Defining allowed IP addresses

webMethods Integration connects easily with most third-party services. To reach servers behind a firewall, webMethods Integration uses specific IP addresses. webMethods Integration uses a set of static IP addresses that you allow in your firewall. It helps to connect to your servers to run integrations, use SSH, or access services like MySQL. Learn about the set of static IP addresses that you must allow in your firewall.

webMethods Integration is available in several geographical regions, operated by different infrastructure providers. Currently, webMethods Integration is available on Amazon Web Services (AWS) and Microsoft Azure. You can allow specific IP addresses based on the infrastructure provider and region that you choose when you create a tenant. After the allowed IP addresses are added, you are able to connect to your resources from webMethods Integration.

Note: See outbound IP addresses for the list of allowed IP addresses.

Allowed IPs and ports to open for cloud connectivity

The following table describes the IP addresses to be allowed and the ports to open for cloud connectivity. Locate the region that your tenant belongs to and allow the relevant IP addresses.

IP address categories Description and ports to open Use cases
NAT Gateway IPs If the cloud connects directly to your on-premises server by using a REST application, allow the NAT Gateway IPs. Open the port number of your on-premises servers if any server is made accessible to the cloud or external systems for direct cloud-to-on-premises connectivity. For example, if you are running JBoss® server on port 443, expose port 443 on your data center and also allow the traffic from the NAT Gateway IPs.
  • Applicable only for direct cloud to on-premises connectivity
  • Not required for Hybrid connectivity
UM IPs and UM Load Balancer IPs Allow outbound traffic from on-premises to the cloud by allowing the cloud Universal Messaging (UM) IP addresses and load balancer (LB) IP addresses and also open the ports 443, 8443, 7443. Port 7443 is applicable for Microsoft Azure data centers only. If your firewall uses domain name for outbound traffic, then use dynamic UM hostname format applicable for your data center.
  • Applicable for only Hybrid connectivity where on-premises Integration Server connects to the LBs and the cloud UM servers.
Load Balancer IPs Applicable for connectivity between on-premises to cloud systems, that is, outbound traffic from on-premises to the cloud. Allow the load balancer IP addresses and also open the ports 443, 8443, 7443. Port 7443 is applicable for Microsoft Azure data centers only.
  • Hybrid connectivity
  • Web application
  • REST API or SOAP API invocation or flow service invocation over HTTPs
  • On-premises to cloud connectivity