To integrate your applications and solutions, Celigo needs to authenticate and connect to them. If these systems have access limitations like IP whitelisting enabled, Celigo won’t be able to connect to them unless you’ve provided access. It’s the equivalent of having an access badge to enter a high-security building; without that, nothing goes through.
Steps to take:
- Determine who handles firewall configuration for your organization, such as a network or security IT administrator.
- Working with the person identified above, determine which access requirements listed in this article apply. Explain that the IP addresses need to be allowed (whitelisted) through your organization's firewall so that your integrations hosted on the Celigo platform can function correctly.
- Once the administrator you're working with has confirmed the IP addresses have been allowed (whitelisted), confirm your integrations are running without connection errors.
IP addresses for different access requirements are listed below, for you to whitelist all applicable addresses within your firewall, to specify for another cloud app, or to give to your administrator.
Access by server type
NA instance: integrator.io
Important: If you are currently whitelisting North America integrator.io IP addresses for the platform, FTP, or an outbound agent, then you must add the following IP range to your firewall immediately to prevent your integrations from experiencing connection and authentication failures.
Required IP range, available indefinitely
| 44.204.21.0/24 |
Celigo is moving to a single range of IP addresses to make application access and integrations scalable. For this purpose, Celigo has acquired the contiguous IP block 44.204.21.0/24 from Amazon Web Services.
integrator.io iPaaS (platform)
In addition to the IP range given above, the unique IP addresses listed below are all currently required for whitelisting integrator.io. These individual IP addresses are scheduled to sunset between August 16 – 19, 2022. This article will be revised and Celigo will notify all customers by email as soon as they are no longer required.
| 23.22.248.166 52.1.127.16 52.4.194.5 52.6.244.241 52.7.170.62 52.20.54.118 52.70.11.159 52.72.83.124 52.73.94.116 52.87.95.248 52.87.147.142 52.201.165.30 52.202.86.239 52.204.140.17 |
52.204.150.194 52.204.205.3 52.204.245.141 52.205.7.8 52.205.21.215 52.205.31.59 52.205.126.104 52.205.183.233 52.205.185.233 52.205.185.70 52.205.185.117 52.205.186.153 52.205.189.244 |
52.205.191.11 52.205.192.79 52.205.208.140 52.205.209.108 52.205.213.1 52.205.213.243 52.205.215.50 52.205.215.161 52.205.215.221 52.205.216.9 52.205.216.59 52.205.216.69 54.87.174.71 |
The FQDN used for port 443 is integrator.io.
integrator.io (FTP, SFTP, or FTPS only)
For North America FTP, SFTP, and FTPS integrator.io access, you must also add the range 44.204.21.0/24 to the whitelist in your firewall or in other cloud apps. In addition, the individual IP addresses listed below are currently required to be whitelisted. These individual IP addresses are scheduled to sunset between August 16 – 19, 2022. This article will be revised and Celigo will notify all customers by email as soon as they are no longer required.
| 52.2.63.213 52.7.99.234 52.71.48.248 |
Agent-extension servers (on-premise agent – outbound)
North American outbound agent access:
- If HTTPS and SSH ports are fully open, no whitelisting is required.
- If HTTPS and SSH ports are open only to specific IP addresses, then you must whitelist the following:
- integrator.io iPaas (platform) IP addresses, including the new range 44.204.21.0/24 and the individual IP addresses listed in that section.
- These individual IP addresses:
| 3.224.225.111 3.225.142.213 3.229.157.1 3.229.207.242 18.215.105.45 |
52.6.8.108 52.6.192.157 54.159.4.127 54.205.40.4 54.225.104.30 |
Note: The individual IP addresses are scheduled to sunset between August 16 – 19, 2022. This article will be revised and Celigo will notify all customers by email as soon as they are no longer required.
