To integrate your applications and solutions, Celigo needs to authenticate and connect to them. If these systems have access limitations like IP whitelisting enabled, Celigo won’t be able to connect to them unless you’ve provided access. It’s the equivalent of having an access badge to enter a high-security building; without that, nothing goes through.
Steps to take:
-
Determine who handles firewall configuration for your organization, such as a network or security IT administrator.
-
Working with the person identified above, determine which access requirements listed in this article apply. Explain that the IP addresses need to be allowed (whitelisted) through your organization's firewall so that your integrations hosted on the Celigo platform can function correctly.
-
Once the administrator you're working with has confirmed the IP addresses have been allowed (whitelisted), confirm your integrations are running without connection errors.
IP addresses for different access requirements are listed below, for you to whitelist all applicable addresses within your firewall, to specify for another cloud app, or to give to your administrator.
Celigo offers a single range of IP addresses from Amazon Web Services to make application access and integrations scalable.
The integrator.io platform requires the IP range 44.204.21.0/24
to be whitelisted. No additional IP addresses need to be whitelisted for integrator.io.
The FQDN used for port 443 is integrator.io
.
For NA agent-extension servers (on-premise agent – outbound), determine which of the following applies:
-
If HTTPS and SSH ports are fully open on your outbound network access, no whitelisting is required.
-
If HTTPS and SSH ports are open only to specific IP addresses on your outbound network access, then you must whitelist the same IP range
44.204.21.0/24
and the following URLs:
In addition, to prepare for any contingencies at the primary AWS data center in US East (N. Virginia), add the disaster recovery range 18.246.180.128/25 in US West (Oregon) to your whitelist.
Note
Celigo has a VPC endpoint configured for Amazon S3 service. If you wish to restrict the traffic using your Amazon S3 bucket policies, add the VPCe ID: vpce-956ff3fc.
Important
If you are currently whitelisting EU integrator.io IP addresses for the platform, FTP, or an outbound agent, then you must add the following IP range to your firewall by Sept. 30, 2024, to prevent your integrations from experiencing connection and authentication failures.
Celigo is moving to a single range of IP addresses to make application access and integrations scalable. For this purpose, Celigo has acquired the contiguous IP block 3.79.248.128/26
from Amazon Web Services.
In addition to the IP range above, the unique IP addresses listed below are required for whitelisting eu.integrator.io. These individual IP addresses are scheduled to sunset by Sept. 30, 2024. This article will be revised and Celigo will notify all customers by email as soon as they are no longer required.
3.79.248.128/26 3.120.79.235 3.121.31.161 3.121.38.240 3.121.191.221 3.122.30.121 3.123.59.83 3.123.61.228 3.123.62.245 3.123.65.151 3.123.74.63 3.123.74.173 3.123.78.170 3.123.79.121 3.123.89.249 |
3.123.91.86 3.123.95.179 3.123.100.144 3.123.102.222 3.123.103.31 3.123.104.1 3.123.106.252 3.123.106.20 3.123.107.95 3.123.107.137 3.123.112.120 3.123.112.204 |
18.185.247.145 18.194.166.156 18.194.194.36 18.195.44.181 18.195.86.209 18.196.37.103 18.196.91.219 18.196.94.38 18.196.252.5 18.197.225.85 35.156.91.172 35.156.178.220 35.156.240.6 35.157.169.174 |
In addition, to prepare for any contingencies at the primary AWS data center in Europe (Frankfurt), add the disaster recovery range 3.254.10.128/26
in Europe (Ireland) to your whitelist.
For FTP, SFTP, and FTPS eu.integrator.io access, you must also add the range 3.79.248.128/26
to the whitelist in your firewall or other cloud apps. In addition, the individual IP addresses listed below are currently required to be whitelisted. These individual IP addresses are scheduled to sunset by Sept. 30, 2024. This article will be revised and Celigo will notify all customers by email as soon as they are no longer required.
3.79.248.128/26 35.157.25.45 35.157.59.64 35.157.83.232 |
In addition, to prepare for any contingencies at the primary AWS data center in Europe (Frankfurt), add the disaster recovery range 3.254.10.128/26
in Europe (Ireland) to your whitelist.
