Overview
This article explains the IP ranges that need to be whitelisted on the customer's side for Cloudfront and other Jive services.
There are two fluxes of information that pass through the customer's corporate firewall: outbound connections and inbound connections.
Outbound connections are those initiated by the customer (by the end-user browser) in order to retrieve content from the Jive instance (for example, images and blog posts).
Inbound connections are those initiated by Jive in order to connect to the customer's LDAP (or internal SSO). If you do not use LDAP authentication or equivalent, you do not need to whitelist inbound connections on your firewall.
Solution
Outbound connections
For outbound connections, most customers do not require whitelisting, but in case you are required to, you need to whitelist the Jive CDN (Content Delivery Network). As of today, the CDN of choice is Cloudfront. If possible, it is advised to whitelist by domain name: *.cloudfront.net. In case this is not possible, the list of Cloudfront IPs is published from Amazon in JSON format at this address (included here for reference):
{"CLOUDFRONT_GLOBAL_IP_LIST": ["120.52.22.96/27", "205.251.249.0/24", "180.163.57.128/26", "204.246.168.0/22", "205.251.252.0/23", "54.192.0.0/16", "204.246.173.0/24", "120.253.240.192/26", "116.129.226.128/26", "99.86.0.0/16", "205.251.200.0/21", "223.71.71.128/25", "13.32.0.0/15", "120.253.245.128/26", "13.224.0.0/14", "70.132.0.0/18", "210.51.40.0/24", "13.249.0.0/16", "205.251.208.0/20", "65.9.128.0/18", "58.254.138.0/25", "116.129.226.0/25", "52.222.128.0/17", "64.252.128.0/18", "205.251.254.0/24", "71.152.0.0/17", "216.137.32.0/19", "204.246.172.0/24", "120.52.39.128/27", "118.193.97.64/26", "223.71.71.96/27", "130.176.0.0/16", "54.240.128.0/18", "205.251.250.0/23", "180.163.57.0/25", "52.46.0.0/18", "223.71.11.0/27", "52.82.128.0/19", "54.239.128.0/18", "36.103.232.128/26", "52.84.0.0/15", "111.51.66.0/24", "143.204.0.0/16", "144.220.0.0/16", "120.52.153.192/26", "119.147.182.0/25", "120.232.236.0/25", "54.182.0.0/16", "58.254.138.128/26", "120.253.245.192/27", "54.239.192.0/19", "120.52.12.64/26", "99.84.0.0/16", "54.230.0.0/16", "52.124.128.0/17", "204.246.164.0/22", "13.35.0.0/16", "204.246.174.0/23", "36.103.232.0/25", "119.147.182.128/26", "118.193.97.128/25", "120.232.236.128/26", "204.246.176.0/20", "65.8.0.0/16", "65.9.0.0/17", "120.253.241.160/27", "64.252.64.0/18"], "CLOUDFRONT_REGIONAL_EDGE_IP_LIST": ["13.124.199.0/24", "35.167.191.128/26", "18.200.212.0/23", "99.79.169.0/24", "52.15.127.128/26", "34.223.12.224/27", "54.233.255.128/26", "13.54.63.128/26", "13.59.250.0/26", "3.234.232.224/27", "52.66.194.128/26", "13.228.69.0/24", "18.216.170.128/25", "3.231.2.0/25", "52.220.191.0/26", "34.232.163.208/29", "35.162.63.192/26", "34.223.80.192/26", "34.226.14.0/24", "13.113.203.0/24", "34.195.252.0/24", "52.52.191.128/26", "52.56.127.0/25", "34.216.51.0/25", "52.199.127.192/26", "52.212.248.0/26", "13.210.67.128/26", "35.158.136.0/24", "52.57.254.0/24", "52.78.247.128/26", "52.47.139.0/24", "3.236.48.0/23"]}
Note: some customers are still, fully or in part, using Akamai as CDN, but if your instance was set up in the past and it is working at the moment, there is no need to make any change for Akamai. You just need to add Cloudfront IPs (or the Cloudfront domain) as advised above.
Inbound connections
For inbound connections, in case Jive servers connect through your firewall to services inside your corporate network (mostly LDAP or equivalent), the list of IP to be whitelisted is:
For Jive Cloud
- AWS US-East-1: 34.192.45.122, 34.198.91.162, 34.231.78.214, 34.225.172.123, 34.193.143.104, 52.55.123.87, 52.20.222.9, 34.230.231.2, 34.197.60.63, 52.207.30.159
- AWS EU-West-1: 54.154.171.198, 108.129.50.14, 52.31.199.172, 34.247.7.187, 34.252.244.183, 52.211.222.108
For Jive Hosted
- AWS US-East-1: 3.213.1.211
- AWS EU-West-1: 63.33.30.202
Note: some Hosted customers have a dedicated VPN connection from the Jive instance to their corporate network. In this case, there is no need to whitelist any public IP, as the connection will come from private ip addreses.
Comments
0 comments
Please sign in to leave a comment.