Appearance
IP allowlist
Flowstate routes all AI traffic through hosted infrastructure at stable IP addresses. Two directions matter:
- Egress — the IPs Flowstate sends from when calling AI providers. Add these to the per-provider allowlist if you've restricted who can call your provider account (Anthropic Console → Settings → IP allowlist, OpenAI org settings, etc.). The point is to be able to say "the only IPs that can spend our Anthropic / OpenAI / Google budget are these Flowstate IPs".
- Ingress — the IP your developers' tools connect to (
ai.flowstate.inc/otel.flowstate.inc). Allowlist this in your corporate firewall so the agent and SDKs can reach Flowstate without exception requests.
All IPs below are static. They never change without prior notice; if Flowstate adds a region we'll publish the new IPs here at least 30 days before they start serving traffic.
Ingress (your firewall → Flowstate)
A single global anycast IP fronts every region. Allowlist this on outbound HTTPS (port 443) from any machine that runs the agent or talks to the cloud proxy directly.
| Hostname | IP | Ports |
|---|---|---|
ai.flowstate.inc | 34.120.148.227 | 443 |
otel.flowstate.inc | 34.120.148.227 | 443 |
Both hostnames resolve to the same global anycast IP. Google's edge network routes each request to the lowest-latency Flowstate region automatically.
Egress (Flowstate → AI provider)
Each region has its own reserved static IPs. All outbound calls to AI providers from that region's proxy NAT through this set. Add every IP for every region you want to serve; Flowstate's load balancer steers traffic to the nearest healthy region, so a request from one user can leave from any region.
| Region | Static egress IPs | Forward hostname (FCrDNS not available — see below) |
|---|---|---|
europe-west1 | 35.240.124.208, 35.205.154.122 | ip-35-240-124-208.europe-west1.sec.flowstate.inc (and pair) |
us-east1 | 35.231.7.95, 34.23.36.30 | ip-35-231-7-95.us-east1.sec.flowstate.inc (and pair) |
us-west1 | 34.143.67.195, 136.118.148.163 | ip-34-143-67-195.us-west1.sec.flowstate.inc (and pair) |
asia-southeast1 | 35.185.190.183, 35.198.224.244 | ip-35-185-190-183.asia-southeast1.sec.flowstate.inc (and pair) |
The forward A records above resolve to the IPs — useful when a provider's allowlist is hostname-based, or when you're walking your firewall logs and want to spot Flowstate traffic without a number-to-org lookup.
Reverse DNS (PTR) returns Google's default
Flowstate's egress IPs sit behind Cloud NAT in each region, and Google does not permit custom PTR records on NAT-attached static external IPs. A reverse lookup of any of the IPs above returns <dashed-ip>.bc.googleusercontent.com. — the GCP-default PTR.
If your firewall enforces forward-confirmed reverse DNS (FCrDNS) — checking that dig -x <ip> resolves back to the same hostname your allowlist uses — that check WILL FAIL against these IPs. Allowlist by IP (or by the forward hostnames above), not by PTR match. For FCrDNS-strict deployments contact security@flowstate.inc; the only path is per-tenant VM-based egress which we provision case by case.
CIDR shortcut
If your firewall wants CIDRs and you don't want to enumerate every IP, every Flowstate egress IP lives under 34.0.0.0/8, 35.0.0.0/8, or 136.0.0.0/8 (Google-allocated public ranges). Those CIDRs are far broader than necessary — please prefer the per-IP list above so the allowlist actually does its job.
Provider configuration recipes
Anthropic Console
- Console → Settings → Security → IP allowlist.
- Add each egress IP above. There's no CIDR field; add the IPs individually.
- Save.
OpenAI platform
- Settings → Security → IP allowlist (organization-level).
- Add each egress IP. OpenAI accepts both single IPs and CIDR ranges.
- Apply.
Google Cloud Vertex AI
VPC service controls do this most cleanly:
- VPC Service Controls → Service perimeter for your AI services.
- Add an Ingress policy that allowlists the egress IPs above as
from.sources.access_levels. - Apply.
For non-VPC-SC accounts, restrict the API key directly under APIs & Services → Credentials → your key → Application restrictions → IP addresses.
Your corporate firewall
Add 34.120.148.227 to your egress allowlist on port 443. If your firewall enforces SNI-aware allowlisting, also allow ai.flowstate.inc and otel.flowstate.inc.
What if I see traffic from an IP not on this list?
It isn't Flowstate. The egress IPs above are reserved exclusively for the cloud proxy and are guarded by terraform prevent_destroy lifecycles — they cannot be rotated by accident. If you see AI-provider traffic from a different IP, please report it to security@flowstate.inc with the source IP and timestamp so we can help you trace it.