ThousandEyes for Government: FedRAMP® Moderate

This article supplements the commercial Cisco ThousandEyes documentation, including our API documentation found at Cisco DevNet. It highlights the sections of the product documentation that apply to the Cisco ThousandEyes for Government product, and provides additional guidance applicable only to Cisco ThousandEyes for Government customers.

Getting Support from ThousandEyes

Cisco ThousandEyes for Government customers should reach out to https://mycase.frmod.cisco/ for support. This support is only for Cisco ThousandEyes for Government customers and meets the US Persons requirements as defined under Title 22, Chapter 69, Sec. 6010 (22 USC 6010). Further information can be found in the Cisco ThousandEyes Support Policy.

ThousandEyes for Government Cookies

The table below describes the cookies collected by the Cisco ThousandEyes for Government instance and applies only to ThousandEyes for Government and users within that instance. For further information, please review Cisco’s Automatic Data Collection Tools (Cookies, etc.).

Cookies for All Users (Authenticated and Unauthenticated)

Cookie Name

Duration & Retention

Host

Cookie Type

Description

_csrf

14 days

app.thousandeyes.us

Strictly Necessary

This cookie is used for Cross-site Request Forgery (CSRF) protection.

JSESSIONID

Session

app.thousandeyes.us

Strictly Necessary

This cookie is used for identity and access management.

route

Session

app.thousandeyes.us

Strictly Necessary

This cookie is used for session affinity for load-balancing.

teUserid

14 days

app.thousandeyes.us

Strictly Necessary

This cookie is used for remember me functionality for the login page.

ThousandEyes for Government Firewall Configuration

The table below provides the ThousandEyes for Government specific firewall configuration rules. These rules are required for the ThousandEyes for Government instance, and replace the commercial documentation, available here: Firewall Configuration for Enterprise Agents.

AWS GovCloud US-EAST1 Infrastructure

Product/Service

DNS Domain Name

IPv4 Addresses

IPv6 Addresses

ThousandEyes Web Application

app.thousandeyes.us

182.30.200.22, 18.253.248.115, 16.65.106.197

2600:1f15:90c:cf03:3a14:8550:415d:2c64, 2600:1f15:90c:cf01:b526:f9bc:7786:88fe, 2600:1f15:90c:cf02:332f:7219:fd80:373b

static.thousandeyes.us

16.64.19.215, 16.65.33.253, 16.65.103.201

2600:1f15:90c:cf02:662d:f883:dafc:b84c, 2600:1f15:90c:cf03:c91e:a814:69f9:23a6, 2600:1f15:90c:cf01:7cb3:1b4:65ec:a71f

ThousandEyes API

api.thousandeyes.us

16.65.51.47, 182.30.57.206, 182.30.80.78

2600:1f15:90c:cf01:3abf:8d89:e5ec:5c92, 2600:1f15:90c:cf03:bf4c:63fd:456f:d6ff, 2600:1f15:90c:cf02:6c38:3890:defa:7ff7

Enterprise Agents

sc1.thousandeyes.us

18.252.164.100, 16.64.58.159, 18.254.246.93

2600:1f15:90c:cf02:ec54:c947:78ed:822e, 2600:1f15:90c:cf01:7867:5811:1a5f:b22c, 2600:1f15:90c:cf03:740a:a315:93b0:7a07

c1.agt.thousandeyes.us

16.65.104.128, 182.30.70.149, 16.64.78.123

2600:1f15:90c:cf03:74ab:5026:d93d:5b86, 2600:1f15:90c:cf02:673f:80c2:5d91:1b3e, 2600:1f15:90c:cf01:edef:f4a1:dd54:59b6

data1.agt.thousandeyes.us

16.64.43.179, 18.254.191.76, 18.254.17.154

2600:1f15:90c:cf03:e424:811d:f45:9540, 2600:1f15:90c:cf01:2f11:185c:1763:847c, 2600:1f15:90c:cf02:6573:af3c:581b:be06

crashreports.thousandeyes.us

18.254.31.241, 182.30.9.172, 18.253.184.82

2600:1f15:90c:cf01:4bcd:becc:f12b:1ca5, 2600:1f15:90c:cf02:f7c7:b2cd:71d5:e6a3, 2600:1f15:90c:cf03:778d:8c8e:1887:d920

