Connecting to the Internet from your datacenters requires opening port 443 to outbound connections. The following list includes the addresses that are common to most Citrix Cloud services:
URLs for Citrix Cloud Connectors:
URLs for Certificate Validation by Cloud Connectors
Note: PAC is not supported by Cloud connectors.
Allowed FQDNs for Cloud Connector
For a complete list of the fully-qualified domain names (FQDNs) that the Cloud Connector accesses, refer to the JSON file located at
This list is grouped by product and includes a change log for each group of FQDNs
If Customer does not allow wildcard URL’s then below list of FQDN’s are should be allowed.
Allowing FQDN’s in Firewalls may lead to an application launching issue as Citrix may add Gateway POP’s in backend at any time and this will not be updated to Citrix customers to allow newly added gateway services
Cloud Connector Proxy and Firewall Configuration | Citrix Cloud