Skip to content
Bulwark
PlatformBulwarkReconGauntletAEGISPricingIntegrationsFree OFAC toolsSecurity
Sign inRequest access

Network access for your IT team

If your corporate proxy or web filter blocks Bulwark, here is exactly what to permit. Everything below is a normal HTTPS website — no special ports, no client software, no inbound connections.

1 — Allow these hostnames (by name, not IP)

Bulwark is served from managed cloud platforms whose IP addresses rotate, so allowlist by hostname / SNI, not by IP. A single wildcard rule — *.bulwarkcompliance.ai — covers everything below. If your policy requires fixed egress IPs, contact us and we’ll arrange a static-IP endpoint.

HostnameWhat it servesPriority
www.bulwarkcompliance.aiMarketing site + the free OFAC reference and name search (/ofac/*, /search). No login.Required
bulwarkcompliance.aiApex domain (redirects to www) and the signed-in Bulwark application.Required
recon.bulwarkcompliance.aiRecon research agent.If used
gauntlet.bulwarkcompliance.aiGauntlet payment screening.If used
aegis.bulwarkcompliance.aiAEGIS regulatory reporting.If used
api.bulwarkcompliance.aiData API endpoint (only if you use API access).If used

2 — Categorize the domain as Business / Finance

Many filters block domains that are simply uncategorized or “newly observed.” Ask your web-filtering vendor to categorize bulwarkcompliance.ai as Business / Finance / Regulatory-Compliance. Submission points:

VendorWhere to submit or review a category
Zscalersitereview.zscaler.com
NetskopeWeb Category Lookup in the Netskope UI, or a support ticket
Palo Alto (PAN-DB)urlfiltering.paloaltonetworks.com
Cisco Talos / Umbrellatalosintelligence.com/reputation_center
Forcepointcsi.forcepoint.com/tools
Symantec / BlueCoatsitereview.bluecoat.com
Trellix / McAfeetrustedsource.org

3 — Connection details

  • Protocol / port: HTTPS over TCP 443 only. No other ports, no UDP, no inbound.
  • TLS: 1.2 and 1.3, standard cipher suites, certificate from a widely-trusted public CA.
  • TLS inspection: supported. No certificate pinning, so your proxy may re-sign without breaking the site.
  • Client certificates: not required. No mTLS on public pages.
  • JavaScript: the reference and search pages render server-side and stay usable with JavaScript disabled.
  • Third-party calls: none required to read the reference — pages don’t depend on external CDNs, fonts, or trackers to render.
  • IP family: reachable over IPv4 (and IPv6). No IPv6 requirement.
  • Authentication: the free reference needs none; the app supports corporate SSO (SAML / OIDC — Okta, Azure AD, Google, GitHub).

4 — Confirm reachability

  • Browser: open https://www.bulwarkcompliance.ai/ofac — the OFAC reference should load with no login prompt.
  • Command line: curl -I https://www.bulwarkcompliance.ai/ofac should return HTTP/2 200.
  • A block usually shows your proxy’s own page (not ours), a category name, or a TLS/certificate error — capture that text and send it to us.

Still blocked? Email support@bulwarkcompliance.ai with the proxy/vendor name and the block message. Live service health is at /status.

Bulwark

Compliance intelligence for OFAC sanctions. Definitive reference, live change feed, knowledge base.

Platform

Bulwark · OFAC referenceRecon · research agentGauntlet · screeningAEGIS · reporting

Delivery

PricingIntegrationsFree OFAC referenceFree sanctions searchEmail & Slack notificationsHow it works

Company

ContactPrivacyTerms

Trust

SecurityPlatform statusNetwork access for ITPrivacy policyTerms of service
© 2026 Bulwark Compliance LLC