This article describes our recommendations for configuring a firewall for use with Zendesk. The Zendesk cloud is hosted by Amazon Web Services (AWS). As part of these recommendations, we’ve included a link to download AWS IP address ranges for your reference.
- If your server policy restricts inbound traffic only, whitelisting the AWS IP addresses should suffice.
- If you filter both inbound and outbound traffic:
- We highly recommend whitelisting with both the Fully Qualified Domain Name (FQDN) of your Zendesk subdomain as well as the AWS IP addresses.
- If the firewall doesn’t support FQDN-based whitelisting, we recommend you disable outbound filtering or upgrade to a firewall that supports this feature. rather than try to restrict outbound traffic using IPs only, which can cause issues. If you can’t disable outbound filtering or upgrade your firewall you can temporarily work around this by resolving your FQDN to an IP address using this DNS Lookup Tool. However, because the IP address can change at any time, we don’t recommend using this method.
Refer to AWS IP address ranges to download a list of the Zendesk public IP addresses.
- To be notified about IP address changes, subscribe to AWS IP Address Ranges Notifications.
- Alternatively, to maintain history, Amazon recommends saving successive versions of the .json file on your system. You can write a script to do this. To determine whether there have been changes since the last time that you saved the file, check the publication time in the current file and compare it to the publication time in the last file that you saved.
- AWS publishes IP address ranges in Classless Inter-Domain Routing (CIDR) notation. If your firewall's whitelisting rules do not accept this format, use this tool to convert the CIDR into IP ranges.
Outbound Email Servers IP addresses are listed in our SPF record, which we update as needed. Our SPF record can be read using this Lookup Tool or by using these commands:
host -t TXT mail.zendesk.com
dig txt mail.zendesk.com
IP addresses used by Insights
For information about obtaining and whitelisting GoodData IP addresses for Insights, see IP Whitelisting on the GoodData web site.
For whitelisting Explore, configure your firewall to allow these records as the trusted origins: