When configuring your firewall to allow Box as a trusted source, please use the steps outlined below:

1. Use our site's domain names instead of a particular site IP address, as IP addresses can change frequently and without notice. Please configure hostnames to recognize any subdomain of:

  • *.box.com
  • *.box.net
  • *.boxcdn.net
  • *.boxcloud.com
  • *.boxrelay.com

To use the Excel Online Previewer, you must allow the following specific hostnames:

  • c1-excel-15.cdn.office.net
  • excel.officeapps.live.com
  • fs.microsoft.com
  • s1-excel-15.cdn.office.net

To use the Box for Office Online integration, please allow Microsoft's for Office 365 URLs and IP address ranges.


To use the Google Captcha feature, you must allow the following specific hostnames:

To use the Box for G Suite integration, please go to the Google support pages for the hostnames you must allow. (You can ignore the Google Drive/drive IP addresses because this Box integration does not have a dependency on Google Drive.)


To use the Box for iWork integration, you must allow access to Apple’s network at


If you are unable to whitelist the wildcard domains shown in the list above, please allow these specific hostnames:

  • a.box.com
  • account.box.com
  • api.box.com
  • app.box.com
  • app.boxrelay.com
  • blog.box.com
  • cdn01.boxcdn.net - cdn20.boxcdn.net
  • community.box.com
  • developer.box.com
  • dl.boxcloud.com
  • dl2.boxcloud.com - dl20.boxcloud.com
  • docs.box.com
  • e3.boxcdn.net
  • ent.box.com
  • m.box.com
  • notes.services.box.com
  • public.boxcloud.com
  • sso.services.box.net
  • status.box.com
  • support.box.com
  • upload.app.box.com
  • upload.box.com
  • upload.box.net
  • upload.ent.box.com
  • www.box.com
  • www.box.net
  • {yourcustomsubdomain}.account.box.com
  • {yourcustomsubdomain}.app.box.com
  • {yourcustomsubdomain}.box.com
  • {yourcustomsubdomain}.ent.box.com
  • 2.realtime.services.box.net


2. Enable HTTPS (port 443) for the domains above.


Due to the numerous firewalls available, we cannot provide specific instructions for each firewall beyond what is listed above. If you are using a firewall or proxy such as Forcepoint/Websense, Blue Coat, and so on, please create a Box User Services case and request the additional hostnames that are used with Enterprise accounts.


Whitelisting for Box Zones

Box Zones may introduce additional IP address or subdomains. If you have configured a firewall,
please contact Box User Services to get a list of Zone subdomains that you can whitelist.


Box Desktop Applications' Proxy Support

Box Drive, Box Sync, Box Tools, Box for Office, and Box Notes Desktop are desktop applications that need to connect to Box's data centers to function. The apps utilize the same domains outlined above.


The apps detect and use the proxy configured for the local machine via:

  • Automatic Proxy Detection 
  • Proxy Auto-Configuration (PAC file)
    • Windows does not support local file path schemas for the .pac file location such as file://C:\proxy.pac. Use a URL to configure the .pac file location.
  • Or manually setting the proxy server address for HTTP and HTTPS protocols
For proxy authentication support:
  • Windows apps support NTLMv1 or NTLMv2 authentication
    • Box for Office, Box Tools (machine-wide build), and Box Sync use a Windows Service that needs to connect to Box's data centers to check for new versions. The Windows Services run as the SYSTEM user, which may be unable to authenticate using NTLM. We recommend allowing SYSTEM run Services to connect through your proxy without authentication. 
  • Mac apps support NTLMv1 authentication only. 
  • Basic Authentication is not supported.

Testing Connectivity to Box Domains

To test whether your browser can connect to various Box domains, go to our Connectivity Testing page. Each test image is hosted on a different Box URL.