UltraDNS traffic management capabilities utilize UltraDNS probes located around the world to determine the accessibility of your defined DNS records (hosts and applications).
When your host is unreachable, your query responses will be modified based upon the actions you have configured in UltraDNS. Actions may include notifications and taking resources out of service.
A firewall, or similar devices, can block the IP addresses that are associated with the UltraDNS traffic management probes and make your host appear to be unreachable (down) when in reality, your host is fully available (up) and operational.
Please make the necessary modifications to your firewall security policies to include the following IP addresses associated with UltraDNS probes used for traffic management.
All Traffic Management IP Addresses for All Probing Regions
https://ultra-portalstatic.ultradns.com/static/console/docs/Traffic_Management_IPs_for_Probing.html
Additional Information
Please be informed that this information is applicable exclusively to users of SiteBacker, Traffic Controller, Simple Failover, and Simple Load Balancing. On July 11, 2025 (or after), we will be bringing the Toronto Traffic Management probers into service. These will be part of the North America East group.
If you have any Traffic Management (SiteBacker/Traffic Controller/Simple Failover/Simple Load Balancing) pools that are testing or monitoring IP addresses that are not open to the Internet, you will need to add the following IP addresses to your whitelist:
156.154.84.153
2610:a1:303c:128::153
156.154.84.154
2610:a1:303c:128::154
It will updated in the near future to include these new addresses. If you do use the above products but only monitor IP addresses open to the Internet, it is unlikely that you need to make any changes. That said, if you have any monitoring on your side that can block external addresses that do repetitive tests, you likely already have a whitelist for Traffic Management probers and will need to update it by adding the new values.
What are the consequences of needing to update whitelist and not doing so?
Your configured Traffic Management probes could generate alerts due to tests from Toronto not completing successfully. This could even lead to a managed record failing over to its backup records (or the All Fail record if all numbered priority records are in failure). That said, SiteBacker default settings require at least two monitoring locations to be failing tests for failover of a record to occur.
In other words, communication issues between our Toronto site and your monitored endpoints would not by itself by sufficient to trigger a failover to a backup record. There would need to be one other location already in failure for a new failure from Toronto to be sufficient for trigger a failover to backup records.