6.4. Setting Firewall Access for Content Delivery

For systems registered with Customer Portal Subscription Management or a local Subscription Asset Manager instance, all content is delivered from Red Hat-hosted repositories. The URL (set by default in the rhsm.conf file in the baseurl parameter) is cdn.redhat.com.
However, there is no single server for cdn.redhat.com; there are multiple potential servers which all resolve to that address. The download server is selected based on what is geographically closest to the requesting machine. This results in much faster download times and better availability for content — however, in some firewall configuration, the required IP addresses could be blocked.
If yum downloads are failing, the it may be necessary to open the firewall to allow access to the IP address of the available content delivery servers. A list of IP addresses is available at Public CIDR Lists for Red Hat, both in a list and in a downloadable JSON file.