This article describes our recommendations for configuring a firewall for use with Zendesk. The Zendesk cloud is hosted by Amazon Web Services (AWS). As part of these recommendations, we’ve included a link to download AWS IP address ranges for your reference.
- If your server policy restricts inbound traffic only, whitelisting the AWS IP addresses should suffice.
- If you filter both inbound and outbound traffic:
- We highly recommend whitelisting with both the Fully Qualified Domain Name (FQDN) of your Zendesk subdomain as well as the AWS IP addresses.
- If the firewall doesn’t support FQDN-based whitelisting, we recommend you disable outbound filtering or upgrade to a firewall that supports this feature. rather than try to restrict outbound traffic using IPs only, which can cause issues. If you can’t disable outbound filtering or upgrade your firewall you can temporarily work around this by resolving your FQDN to an IP address using this DNS Lookup Tool. However, because the IP address can change at any time, we don’t recommend using this method.
Refer to AWS IP address ranges to download a list of the Zendesk public IP addresses.
Outbound Email Servers IP addresses are listed in our SPF record, which we update as needed. Our SPF record can be read using this Lookup Tool or by using these commands:
host -t TXT mail.zendesk.com
dig txt mail.zendesk.com
IP addresses used by Insights
For information about obtaining and whitelisting GoodData IP addresses for Insights, see IP Whitelisting on the GoodData web site.
For whitelisting Explore, configure your firewall to allow these records as the trusted origins: