Firewall Friendly IPs

Know more about the IPs to be allowed and the ports to open for cloud connectivity.

Overview

webMethods.io Integration connects with most third-party services easily and instantly. However, in some cases, you may need to connect to your servers from specific IP addresses, and access resources that lie behind a protective firewall.

This can be achieved in webMethods.io Integration. We provide a set of static IP addresses that you need to allow in your firewall. This will allow webMethods.io Integration to make connections to your servers (in order to SSH or to access services like MySQL) and run the required integrations successfully.

Allowing IP Addresses

Currently, the webMethods.io Integration platform is available on two Cloud Vendors - Amazon Web Services (AWS) and Microsoft Azure. Based on the vendor and the associated region selected by you at the time of creating your webMethods.io Integration tenant, you need to allow relevant IPs to establish the connectivity between webMethods.io Integration and your on-premises Integration Servers.

The following table describes the IPs to be allowed and the ports to open for cloud connectivity. Locate the region your tenant belongs to and allow the relevant IP addresses.

Note: Go to the Software AG Cloud Regions website and click the Show IP option for information on the list of IP addresses.

IP address categories Description and ports to open Use cases
NAT Gateway IPs If there is a direct communication from the cloud system to your on-premises server and if you are using a REST Application to connect to your system, allow the NAT Gateway IPs. Open the port number of your on-premises servers, if your on-premises environment has exposed any server to the cloud or outside world for cloud to on-premises direct connectivity.
For example, if you are running JBoss server on port 443, expose port 443 on your data center and also allow the traffic from the NAT Gateway IPs.
  • Applicable only for direct cloud to on-premises connectivity
  • Not required for Hybrid connectivity
UM IPs and UM NLB IPs Allow outbound traffic from on-premises to the cloud by allowing the cloud Universal Messaging (UM) IPs and UM NLB (network load balancer) IPs and also open the ports 443 and 8443.
  • Applicable for only Hybrid connectivity where on-premises Integration Server connects to the NLBs and the cloud UM servers.
NLB IPs Applicable for connectivity between on-premises to cloud systems, that is, outbound traffic from on-premises to the cloud. Allow the NLB IPs and also open the ports 443 and 8443.
  • Hybrid connectivity
  • Web application
  • REST API or SOAP API invocation or FlowService invocation over HTTPs
  • On-premises to cloud connectivity
Custom Domain NLB IPs If you are using custom domains, allow the custom domain NLB IPs and also open the ports 443 and 8443.
  • Hybrid connectivity
  • Web application
  • REST API or SOAP API invocation or FlowService invocation over HTTPs
  • On-premises to cloud connectivity

To have the Mysql/MSSQL/FTP connectivity working for AWS US (Oregon) based tenants, allow the below IPs:

To have the Mysql/MSSQL/FTP connectivity working for AWS EU (Frankfurt) based tenants, allow the below IPs:

Once you add these addresses to your firewall, you should be able to connect to your resources from webMethods.io Integration easily. If not, contact Software AG Global Support and the Software AG Cloud Operations teams with the required details.