IICS secure agent IP address whitelist incomplete
Lu Zhou Feb 7, 2019 8:13 AMHi,
In my company, most of our application servers are in a "secure" zone, communication with Informatica Cloud need to be explicitly whitelisted on the Firewall.
In order to get the Informatica IICS secure agent to work, I need to pass the information of IP addresses to the network team to be whitelisted. But I am not sure if I have covered the complete range of IPs.
I read information in the FAQ 524982, FAQ 566418, FAQ 533496 and FAQ 535281 and requested the following IP addresses to be whitelisted:
FAQ 524982
NA instance all
Primary IP Addresses, Disaster Recovery IP Addresses
52.24.61.131, 52.205.75.129
52.11.251.104, 107.23.162.216
50.112.49.143, 52.3.153.17
52.10.243.198, 52.4.49.138
34.211.40.58, 18.205.145.16
54.69.116.168, 34.196.111.175
34.213.159.62
54.191.222.209
54.148.162.18
52.40.243.250
52.36.242.47
52.40.102.26
IP Address Range for IICS USW3 pod/US West 3 (in addition to the Identity Service and Package Dependency Manager IP Addresses above)
Primary IP Addresses, Disaster Recovery IP Addresses
52.88.61.96, 107.23.73.191
54.191.56.244, 52.4.94.16
35.166.78.117, 34.192.23.61
54.201.136.247, 107.23.71.56
34.217.226.198, 52.4.57.103
54.200.198.134, 54.86.155.230
FAQ 566418
40.91.74.126
FAQ 533496
IICS USW3 pod/US West 3
Primary IP Addresses, Disaster Recovery IP Addresses
34.218.40.109, 18.233.82.242
34.215.16.250, 35.153.97.244
FAQ 535281
IP Address Ranges for IICS USW3 POD (North America POD3)
Primary IP Addresses
52.34.68.88
54.187.67.94
54.190.0.113
52.40.70.248
54.187.52.95
35.167.148.55
34.218.40.109
34.215.16.250
I haven't requested the IP addresses of all PODs to be whitelisted as we only used 'US West 3' pod, the urls we use:
https://dm-us.informaticacloud.com/ma/...
https://usw3.dm-us.informaticacloud.com/cloudUI/...
I installed the IICS secure agent on a Linux Server, after starting the agent and running the configuration commands:
./infaagent startup
./consoleAgentManager.sh configure myusername 'password'
./consoleAgentManager.sh getStatus
--------------------------------
JAVA_HOME=/infaagent/apps/agentcore/../../jre
READY
--------------------------------
The agent has been displayed as 'Up and Running' in the Informatica Cloud Runtime Environments. I was able to create a new connection with type 'salesforce', after entering my salesforce username, password and security token, I clicked 'Test Connection' button, it showed:
"The test for this connection was successful."
The service URL is https://login.salesforce.com/services/Soap/u/31.0
I created a synchronization task to load a flat file into salesforce Account object, it returned a 'Failed' status and a message:
[FATAL] Login failed. User [myuserid@mydomainname.com]. Fault code [SOAP-ENV:Client]. Reason [Error observed by underlying BIO: Connection reset by peer].
I then installed the IICS secure agent on a different Linux server which is outside the secure zone(IP whitelist is not required), the synchronization task completed successfully, so the user login wasn't the problem, instead the server from the secure zone was blocked by the firewall.
My colleague in the network team told me they could see the blocked IP addresses: 136.147.57.44 and 136.147.58.172 from the failed task, but I couldn't see these IP addressed mentioned in the FAQ.
Is there any other FAQ for IICS IP whitelist I missed? Any suggestion would be appreciated.
Many thanks
Lu