EU instance: eu.integrator.io
eu.integrator.io iPaaS (platform)
| 3.120.79.235 3.121.31.161 3.121.38.240 3.121.191.221 3.122.30.121 3.123.59.83 3.123.61.228 3.123.62.245 3.123.65.151 3.123.74.63 3.123.74.173 3.123.78.170 3.123.79.121 3.123.89.249 |
3.123.91.86 3.123.95.179 3.123.100.144 3.123.102.222 3.123.103.31 3.123.104.1 3.123.106.252 3.123.106.20 3.123.107.95 3.123.107.137 3.123.112.120 3.123.112.204 18.185.247.145 |
18.194.166.156 18.194.194.36 18.195.44.181 18.195.86.209 18.196.37.103 18.196.91.219 18.196.94.38 18.196.252.5 18.197.225.85 35.156.91.172 35.156.178.220 35.156.240.6 35.157.169.174 |
eu.integrator.io (FTP, SFTP, or FTPS only)
| 35.157.25.45 35.157.59.64 35.157.83.232 |
EU agent-extension servers
If you are running an agent and don’t have an HTTPS and SSH port open on outbound rules, then you must whitelist the regional integrator.io IP addresses, as well as the following IPs to allow access to the agent-extension servers:
| 3.127.63.170 3.127.186.241 3.125.253.130 18.157.62.2 18.158.94.68 18.158.94.199 |
18.158.112.80 18.158.240.57 18.196.126.38 18.197.63.167 52.57.218.184 |
Does Celigo have DNS servers I can whitelist?
No, Celigo currently doesn’t have DNS servers.
Comments
8 comments
Hello,
Is there not some subset of the IPaaS ip's I can use based on my USA location? You've got 40 ip's listed, and as far as I know, they have to be entered one at a time for Windows Firewall scoping purposes.
Thank you,
Jim
Hi, James K. Thanks for asking that question in a public forum. I've seen it on occasion from internal support queries, and the answer is unfortunately no. All of those IP addresses would be necessary to whitelist, even if you happened to detect only a subset during a given period.
If it helps any, it looks like there are some automated (batch file or script) solutions that admins have figured out to reduce the manual entry.
Thank you! I did find a script--batch file using "netsh advfirewall firewall add rule". If anyone needs a csv list of the IPaaS ip's (as of 1/26/22), here you are:
23.22.248.166,52.1.127.16,52.4.194.5,52.6.244.241,52.7.170.62,52.20.54.118,52.70.11.159,52.72.83.124,52.73.94.116,52.87.95.248,52.87.147.142,52.201.165.30,52.202.86.239,52.204.140.17,52.204.150.194,52.204.205.3,52.204.245.141,52.205.7.8,52.205.21.215,52.205.31.59,52.205.126.104,52.205.183.233,52.205.185.233,52.205.185.70,52.205.185.117,52.205.186.153,52.205.189.244,52.205.191.11,52.205.192.79,52.205.208.140,52.205.209.108,52.205.213.1,52.205.213.243,52.205.215.50,52.205.215.161,52.205.215.221,52.205.216.9,52.205.216.59,52.205.216.69,54.87.174.71
Awesome, James K. I'm sure your fellow readers will appreciate the time savings.
Hi Stephen Brandt We use integrator.io to integrate data between Salesforce system and Net Suite. I'm not aware that we have ever whitelisted Celigo IP address to connect to Net Suite or Salesforce. I'm following up with our Network Administrator to confirm whether we have currently whitelisted any of the Celigo IPs.
Is it required to whitelist new IP ranges, if we are not whitelisting current IP ranges in our firewall?
Hi Saibaba Pokala,
If you're not currently whitelisting any of our IP ranges, then you do not need to whitelist these new ones. This is only for customers who are already whitelisting (or want to whitelist). Thanks!
How do I determine if we are whitelisting IP's currently?
Your target endpoint's firewall, either on that system and/or it's network, would have a rule to allow connections from those IP's. It's something a network admin could determine.
Ciao
Please sign in to leave a comment.