Enterprise customers can leverage dedicated egress1 IPs for layer 7 WAF and CDN services, as well as Spectrum. The egress IPs are reserved exclusively for your account so that you can increase your origin security by only allowing traffic from a small list of IP addresses.

Note If you are interested in using Smart Shield Advanced with Dedicated CDN Egress IPs, reach out to your account team.

Dedicated CDN Egress IPs was formerly known as Cloudflare Aegis (release blog post ↗).

Benefits

With Dedicated CDN Egress IPs, you can:

Lock down your network firewall to only allow traffic from your dedicated IPs.

Use Cloudflare Access and CNI to secure your applications without installing software or customizing code on your server.

Ensure only authorized Workers can access your origin services.

Scope

You can assign Dedicated CDN Egress IPs to single or multiple Cloudflare zones, and across different Cloudflare accounts.

Dedicated CDN Egress IPs are included within BGP advertisement over CNI.

Each dedicated egress pool can consist of either IPs from a BYOIP prefix or Cloudflare-leased IPs. A single dedicated egress pool cannot contain both BYOIPs and leased IPs.