webMethods SaaS IP addresses

IBM webMethods SaaS products connect with most third-party services. However, sometimes you need to connect to your servers from specific IP addresses and access resources that lie behind a protective firewall. A set of static IP addresses that you need to allow in your firewall is provided. Depending on the infrastructure provider and the associated region you selected when the tenant is created, you need to allow the relevant IP addresses for establishing connectivity. After the allowed IP addresses are added, you are able to connect to your resources.

Inbound IP Address behavior and connectivity guidance

A static list of inbound public IPv4 addresses is not available due to dynamic allocation. These IPs are managed by external cloud providers such as Cloudflare, AWS, and Azure, and may change at any time without notice. Because these addresses are dynamic and outside of direct control, advance notice of changes cannot be provided. Blocking or restricting traffic based on specific IPs may result in connectivity issues if those IPs change. Such issues are beyond the service provider’s control and cannot be resolved on their behalf.

To ensure reliable and secure connectivity:

• Use domain-based allowlisting (FQDNs) instead of static IP addresses.
• Configure firewalls or proxies to support DNS-based rules and respect DNS Time-To-Live (TTL) values, which define how long a DNS response is cached before being refreshed. This helps keep configurations up to date with any backend IP changes.
• Use wildcard domains such as *.service.domain.com, where applicable, to account for dynamic endpoints. If regions and the endpoints consistently share the same prefix, using wildcards is often the best practice.