Note
Celigo has a VPC endpoint configured for Amazon S3 service. If you wish to restrict the traffic using your Amazon S3 bucket policies, add the VPCe ID: vpce-00b5eb27e1295355d.
Determine which of the following applies:
-
If HTTPS and SSH ports are fully open on your outbound network access, no whitelisting is required.
-
If HTTPS and SSH ports are open only to specific IP addresses on your outbound network access, then you must whitelist the following:
3.79.248.128/26
3.127.63.170
3.127.186.241
3.125.253.130
18.157.62.2
18.158.94.68
18.158.94.199
18.158.112.80
18.158.240.57
18.196.126.38
18.197.63.167
52.57.218.184
Note
The individual IP addresses for EU are scheduled to sunset by Sept. 30, 2024. This article will be revised and Celigo will notify all customers by email as soon as they are no longer required.
In addition, to prepare for any contingencies at the primary AWS data center in Europe (Frankfurt), add the disaster recovery range 3.254.10.128/26
in Europe (Ireland) to your whitelist.
Comments
10 comments
Hello,
Is there not some subset of the IPaaS ip's I can use based on my USA location? You've got 40 ip's listed, and as far as I know, they have to be entered one at a time for Windows Firewall scoping purposes.
Thank you,
Jim
Hi, James K. Thanks for asking that question in a public forum. I've seen it on occasion from internal support queries, and the answer is unfortunately no. All of those IP addresses would be necessary to whitelist, even if you happened to detect only a subset during a given period.
If it helps any, it looks like there are some automated (batch file or script) solutions that admins have figured out to reduce the manual entry.
Thank you! I did find a script--batch file using "netsh advfirewall firewall add rule". If anyone needs a csv list of the IPaaS ip's (as of 1/26/22), here you are:
23.22.248.166,52.1.127.16,52.4.194.5,52.6.244.241,52.7.170.62,52.20.54.118,52.70.11.159,52.72.83.124,52.73.94.116,52.87.95.248,52.87.147.142,52.201.165.30,52.202.86.239,52.204.140.17,52.204.150.194,52.204.205.3,52.204.245.141,52.205.7.8,52.205.21.215,52.205.31.59,52.205.126.104,52.205.183.233,52.205.185.233,52.205.185.70,52.205.185.117,52.205.186.153,52.205.189.244,52.205.191.11,52.205.192.79,52.205.208.140,52.205.209.108,52.205.213.1,52.205.213.243,52.205.215.50,52.205.215.161,52.205.215.221,52.205.216.9,52.205.216.59,52.205.216.69,54.87.174.71
Awesome, James K. I'm sure your fellow readers will appreciate the time savings.
Hi Stephen Brandt We use integrator.io to integrate data between Salesforce system and Net Suite. I'm not aware that we have ever whitelisted Celigo IP address to connect to Net Suite or Salesforce. I'm following up with our Network Administrator to confirm whether we have currently whitelisted any of the Celigo IPs.
Is it required to whitelist new IP ranges, if we are not whitelisting current IP ranges in our firewall?
Hi Saibaba Pokala,
If you're not currently whitelisting any of our IP ranges, then you do not need to whitelist these new ones. This is only for customers who are already whitelisting (or want to whitelist). Thanks!
How do I determine if we are whitelisting IP's currently?
Your target endpoint's firewall, either on that system and/or it's network, would have a rule to allow connections from those IP's. It's something a network admin could determine.
Ciao
You probably changed your infrastructure in the last few days and started using VPC endpoints to reach client buckets. However, the existing bucket connections stopped working for me restricting bucket access using specific IP addresses. The fix is to allow specific VPC endpoints now. Could you add this information to the whitelist section alongside your VPCe ID?
Reference https://repost.aws/knowledge-center/block-s3-traffic-vpc-ip
Hello Leonardo Nascimento
Thank you for letting us know.
The article is updated with the VPCe IDs for NA and EU instances.
Please sign in to leave a comment.