Firewall and proxy settings

If your organization uses a firewall, make sure to set it up so people in your organization can use Google services. Firewall rules should connect to the supported hosts and routes in this article. Otherwise, people might be blocked from their services or unable to use some features.

Set the hosts and routes in this article to Allowed in your firewall rules. They should be allowed even if you turn off the corresponding service in your Google Admin console. These hosts and routes are required for communication with Google and Google Workspace services.

Keep in mind:

  • Even if there's no current activity at these hosts, there might be future activity. IP addresses used by various domain names don't necessarily fall within any specific range.
  • The connection between your service and Google depends on factors such as the browser, the browser version, and networking conditions. 
  • Some domain names resolve to IP addresses that don’t fall within any given address range. 
  • Other Google services can use the same IP addresses that you use.

Firewall and proxy settings by service

Expand all  |  Collapse all

Drive and Sites hosts and settings

Note: When a host includes [0–9], you should allow a host with each single decimal digit. For example, for *.clients[0–9].google.com:443/HTTPS, you allow *.clients0.google.com:443:HTTPS, *.clients1.google.com:443:HTTPS, *.clients2.google.com:443:HTTPS, and so on.

  • www.google.com:443/HTTPS
  • accounts.google.com:443/HTTPS
  • googledrive.com:443/HTTPS
  • drive.google.com:443/HTTPS
  • *.drive.google.com:443/HTTPS
  • drive.usercontent.google.com:443/HTTPS
  • drive-data-export.usercontent.google.com
  • drive-data-export-eu.usercontent.google.com
  • docs.google.com:443/HTTPS
  • *.docs.google.com:443/HTTPS
  • *.c.docs.google.com:443/HTTPS
  • sheets.google.com:443/HTTPS
  • slides.google.com:443/HTTPS
  • takeout.google.com:443/HTTPS
  • gg.google.com:443/HTTPS
  • script.google.com:443/HTTPS
  • ssl.google-analytics.com:443/HTTPS
  • video.google.com:443/HTTPS
  • s.ytimg.com:443/HTTPS
  • apis.google.com:443/HTTPS
  • *.clients[0–9].google.com:443/HTTPS
  • *.googleapis.com:443/HTTPS
  • *.googleusercontent.com:443/HTTPS
  • *.gstatic.com:443/HTTPS
  • *.gvt1.com:443/HTTPS
  • lh[0–9].google.com:443/HTTPS
  • [0–9].client-channel.google.com:443/HTTPS
  • clients[0–9].google.com:443/HTTPS
  • inputtools.google.com:443/HTTPS
  • sites.google.com:443/HTTPS
  • sites.google.com:80/HTTP
  • sites.google.com:443/HTTPS
  • *.sites.google.com:443/HTTPS
  • *.googlegroups.com:443/HTTPS
  • ipv4.google.com:443/HTTPS
  • ipv4.google.com:80/HTTP

Google Drive for desktop proxies

To ensure your users can successfully use Drive for desktop, review the following proxy information:

  • Supported proxy discovery methods
    • Windows—Domain Name System (DNS) and Dynamic Host Configuration Protocol (DHCP)
    • macOS—DNS
  • Decrypting proxy—Drive for desktop encrypts all network traffic and validates host certificates to protect against man-in-the-middle (MITM) attacks. If you use a decrypting proxy, configure the TrustedRootCertsFile setting for Drive for desktop.
  • Buffered proxy—If you use a buffered proxy, you may need to disable buffering in the proxy for the following host: fcmconnection.googleapis.com.
  • Authenticated proxy—Drive for desktop doesn't support authenticated proxies with a password.

Related topic

Configure Google Drive for desktop

Gemini hosts
  • lh5.googleusercontent.com 
  • www.googleapis.com 
  • ssl.gstatic.com 
  • fonts.googleapis.com 
  • play.google.com 
  • ogs.google.com 
  • www.google.com 
  • apis.google.com 
  • jnn-pa.googleapis.com 
  • waa-pa.clients6.google.com 
  • i.ytimg.com 
  • yt3.ggpht.com 
  • lh3.googleusercontent.com 
  • maps.gstatic.com 
  • lh3.google.com 
  • ogads-pa.clients6.google.com 
  • csp.withgoogle.com 
  • www.googletagmanager.com 
  • www.youtube.com 
  • fonts.gstatic.com 
  • maps.googleapis.com 
  • static.doubleclick.net 
  • www.gstatic.com 
  • gemini.google.com 
  • td.doubleclick.net 
  • googleads.g.doubleclick.net 
  • www.google-analytics.com 
  • optimizationguide-pa.googleapis.com 
  • encrypted-tbn0.gstatic.com 
  • encrypted-tbn1.gstatic.com 
  • encrypted-tbn2.gstatic.com 
  • encrypted-tbn3.gstatic.com 
  • streetviewpixels-pa.googleapis.com
  • content-autofill.googleapis.com
Gmail hosts

The asterisk (*) is a wild card and can be any value except a period.

Note: When you use dynamic email and a firewall to connect to a host that isn’t listed here, the performance of your service might be impacted.

  • accounts.google.com
  • apis.google.com
  • clients*.google.com
  • contacts.google.com
  • *.googleusercontent.com
  • mail.google.com
  • mail-attachment.google.com
  • ogs.google.com
  • play.google.com
  • ssl.gstatic.com
  • www.google.com
  • www.gstatic.com
Google Meet hosts


Google, Google Workspace, and related marks and logos are trademarks of Google LLC. All other company and product names are trademarks of the companies with which they are associated.

Was this helpful?

How can we improve it?

Need more help?

Try these next steps:

Post to the help community Get answers from community members
Contact us Tell us more and we’ll help you get there
true
Start your free 14-day trial today

Professional email, online storage, shared calendars, video meetings and more. Start your free Google Workspace trial today.

Search
Clear search
Close search
Google apps
Main menu
5899591465512249444
true
Search Help Center
true
true
true
true
true
73010
false
false
false
false