2 Replies Latest reply on Feb 12, 2019 2:56 AM by Lu Zhou

    IICS secure agent IP address whitelist incomplete

    Lu Zhou New Member


      In my company, most of our application servers are in a "secure" zone, communication with Informatica Cloud need to be explicitly whitelisted on the Firewall.


      In order to get the Informatica IICS secure agent to work, I need to pass the information of IP addresses to the network team to be whitelisted. But I am not sure if I have covered the complete range of IPs.


      I read information in the FAQ 524982, FAQ 566418, FAQ 533496 and FAQ 535281 and requested the following IP addresses to be whitelisted:

      FAQ 524982 

      NA instance all

      Primary IP Addresses, Disaster Recovery IP Addresses,,,,,,



      IP Address Range for IICS USW3 pod/US West 3 (in addition to the Identity Service and Package Dependency Manager IP Addresses above)

      Primary IP Addresses, Disaster Recovery IP Addresses,,,,,,


      FAQ 566418


      FAQ 533496

      IICS USW3 pod/US West 3

      Primary IP Addresses, Disaster Recovery IP Addresses,,


      FAQ 535281

      IP Address Ranges for IICS USW3 POD  (North America POD3)

      Primary IP Addresses


      I haven't requested the IP addresses of all PODs to be whitelisted as we only used 'US West 3' pod, the urls we use:




      I installed the IICS secure agent on a Linux Server, after starting the agent and running the configuration commands:

      ./infaagent startup

      ./consoleAgentManager.sh configure myusername 'password'

      ./consoleAgentManager.sh getStatus






      The agent has been displayed as 'Up and Running' in the Informatica Cloud Runtime Environments. I was able to create a new connection with type 'salesforce', after entering my salesforce username, password and security token, I clicked 'Test Connection' button, it showed:

      "The test for this connection was successful."

      The service URL is https://login.salesforce.com/services/Soap/u/31.0


      I created a synchronization task to load a flat file into salesforce Account object, it returned a 'Failed' status and a message:

      [FATAL] Login failed. User [myuserid@mydomainname.com]. Fault code [SOAP-ENV:Client]. Reason [Error observed by underlying BIO: Connection reset by peer].


      I then installed the IICS secure agent on a different Linux server which is outside the secure zone(IP whitelist is not required), the synchronization task completed successfully, so the user login wasn't the problem, instead the server from the secure zone was blocked by the firewall.


      My colleague in the network team told me they could see the blocked IP addresses: and from the failed task, but I couldn't see these IP addressed mentioned in the FAQ.


      Is there any other FAQ for IICS IP whitelist I missed? Any suggestion would be appreciated.


      Many thanks



        • 1. Re: IICS secure agent IP address whitelist incomplete
          Neeraj Upadhyay Support Moderators

          Do you have a Proxy in your environment?

          If yes please check if the secure agent is configured to use Proxy details


          Since the issue is happening at runtime setting proxy details in JVM options can help


          Check this Kb: 173787 

          • 2. Re: IICS secure agent IP address whitelist incomplete
            Lu Zhou New Member

            Thank you, Neeraj


            No, we don't have a Proxy.


            In my synchronization task, I used two connections:

            1. flat file connection (source)

            2. salesforce connection (target)

            Both were successful when I clicked 'Test connection' button in the Informatica Cloud. However for the second one, the testing might have run between Informatica Cloud and Salesforce.com which was fine, but the synchonization task was running between the secure agent and salesforce.com, perhaps the firewall blocked the communication from our server to salesforce.com.


            I have requested the following IP ranges (list in Help | Training | Salesforce, ARIN and RIPE as we are using EMEA instance) to be whitelisted:

            IPv4 Network, IPv4 IP Range

  , -

  , -

  , -

  , -

  , -

  , -

  , -

  , -

  , -

  , -

  , -


            I then re-run the task, unfortunately it failed again. I would be grateful for any suggestions/comments.


            Many thanks