To integrate your applications and solutions, Celigo needs to authenticate and connect to them. If these systems have access limitations like IP whitelisting enabled, Celigo won’t be able to connect to them unless you’ve provided access. It’s the equivalent of having an access badge to enter a high-security building; without that, nothing goes through.
Steps to take:
-
Determine who handles firewall configuration for your organization, such as a network or security IT administrator.
-
Working with the person identified above, determine which access requirements listed in this article apply. Explain that the IP addresses need to be allowed (whitelisted) through your organization's firewall so that your integrations hosted on the Celigo platform can function correctly.
-
Once the administrator you're working with has confirmed the IP addresses have been allowed (whitelisted), confirm your integrations are running without connection errors.
IP addresses for different access requirements are listed below, for you to whitelist all applicable addresses within your firewall, to specify for another cloud app, or to give to your administrator.
Celigo offers a single range of IP addresses from Amazon Web Services to make application access and integrations scalable.
The integrator.io platform requires the IP range 44.204.21.0/24
to be whitelisted. No additional IP addresses need to be whitelisted for integrator.io.
The FQDN used for port 443 is integrator.io
.
For NA agent-extension servers (on-premise agent – outbound), determine which of the following applies:
-
If HTTPS and SSH ports are fully open on your outbound network access, no whitelisting is required.
-
If HTTPS and SSH ports are open only to specific IP addresses on your outbound network access, then you must whitelist the same IP range
44.204.21.0/24
and the following URLs:
In addition, to prepare for any contingencies at the primary AWS data center in the US East (N. Virginia), add the disaster recovery range 18.246.180.128/25 in the US West (Oregon) to your whitelist.
Note
Celigo has a VPC endpoint configured for Amazon S3 service. If you wish to restrict the traffic using your Amazon S3 bucket policies, add the VPCe ID: vpce-956ff3fc.
Celigo offers a single range of IP addresses from Amazon Web Services to make application access and integrations scalable.
The eu.integrator.io platform requires the IP range 3.79.248.128/26 to be whitelisted. No additional IP addresses need to be whitelisted for eu.integrator.io.
For EU agent-extension servers (on-premise agent – outbound), determine which of the following applies:
-
If HTTPS and SSH ports are fully open on your outbound network access, no whitelisting is required.
-
If HTTPS and SSH ports are open only to specific IP addresses on your outbound network access, then you must whitelist the the same IP range 3.79.248.128/26 and the following URLs:
Note
-
In addition, to prepare for any contingencies at the primary AWS data center in Europe (Frankfurt), add the disaster recovery range
3.254.10.128/26
in Europe (Ireland) to your whitelist. -
Celigo has a VPC endpoint configured for Amazon S3 service. If you wish to restrict the traffic using your Amazon S3 bucket policies, add the VPCe ID: vpce-00b5eb27e1295355d.
Comments
Hello,
Is there not some subset of the IPaaS ip's I can use based on my USA location? You've got 40 ip's listed, and as far as I know, they have to be entered one at a time for Windows Firewall scoping purposes.
Thank you,
Jim
Hi, James K. Thanks for asking that question in a public forum. I've seen it on occasion from internal support queries, and the answer is unfortunately no. All of those IP addresses would be necessary to whitelist, even if you happened to detect only a subset during a given period.
If it helps any, it looks like there are some automated (batch file or script) solutions that admins have figured out to reduce the manual entry.
Thank you! I did find a script--batch file using "netsh advfirewall firewall add rule". If anyone needs a csv list of the IPaaS ip's (as of 1/26/22), here you are:
23.22.248.166,52.1.127.16,52.4.194.5,52.6.244.241,52.7.170.62,52.20.54.118,52.70.11.159,52.72.83.124,52.73.94.116,52.87.95.248,52.87.147.142,52.201.165.30,52.202.86.239,52.204.140.17,52.204.150.194,52.204.205.3,52.204.245.141,52.205.7.8,52.205.21.215,52.205.31.59,52.205.126.104,52.205.183.233,52.205.185.233,52.205.185.70,52.205.185.117,52.205.186.153,52.205.189.244,52.205.191.11,52.205.192.79,52.205.208.140,52.205.209.108,52.205.213.1,52.205.213.243,52.205.215.50,52.205.215.161,52.205.215.221,52.205.216.9,52.205.216.59,52.205.216.69,54.87.174.71
Awesome, James K. I'm sure your fellow readers will appreciate the time savings.
Hi Stephen Brandt We use integrator.io to integrate data between Salesforce system and Net Suite. I'm not aware that we have ever whitelisted Celigo IP address to connect to Net Suite or Salesforce. I'm following up with our Network Administrator to confirm whether we have currently whitelisted any of the Celigo IPs.
Is it required to whitelist new IP ranges, if we are not whitelisting current IP ranges in our firewall?
Hi Saibaba Pokala,
If you're not currently whitelisting any of our IP ranges, then you do not need to whitelist these new ones. This is only for customers who are already whitelisting (or want to whitelist). Thanks!
How do I determine if we are whitelisting IP's currently?
Your target endpoint's firewall, either on that system and/or it's network, would have a rule to allow connections from those IP's. It's something a network admin could determine.
Ciao
You probably changed your infrastructure in the last few days and started using VPC endpoints to reach client buckets. However, the existing bucket connections stopped working for me restricting bucket access using specific IP addresses. The fix is to allow specific VPC endpoints now. Could you add this information to the whitelist section alongside your VPCe ID?
Reference https://repost.aws/knowledge-center/block-s3-traffic-vpc-ip
Hello Leonardo Nascimento
Thank you for letting us know.
The article is updated with the VPCe IDs for NA and EU instances.
Please sign in to leave a comment.