Verifying a User’s Traffic is Being Secured by the Exium Service
To check if a user’s traffic is secured by the Exium service, on the user’s device, browse to https://block.speerity.net.
- When connected on Exium service, you will see a splash page with a notice “Access to the Website is Blocked”.
- If a user’s traffic is not secured by the Exium service, you will see an HTTP error in your browser “This site can’t be reached”
Source IP Anchoring
Many organizations have been utilizing IP address allowlisting on their corporate cloud apps in order to ensure additional security should a user’s credentials be compromised by a malicious actor. This allowlisting is inclusive of all egress IP addresses for your data centers and remote offices. Typically for remote users, a VPN connection is required to access private applications and also their corporate cloud applications.
With Exium, the traffic flow changes when utilizing the Exium Client or the Cyber Gateway. Because the Exium Client encrypts its connections to the Exium Cybermesh, cloud/ SaaS applications and IdP providers no longer see the corporate egress IP addresses and instead see an IP addresses for Exium’s Cybermesh.
The preferred solution is to add Exium’s Cybermesh IP addresses to your IP address allowlisting for conditional access and employ multi-factor authentication (MFA) with your IdP provider. Exium also offers Dedicated Egress IP Addresses with Secure Private Access subscription.
See below for the list of Exium’s Cybermesh shared IP addresses:
When you are connected to Exium’s Cybermesh, and check your IP using, for example, https://whatismyipaddress.com, your IP address will be one from the above lists.
Destination IP Address for Traffic from Exium Client or Cyber Gateway
Exium Client and Cyber Gateway encrypts their connections to the Cybermesh. The encrypted traffic is sent to the Cybernode the Client or Cyber Gateway is connected to. Below is a list of the “ingress” IP addresses for Exium’s Cybernodes. In cases, where the Client or Cyber Gateway traffic goes through an existing Firewall, you need to make sure the UDP ports 500 and 4500 are open for the IPSec traffic from the Cyber Gateway and the default (UDP port 51820) or custom WireGuard port is open for the Clients.
Destination IP address from your Client or Cyber Gateway
|Mumbai (2), India||188.8.131.52|
|London (2), UK||184.108.40.206|
|Mumbai (3), IN||220.127.116.11|
|Johannesburg, South Africa||18.104.22.168|
|California (2), USA||22.214.171.124|
|Hyderabad (2), India||126.96.36.199|