Firewall Friendly IPs

Know more about the allowed IPs and the ports to open for cloud connectivity.

Allowed IP Addresses

IBM webMethods Integration connects with most third-party services easily and instantly. However, in some cases you may need to connect to your servers from specific IP addresses and access resources that lie behind a protective firewall. This can be achieved in IBM webMethods Integration. We provide a set of static IP addresses that you need to allow in your firewall. This allows IBM webMethods Integration to make connections to your servers (in order to SSH or to access services like MySQL) and run the integrations successfully.

IBM webMethods iPaaS products are available in several geographical regions, operated by different infrastructure providers. Currently, IBM webMethods Integration is available on Amazon Web Services (AWS) and Microsoft Azure. Based on the infrastructure provider and the associated region selected by you at the time of creating your tenant, you need to allow relevant IPs to establish connectivity. Once you add the allowed IP addresses, you should be able to connect to your resources from IBM webMethods Integration.

Tenant URL and IBM webMethods iPaaS Region

This section helps you to identify the IBM webMethods iPaaS Region based on your tenant URL. Once you identify your cloud region, go to the IP addresses page for the IP addresses applicable for the cloud products.

IBM webMethods Integration

Sample Tenant URL IBM webMethods iPaaS Region
https://tenantname.int-aws-us.webmethods.io/integration US1 Oregon AWS
https://tenantname.int-az-us.webmethods.io/integration US2 East Azure
https://tenantname.int-aws-de.webmethods.io/integration EU2 Frankfurt AWS
https://tenantname.int-az-eu.webmethods.io/integration EU3 West Azure
https://tenantname.int-az-au.webmethods.io/integration AU1 Australia East Azure

IBM webMethods B2B

Sample Tenant URL IBM webMethods iPaaS Region
https://tenantname.int-aws-us.webmethods.io/b2b US1 Oregon AWS
https://tenantname.int-az-us.webmethods.io/b2b US2 East Azure
https://tenantname.int-aws-de.webmethods.io/b2b EU2 Frankfurt AWS
https://tenantname.int-az-eu.webmethods.io/b2b EU3 West Azure
https://tenantname.int-az-au.webmethods.io/b2b AU1 Australia East Azure

IBM webMethods API Gateway

Sample Tenant URL IBM webMethods iPaaS Region
Non CA3S based:
https://tenantname.gateway.webmethodscloud.com/apigatewayui/#/login
CA3S based:
https://tenantname.apigw-aw-us.webmethods.io/apigatewayui/#/login
US1 Oregon AWS
Non CA3S based:
https://tenantname.gateway.webmethodscloud.de/apigatewayui/#/login
CA3S based:
https://tenantname.apigw-aw-eu.webmethods.io/apigatewayui/#/login
EU2 Frankfurt AWS
https://tenantname.apigw-az-au.webmethods.io/apigatewayui/#/login AU1 Australia East Azure
https://tenantname.apigw-az-us.webmethods.io/apigatewayui/#/login US2 East Azure
https://tenantname.apigw-az-eu.webmethods.io/apigatewayui/#/login EU3 West Azure

IBM webMethods Cloud Container

Sample Tenant URL IBM webMethods iPaaS Region
https://tenantname.container.webmethodscloud.com US1 Oregon AWS
https://tenantname.container.webmethodscloud.eu EU1 Ireland AWS
https://tenantname.container.webmethodscloud.de EU2 Frankfurt AWS
https://tenantname.cc-az-eu.webmethodscloud.com EU3 West Azure
https://tenantname.cc-aw-au.webmethodscloud.com AU2 Sydney AWS

IBM webMethods Embed

Sample Tenant URL IBM webMethods iPaaS Region
https://tenantname.int-aws-us.webmethods.io/embed US1 Oregon AWS
https://tenantname.int-aws-de.webmethods.io/embed EU2 Frankfurt AWS

Allowed IPs and ports to open for cloud connectivity

The following table describes the IPs to be allowed and the ports to open for cloud connectivity. Locate the region your tenant belongs to and allow the relevant IP addresses.

IP address categories Description and ports to open Use cases
NAT Gateway IPs If there is a direct communication from the cloud system to your on-premises server and if you are using a REST Application to connect to your system, allow the NAT Gateway IPs. Open the port number of your on-premises servers, if your on-premises environment has exposed any server to the cloud or outside world for cloud to on-premises direct connectivity.
For example, if you are running JBoss server on port 443, expose port 443 on your data center and also allow the traffic from the NAT Gateway IPs.
  • Applicable only for direct cloud to on-premises connectivity
  • Not required for Hybrid connectivity
UM IPs and UM Load Balancer IPs Allow outbound traffic from on-premises to the cloud by allowing the cloud Universal Messaging (UM) IPs and Load Balancer (LB) IPs and also open the ports 443, 8443, 7443. Note that port 7443 is applicable for Microsoft Azure data centers only.
Note: If your Firewall uses domain name for outbound traffic, then use dynamic UM host name format applicable for your data center. For example,
*.um.int-aws-us.webmethods.io
*.um.int-az-au.webmethods.io
  • Applicable for only Hybrid connectivity where on-premises Integration Server connects to the LBs and the cloud UM servers.
Load Balancer IPs Applicable for connectivity between on-premises to cloud systems, that is, outbound traffic from on-premises to the cloud. Allow the Load balancer IPs and also open the ports 443, 8443, 7443. Note that port 7443 is applicable for Microsoft Azure data centers only.
  • Hybrid connectivity
  • Web application
  • REST API or SOAP API invocation or Flow service invocation over HTTPs
  • On-premises to cloud connectivity
Custom Domain Load Balancer IPs If you are using custom domains, allow the custom domain Load Balancer IPs and also open the ports 443, 8443, 7443. Note that port 7443 is applicable for Microsoft Azure data centers only.
  • Hybrid connectivity
  • Web application
  • REST API or SOAP API invocation or Flow service invocation over HTTPs
  • On-premises to cloud connectivity