Camio is hosted on Google Cloud Platform (GCP), where the service runs across hundreds of servers that are provisioned and retired automatically based on demand. The IP addresses are assigned dynamically by Google's infrastructure and change frequently as instances scale up, scale down, or move between data centers. Any fixed IP list Camio provided would be outdated almost immediately, resulting in dropped connections.
Fortunately, an IP allowlist isn't necessary for Camio to work:
Camio requires no inbound firewall rules. Camio opens no inbound ports and runs no listening services on your network. All communication is initiated outbound from your device or browser to Camio, secured with TLS 1.3 over port 443 (standard HTTPS). This is the same connection model as any modern web application, so there is no inbound attack surface to manage.
To allow Camio, you only need to permit outbound HTTPS (TCP 443) traffic to camio.com. Recommended approaches:
- Allowlist by hostname/domain (
*.camio.com) if your firewall supports DNS- or FQDN-based rules. This is the cleanest option and is unaffected by GCP's dynamic IPs. - Allowlist Google Cloud's published IP ranges (maintained by Google at
https://www.gstatic.com/ipranges/cloud.json) if your policy requires IP-based rules. Note this covers all of GCP, not Camio specifically.
Because all traffic is outbound TLS 1.3 on the standard HTTPS port, most enterprise firewalls already permit it by default with no changes required.
Comments