranges](https://docs.uipath.com/test-cloud/automation-cloud/latest/admin-guide/configuring-the-firewall-for-public-sector#outbound-ip-ranges) from the **Test Cloud Public Sector Portal** section to the allowlist. Due to a limitation on Microsoft side for Log Export, you cannot set up inbound IP restriction when your Azure blob storage account and the Insights infrastructure is under the same region in Azure. Because of this, you cannot use the USGov Virginia region for the blob storage account. For more information on this limitation, check the [Restrictions for IP network rules](https://learn.microsoft.com/en-us/azure/storage/common/storage-network-security?tabs=azure-portal#restrictions-for-ip-network-rules) page from the Microsoft Azure Blob Storage documentation. ## Orchestrator ### Domains Robots send traffic to these Test Cloud Public Sector Orchestrator domains. We recommend that you allow them to ensure proper functioning of your automations, as described in the following table: Module or Functionality Domains to Allow UiPath Orchestrator https://govcloud.uipath.ushttps://orch-cdn.uipath.comhttps://account.uipath.com Automation Cloud Public Sector Robots - VM https://govcloud.uipath.ushttps://download.uipath.com Storage If using Amazon s3 buckets: *.s3.amazonaws.com Package and library feeds (library, tenant processes, and others) https://pkgs.dev.azure.com Azure SignalR *.service.signalr.net Studio and Robot auto-update functionality https://download.uipath.com Traffic Manager (internal) *.trafficmanager.net ## Process Mining ### Domains The following table lists the domains used by Process Mining: Module or Scenario Domains to Allow Identity Server https://govcloud.uipath.us Static assets https://fonts.googleapis.comhttps://fonts.gstatic.comhttps://content.usage.uipath.comhttps://s.gravatar.comhttps://i1.wp.com Azure SignalR *.signalr.azure.us Telemetry https://*.in.applicationinsights.azure.us Upload files *.blob.core.usgovcloudapi.net ## Test Manager ### Domains The following table lists the domains used by Test Manager that we recommend allowing, based on the functionality you plan to use: Module or functionality Domains to allow UiPath Test Manager https://govcloud.uipath.us Azure SignalR *.signalr.azure.us