Endpoint Agents

c1.eb.thousandeyes.us

16.65.104.146, 16.64.124.153, 18.254.24.56

2600:1f15:90c:cf03:a506:4fa6:52e7:811b, 2600:1f15:90c:cf02:678b:2fcb:730f:13c5, 2600:1f15:90c:cf01:30bb:d65e:2848:518

data.eb.thousandeyes.us

182.30.35.24, 18.252.253.246, 18.254.153.17

2600:1f15:90c:cf01:908b:c147:d26d:5f76, 2600:1f15:90c:cf03:fa67:7818:19e4:abc6, 2600:1f15:90c:cf02:5ac3:8ce8:2a92:55bd

Alerts and Integrations Webhooks

OpenTelemetry (OTel) Source

N/A

16.65.25.153, 18.254.188.65, 18.254.56.208

N/A

Agent Deployment

Cloud Agents

The following Cloud Agents are available in the ThousandEyes for Government product:

Customers may deploy tests for Cloud Agents under a ThousandEyes for Government subscription, but any such deployment would be outside of ThousandEyes’ FedRAMP®-authorized boundary. ThousandEyes' obligations under the Authorization to Operate and the FedRAMP baseline requirements would not apply to the Cloud Agents or the data transmitted to or from the Cloud Agents. Customers are solely responsible for accessing and utilizing the Cloud Agent in accordance with their security policies and applicable FedRAMP and federal compliance requirements.

Asia Pacific (ap-northeast-1) (Tokyo)
Asia Pacific (ap-northeast-2) (Seoul)
Europe (eu-central-1) (Frankfurt)
Europe (eu-west-1) (Ireland)
Europe (eu-west-2) (London)
Europe (eu-west-3) (Paris)
Middle East (me-central-1) (UAE)
US East (us-east-1) (N. Virginia)
US East (us-east-2) (Ohio)
US West (us-west-1) (N. California)
US West (us-west-2) (Oregon)

For more information about Cloud Agents, see Cloud Agents.

Enterprise Agents

You can install Enterprise Agents in ThousandEyes for Government environments using the following deployment methods:

Cisco Application Hosting
Docker Agent
Linux Package

Review all prerequisites and configuration requirements listed below for your deployment type before beginning installation, then use the links provided for the supported devices and installation instructions.

Cisco Application Hosting

Prerequisites

FIPS-compatible OpenSSL installed on the device with FIPS-mode enabled on the system.
NTP enabled on the device.

Configuration

To configure a ThousandEyes Enterprise Agent for a Cisco ThousandEyes for Government environment, you must add the following environment variable when configuring the Enterprise Agent:

TEAGENT_SECURITY_MODE=FEDRAMP

If FIPS or FEDRAMP mode is enabled but the host OS doesn't have a FIPS-compatible OpenSSL installed with FIPS-mode enabled on the system, the Agent will fail to start and log the error.

Refer to the links below for a list of supported devices and links to the relevant Cisco Application Hosting installation instructions:

For Cisco Catalyst Switches, see Catalyst Switches.
For Cisco Catalyst Routers, see Catalyst Routers.
For Cisco Nexus Switches, see Nexus Switches.
For Cisco Aggregation Services Routers and Cisco Integrated Services Routers, see Service Routers.
For Cisco Industrial Ethernet Switches, see Industrial Ethernet Switches.
For Cisco Industrial Routers, see Industrial Routers.

Docker Agent

Prerequisites

NTP enabled on the device.
Baseline OS configuration must meet NIST 800-53 or DoD STIG.

Configuration

To configure a ThousandEyes Enterprise Agent for Cisco ThousandEyes for Government, you must add the following environment variable when configuring the Enterprise Agent:

TEAGENT_SECURITY_MODE=FEDRAMP

If FIPS or FEDRAMP mode is enabled but the host OS doesn't have a FIPS-compatible OpenSSL installed with FIPS-mode enabled on the system, the Agent will fail to start and log the error.

For installation instructions, see Docker Enterprise Agents.

Linux Package

Prerequisites

FIPS-compatible OpenSSL installed on the device with FIPS-mode enabled on the system.
NTP enabled on the device.
Baseline OS configuration must meet NIST 800-53 or DoD STIG.

