Google Drive firewall and proxy settings

This article is intended for network administrators.

In order for users on your network to access Google Drive and Google Docs editors, your firewall rules should connect to the following hosts and ports. Otherwise, users may be blocked or denied access from these services.

For the following hosts, [N] means any single decimal digit and * means any string not containing a period.

  • www.google.com:443/HTTPS
  • accounts.google.com:443/HTTPS
  • googledrive.com:443/HTTPS
  • drive.google.com:443/HTTPS
  • *.drive.google.com:443/HTTPS
  • docs.google.com:443/HTTPS
  • *.docs.google.com:443/HTTPS
  • *.c.docs.google.com:443/HTTPS
  • sheets.google.com:443/HTTPS
  • slides.google.com:443/HTTPS
  • talk.google.com:5222/XMPP (needed only for Backup and Sync or the legacy version, Drive for Mac/PC)
  • takeout.google.com:443/HTTPS
  • gg.google.com:443/HTTPS
  • script.google.com:443/HTTPS
  • ssl.google-analytics.com:443/HTTPS
  • video.google.com:443/HTTPS
  • s.ytimg.com:443/HTTPS
  • apis.google.com:443/HTTPS
  • *.clients[N].google.com:443/HTTPS
  • *.googleapis.com:443/HTTPS
  • *.googleusercontent.com:443/HTTPS
  • *.gstatic.com:443/HTTPS
  • lh[N].google.com:443/HTTPS
  • [N].client-channel.google.com:443/HTTPS
  • clients[N].google.com:443/HTTPS

Notes

  • The IP addresses that various domain names resolve to don't necessarily fall within any given address range.
  • Other Google properties may use the IP addresses that Drive uses.
  • Techniques that Drive uses to connect to Google servers depend on the browser, browser version, networking conditions, etc.
  • Even if you don't currently see activity at the addresses listed above, there could be future activity.
  • Drive sync applications support all unauthenticated proxies configured by the operating system.
  • Backup and Sync supports only DNS-based distribution of PAC files. PAC distribution over DHCP is not supported.

Drive File Stream proxies

Drive File Stream encrypts all network traffic and validates host certificates to protect against man-in-the-middle (MITM) attacks. If you deploy to a network that uses a decrypting proxy, you should configure the TrustedRootCertsFile setting for Drive File Stream.

See also

Was this article helpful?
How can we improve it?