To integrate your applications and solutions, Celigo needs to authenticate and connect to them. If these systems have access limitations like IP whitelisting enabled, Celigo won’t be able to connect to them unless you’ve provided access. It’s the equivalent of having an access badge to enter a high-security building; without that, nothing goes through.
Steps to take:
- Determine who handles firewall configuration for your organization, such as a network or security IT administrator.
- Working with the person identified above, determine which access requirements listed in this article apply. Explain that the IP addresses need to be allowed (whitelisted) through your organization's firewall so that your integrations hosted on the Celigo platform can function correctly.
- Once the administrator you're working with has confirmed the IP addresses have been allowed (whitelisted), confirm your integrations are running without connection errors.
IP addresses for different access requirements are listed below, for you to whitelist all applicable addresses within your firewall, to specify for another cloud app, or to give to your administrator.
Access by server type
NA instance: integrator.io
Celigo offers a single range of IP addresses from Amazon Web Services to make application access and integrations scalable.
integrator.io iPaaS (platform)
The integrator.io platform requires the IP range 44.204.21.0/24 to be whitelisted. No additional IP addresses need to be whitelisted for integrator.io.
The FQDN used for port 443 is integrator.io.
integrator.io (FTP, SFTP, or FTPS only)
For North America FTP, SFTP, and FTPS integrator.io access, you must also add the range 44.204.21.0/24 to the whitelist in your firewall or in other cloud apps. No additional IP addresses need to be whitelisted.
NA agent-extension servers (on-premise agent – outbound)
Determine which of the following applies:
- If HTTPS and SSH ports are fully open on your outbound network access, no whitelisting is required.
- If HTTPS and SSH ports are open only to specific IP addresses on your outbound network access, then you must whitelist the IP range 44.204.21.0/24.
EU instance: eu.integrator.io
eu.integrator.io iPaaS (platform)
The eu.integrator.io platform requires the following individual IP addresses to be whitelisted:
| 3.120.79.235 3.121.31.161 3.121.38.240 3.121.191.221 3.122.30.121 3.123.59.83 3.123.61.228 3.123.62.245 3.123.65.151 3.123.74.63 3.123.74.173 3.123.78.170 3.123.79.121 3.123.89.249 |
3.123.91.86 3.123.95.179 3.123.100.144 3.123.102.222 3.123.103.31 3.123.104.1 3.123.106.252 3.123.106.20 3.123.107.95 3.123.107.137 3.123.112.120 3.123.112.204 18.185.247.145 |
18.194.166.156 18.194.194.36 18.195.44.181 18.195.86.209 18.196.37.103 18.196.91.219 18.196.94.38 18.196.252.5 18.197.225.85 35.156.91.172 35.156.178.220 35.156.240.6 35.157.169.174 |
eu.integrator.io (FTP, SFTP, or FTPS only)
For FTP, SFTP, and FTPS eu.integrator.io access, the following individual IP addresses must be whitelisted:
| 35.157.25.45 35.157.59.64 35.157.83.232 |
EU agent-extension servers (on-premise agent – outbound)
Determine which of the following applies:
- If HTTPS and SSH ports are fully open on your outbound network access, no whitelisting is required.
- If HTTPS and SSH ports are open only to specific IP addresses on your outbound network access, then you must whitelist the regional IP addresses, as well as the following IPs, to allow access to the agent-extension servers:
3.127.63.170
3.127.186.241
3.125.253.130
18.157.62.2
18.158.94.68
18.158.94.19918.158.112.80
18.158.240.57
18.196.126.38
18.197.63.167
52.57.218.184
Does Celigo have DNS servers I can whitelist?
No, Celigo currently doesn’t have DNS servers.
Comments
8 comments
Hello,
Is there not some subset of the IPaaS ip's I can use based on my USA location? You've got 40 ip's listed, and as far as I know, they have to be entered one at a time for Windows Firewall scoping purposes.
Thank you,
Jim
Hi, James K. Thanks for asking that question in a public forum. I've seen it on occasion from internal support queries, and the answer is unfortunately no. All of those IP addresses would be necessary to whitelist, even if you happened to detect only a subset during a given period.
If it helps any, it looks like there are some automated (batch file or script) solutions that admins have figured out to reduce the manual entry.
Thank you! I did find a script--batch file using "netsh advfirewall firewall add rule". If anyone needs a csv list of the IPaaS ip's (as of 1/26/22), here you are:
23.22.248.166,52.1.127.16,52.4.194.5,52.6.244.241,52.7.170.62,52.20.54.118,52.70.11.159,52.72.83.124,52.73.94.116,52.87.95.248,52.87.147.142,52.201.165.30,52.202.86.239,52.204.140.17,52.204.150.194,52.204.205.3,52.204.245.141,52.205.7.8,52.205.21.215,52.205.31.59,52.205.126.104,52.205.183.233,52.205.185.233,52.205.185.70,52.205.185.117,52.205.186.153,52.205.189.244,52.205.191.11,52.205.192.79,52.205.208.140,52.205.209.108,52.205.213.1,52.205.213.243,52.205.215.50,52.205.215.161,52.205.215.221,52.205.216.9,52.205.216.59,52.205.216.69,54.87.174.71
Awesome, James K. I'm sure your fellow readers will appreciate the time savings.
Hi Stephen Brandt We use integrator.io to integrate data between Salesforce system and Net Suite. I'm not aware that we have ever whitelisted Celigo IP address to connect to Net Suite or Salesforce. I'm following up with our Network Administrator to confirm whether we have currently whitelisted any of the Celigo IPs.
Is it required to whitelist new IP ranges, if we are not whitelisting current IP ranges in our firewall?
Hi Saibaba Pokala,
If you're not currently whitelisting any of our IP ranges, then you do not need to whitelist these new ones. This is only for customers who are already whitelisting (or want to whitelist). Thanks!
How do I determine if we are whitelisting IP's currently?
Your target endpoint's firewall, either on that system and/or it's network, would have a rule to allow connections from those IP's. It's something a network admin could determine.
Ciao
Please sign in to leave a comment.