Configuring your firewall for use with Zendesk

Have more questions? Submit a request

67 Comments

  • Liina
    Comment actions Permalink

    Are there a new set of IPs? We've whitelisted every IP in this list but there seems to be requests from different IPs.

    0
  • Brian Green
    Comment actions Permalink

    Hi Liina,

    No new IP's here, so I've created a ticket to work with you more directly. See you there.

    0
  • Jamison Donato
    Comment actions Permalink

    We use a Palo Alto Networks firewall which allows use of external dynamic lists.  

    Is there a way to utilize this feature for this list so we dont have to manually update the list every time theres an IP change?  Or at least a simple txt file with these IP's listed? 

    For Reference:  

    An external dynamic list is an address object based on an imported list of IP addresses, URLs, or domain names that you can use in policy rules to block or allow traffic. This list must be a text file saved to a web server that is accessible by the firewall.

    2
  • Richard Hartley
    Comment actions Permalink

    We have been using Zendesk for a few weeks now and still haven't managed to get it working properly due to issues with our web-filtering/firewall settings.  The web filters and firewalls are managed by various 3rd parties who have said it's not their job to interpret the information in the article.  So I guess it's our job, as their customer, to do the interpreting!

    The points that they have raised are as follows:

    1. The article only lists IP’s not FQDNs – ZenDesk themselves advise not to use IPs due to their use of dynamic services in AWS.
    2. No TCP/UDP port information is provided – Can the application be assumed to use HTTP/HTTPS over TCP 80/443?
    3. Beyond the main “Zendesk” FQDN, do any other FQDN’s also need to be excluded from the proxy? This is not covered in the article – Prior to the requirement for locking down the accessible IPs we were dealing with ‘CORS’ issues, this identified the site uses multiple resources across different FQDNs. Perhaps these also need to be bypassed to avoid getting blocked by the IP restrictions filter?

    For question 1, what are the FQDNs we should be providing? I know there is [subdomain].zendesk.com which is simple enough to provide but are there more and if so, how do we know what they are?

    Sorry if these are simple questions for which the answers should be obvious.  Since they are being asked by external IT security experts, and we are already into week 4 of trying to get this resolved, I think it's worth me asking here in the hope that someone can provide the necessary answers.

     

    0
  • N & P
    Comment actions Permalink

    My question is regarding the disclaimer at the top of this article: 

    Note: This is not a complete list of IP addresses needed to use Zendesk products. If you're on a Pod numbered 12 or above, you may see some IP addresses slightly outside these ranges due to AWS networking.

    We are using JWT auth with the Zendesk SDK for ticketing in our app. According to our dashboard, we are hosted in a Pod numbered above 12. So, if a request comes to our JWT endpoint outside of the published list above, we will deny the request and the user will not be able to open a ticket. This is a deal breaker for us. Is it possible to move to another Pod? What are our options?

    1
  • Anders Feijen
    Comment actions Permalink

    Hi all.

    The company I work for has been using Zendesk for about a month now. The process of adapting from an MS Outlook point-of-view is beginning to show results, tickets from e-mails are being resolved.

    The main problem we're facing is the how to implement ZD Talk. Currently we can't speak to our customers in ZD Talk, due to firewall issues. We have an onpen ticket with ZD Support regarding this, which recently has been elevated to Tier2.

    Meanwhile, I'd like to check with everyone that are using ZD Talk:

    How exactly have you solved the issue of accepting traffic from the list of IP numbers that needs to be allowed for ZD Talk to function properly?

    Our IT dep. is reluctant to approve all of the IPs listed and I'm thinking that there should be other companies struggling with the same problem. We're operating from Sweden, if that could be of use, when replying to this.

    Hoping for some good advice on how to proceed!

    Best regards!

    0
  • Allen Hancock
    Comment actions Permalink

    Given this recent change & complete removal of IPs

     

     The Zendesk cloud is hosted by Amazon Web Services (AWS). As part of these recommendations, we’ve included a link to download AWS IP address ranges for your reference.

     

    is there any guidance offered as to which parts of AWS one would whitelist? 

    • Which region(s)?
    • Which product types.. ec2 nlb, etc

    I'm aware that to do so may broadcast a bit of infrastructure that Zendesk may not care to give out.

     

     

    0

Please sign in to leave a comment.

Powered by Zendesk