When configuring your firewall to allow Box as a trusted source, please use the steps outlined below:
1. Use our site's domain names instead of a particular site IP address, as IP addresses can change frequently and without notice. Please configure hostnames to recognize any sub-domain of:
To use the Excel Online Previewer, you must add the following specific hostnames:
To use the Google Captcha feature, you must add the following specific hostnames:
If you are unable to whitelist the sub-domains shown in the list above, please allow these specific hostnames:
- cdn01.boxcdn.net - cdn20.boxcdn.net
- dl2.boxcloud.com - dl20.boxcloud.com
2. Enable HTTPS (port 443) for the domains above.
Due to the numerous firewalls available, we cannot provide specific instructions for each firewall beyond what is listed above. If you are using a firewall or proxy such as Websense, Blue Coat, and so on, please create a Box User Services case and request the additional hostnames that are used with Enterprise accounts.
Whitelisting for Box Zones
Box Zones may introduce additional IP address or sub-domains. If you have configured a firewall,
please contact Box User Services to get a list of Zone sub-domains that you can whitelist.
Box Desktop Applications' Proxy Support
Box Drive, Box Sync, Box Tools, Box for Office, and Box Notes Desktop are desktop applications that need to connect to Box's data centers to function. The apps utilize the same domains outlined above.
The apps detect and use the proxy configured for the local machine via:
- Automatic Proxy Detection
- Proxy Auto-Configuration (PAC file)
- Windows does not support local file path schemas for the .pac file location such as file://C:\proxy.pac. Use a URL to configure the .pac file location.
- Or manually setting the proxy server address for HTTP and HTTPS protocols
- Windows apps support NTLMv1 or NTLMv2 authentication
- Box for Office, Box Tools (machine-wide build), and Box Sync use a Windows Service that needs to connect to Box's data centers to check for new versions. The Windows Services run as the SYSTEM user, which may be unable to authenticate using NTLM. We recommend allowing SYSTEM run Services to connect through your proxy without authentication.
- Mac apps support NTLMv1 authentication only.
- Basic Authentication is not supported.
Testing Connectivity to Box Domains
To test whether your browser can connect to various Box domains, go to our Connectivity Testing page. Each test image is hosted on a different Box URL.