Connecting to the Internet from your datacenters requires opening port 443 to outbound connections. The following list includes the addresses that are common to most Citrix Cloud services:

URLs for Citrix Cloud Connectors:

https://*.cloud.com

https://*.citrixworkspacesapi.net

https://*.servicebus.windows.net

https://*.blob.core.windows.net

https:// <CUSTOMER_ID>.xendesktop.net

URLs for Certificate Validation by Cloud Connectors

http://crl3.digicert.com

http://crl4.digicert.com

http://ocsp.digicert.com

http://www.d-trust.net

http://root-c3-ca2-2009.ocsp.d-trust.net

http://crl.microsoft.com

http://oneocsp.microsoft.com

http://ocsp.msocsp.com

http://*.digicert.com

Note:  PAC is not supported by Cloud connectors.

Allowed FQDNs for Cloud Connector

For a complete list of the fully-qualified domain names (FQDNs) that the Cloud Connector accesses, refer to the JSON file located at 

https://fqdnallowlistsa.blob.core.windows.net/fqdnallowlist-commercial/allowlist.json.

This list is grouped by product and includes a change log for each group of FQDNs

If Customer does not allow wildcard URL’s then below list of FQDN’s are should be allowed.

Note

Allowing FQDN’s in Firewalls may lead to an application launching issue as Citrix may add Gateway POP’s in backend at any time and this will not be updated to Citrix customers to allow newly added gateway services

References

Cloud Connector Proxy and Firewall Configuration | Citrix Cloud

System and Connectivity Requirements | Citrix Cloud