Configuration

To configure a ThousandEyes Linux-Based Enterprise Agent for Cisco ThousandEyes for Government, you must add the -m advanced option to the installation script, and set the value to FEDRAMP:

$ ./install_thousandeyes.sh -m --help

 -m <SECURITY_MODE>    Sets the security mode, format depends on SECURITY_MODE

  DEFAULT

    Standard Enterprise Agent; default value if -m is not set.

  FIPS

    Utilize FIPS OpenSSL capabilities when communicating with the ThousandEyes Platform.

  FEDRAMP

    Utilize FIPS OpenSSL capabilities when communicating with the FedRAMP ThousandEyes Platform.

Using FIPS mode or FEDRAMP mode requires the host OS to support OpenSSL 3.0 or higher with a FIPS-validated OpenSSL configuration. The agent will fail and log the error without it.

For installation instructions, see Linux Package Installation.

For the list of advanced configuration options, see Linux Package Advanced Options.

Endpoint Agents

Transfer of Agents across Regions

FedRAMP compliant organizations cannot transfer agents across different regions using the connection string.

For more information, see Transfer Ownership Across Different Regions Using Connection Strings.

ThousandEyes and GenAI

Generative artificial intelligence-powered capabilities ("GenAI") are not available for ThousandEyes for Government.

Cloud and Enterprise Agent Settings

BrowserBot is not available in the ThousandEyes for Government instance.

For more information, see Enterprise Agent Settings.

Cloud and Enterprise Agent Tests

Browser tests, including page load and transaction tests, are not available in the ThousandEyes for Government instance.

Dashboards

Email support for scheduled snapshots is not available in the ThousandEyes for Government instance.

For more information, see Scheduling a Recurring Snapshot.

Embedded widgets and shared dashboard snapshots are not available in the ThousandEyes for Government instance.

Snapshots

Public snapshots are not available in the ThousandEyes for Government instance.

Path Visualization

Cloud network enrichments for the path visualization are not available in the ThousandEyes for Government instance.

Event Detection

Event Summarization using Large Language Models (LLMs) is not available in the ThousandEyes for Government instance. This impacts both event summaries and recurring event summaries.

For more information, see Event Detection.

Integrations

Microsoft Teams Integration

The Microsoft Teams Call Quality Dashboard integration is not available in the ThousandEyes for Government instance.

ThousandEyes for OpenTelemetry

ThousandEyes for OpenTelemetry is not available in the ThousandEyes for Government instance.

Alert Integrations

Webhooks (including custom webhooks) are not available in the ThousandEyes for Government instance for alert notifications.

Alerts

The following alert sources are not available in the ThousandEyes for Government instance:

Cloud Insights
Internet Insights
WAN Insights

In addition, the following Network & App Synthetics alert rule types are not available in the ThousandEyes for Government instance:

Web - Page Load
Web - Transaction
Web - Transaction (Classic)

For more information, see Creating and Editing Alert Rules and Default Alert Rules.

Insights Portfolio

The entire Insights portfolio is not available in the ThousandEyes for Government instance. That includes:

Cloud Insights
Traffic Insights
WAN Insights
Internet Insights

For more information, see Cloud Insights, Enterprise Traffic Insights, WAN Insights, and Internet Insights.

APIs

ThousandEyes for Government users should only use the api.thousandeyes.us URI when calling APIs. Users are solely responsible for accessing APIs in accordance with their security policies and applicable FedRAMP and federal compliance requirements.

The following APIs are not available for ThousandEyes for Government:

APIs:

Cloud Insights
Internet Insights
ThousandEyes for OpenTelemetry
Emulation
Credentials

API Operations:

Within Tests API:
- Page Load Tests.
- API Tests.
- Web Transaction Tests.
Within Endpoint Agents API: *Endpoint Agents Transfer.
Within Templates API:
- API operations for the creation or retrieval of API tests, page load tests, or transaction tests are not available for ThousandEyes for Government.
Within Alerts API:
- API operations for the creation or retrieval of API, page load, or web transaction alert rules are not available for ThousandEyes for Government.
Within BGP Monitors API:
- Private monitor data is not available for ThousandEyes for Government.

PreviousArchived - Working with Raw BGP Data Next2025

Last updated 16 hours ago