Configuring your firewall for use with Zendesk

Have more questions? Submit a request

65 Comments

  • Bart Brosens
    Comment actions Permalink

    Hi there,

    We had some issues with our Jira integration yesterday. we couldn't link zendesk tickets to Jira anymore.

    We noticed a lot of traffic coming from IP 34.253.42.1 (amazon)
    When we whitelisted this IP, the integration worked again.

    Is it possible you are using additional IP's that are not documented above?

    Thanks!
    Regards,

    Bart

     

     

    0
  • Amy Malka
    Comment actions Permalink

    Hi everyone! Please note that the list of IPs in this article has been updated.

    1
  • Keith @ Zendesk
    Comment actions Permalink

    Hey Bart,

     

    That looks like one of the ones we recently added to the list, so you should be good going forward.

    0
  • Benjamin Wylie
    Comment actions Permalink

    Please can we have this list accessible through the api or via a published xml document that we can use to automate this process?

    2
  • Jessie Schutz
    Comment actions Permalink

    Hey Benjamin!

    That's a good suggestion...I'll be sure to pass it along!

    0
  • Jessie Schutz
    Comment actions Permalink

    The following IPs have been deprecated and removed from the list:

    96.46.150.192/27
    96.46.156.0/24
    174.137.46.0/24
    0
  • Tidar Haryo Sularso
    Comment actions Permalink

    Hi there,

    We had some issues with our API calls integration. Basically we are developing zendesk widgets using ZAF and calls our internal services from it. We have two clusters with similar setup and same widgets.

    Cluster one, we do IP whitelist with the help of IP range mentioned in this article, and the call working fine.

    Cluster two, we do the same process, but the calls getting rejected with 4xx error, basically our service rejecting the requester/caller IP. When we tail the logs from our service we get this IP:

    36.69.145.22

    I dont this its anywhere there on your list. API call from zendesk widget should be server sided right?

    Also is there any way or any API that maintain all iof the zendesk public IPs so we dont have to do the process manually? (as you said the list gets updated from time to time, right?)

     

    2
  • Benjamin Towne
    Comment actions Permalink

    Hey Tidar!

    Looks like you already have a separate ticket open with us and someone from support has reached out. :)

    Unfortunately we do not have any API endpoint that contains all of the Zendesk Public IPs yet.

    I'll make sure to get this feature request passed along to the correct team.

    1
  • Roberto Martin
    Comment actions Permalink

    Hi there,

    Do you know how often IPs change? This will inform decisions about how we manage this whitelisting.

    Thanks

    1
  • Aimee Spanier
    Comment actions Permalink

    Hi, all. We've just added a few new IP addresses to the list:

     

    104.18.70.113
    104.18.71.113
    104.18.72.113
    104.18.73.113
    104.18.74.113

    1
  • Jonny
    Comment actions Permalink

    Hey0 Roberto! 

    Thanks for leaving us with your question :)

    From what I understand, there isn't a set pattern on the changing behaviors of an IP address, but they can change at any point in time. However, it isn't a change that doesn't happen very often. 

    Hope that helps!

    0
  • Rob Stack
    Comment actions Permalink

    Hi all, I've just added the following new IP addresses to this article.

     

    18.233.240.4/32
    35.171.179.180/32
    54.88.153.44/32
    34.199.96.193/32
    35.153.123.152/32
    52.2.33.185/32
    54.190.230.46/32
    54.71.249.105/32
    54.245.210.112/32
    52.33.130.83/32
    54.203.161.166/32
    54.200.201.186/32
    52.214.141.52/32
    52.31.82.113/32
    52.49.113.232/32
    34.254.62.10/32
    34.247.211.51/32
    34.253.246.236/32
    18.184.231.213/32
    18.194.206.174/32
    18.197.30.168/32
    18.185.65.168/32
    18.185.52.110/32
    18.194.247.215/32
    18.206.72.19/32
    34.197.211.159/32
    54.172.209.60/32
    34.206.241.1/32
    34.225.199.37/32
    54.172.126.223/32
    50.112.215.172/32
    52.36.128.200/32
    54.71.103.5/32
    54.203.135.202/32
    54.203.198.138/32
    52.43.45.99/32

    1
  • Allen Hancock
    Comment actions Permalink

    Thanks for all the updates, it's great to see!

     

    With the introduction of cloudflare, I wonder if there's a delineation between IPs that Zendesk might reach out on, vs ones we might need to allow to reach Zendesk?

     

    Thanks!

    0
  • John Grenz
    Comment actions Permalink

    Thanks for removing from the article list the 3 that Jessie said were removed on 6/12/18.  Also found there are 3 IPs listed twice on the article list, just fyi on the duplicates.

    52.203.0.71/32
    52.203.58.200/32
    52.63.26.17/32

    Thanks,

     

    1
  • Rob Stack
    Comment actions Permalink

    John, thanks for the heads-up about the duplicates. Appreciate it! I've now removed them.

    0
  • Allen Hancock
    Comment actions Permalink

    Not all entries end in their mask (eg some are missing /32) 

     

    for those who love to copy & paste, could we get the main list preened to show exact IP range?

     

    Thanks!

    0
  • Rob Stack
    Comment actions Permalink

    Hi all, the following IPs have been removed from the list:

    52.214.141.52
    52.31.82.113
    52.49.113.232
    34.254.62.10
    34.247.211.51
    34.253.246.236
    18.184.231.213
    18.194.206.174
    18.197.30.168
    18.185.65.168
    18.185.52.110
    18.194.247.215
    50.112.215.172
    52.36.128.200
    54.71.103.5
    54.203.135.202
    54.203.198.138
    52.43.45.99

    1
  • Kevin Martin
    Comment actions Permalink

    Hi All,

    Can Zendesk add an API endpoint that returns an array of IPs used based on your current Pod so that we can programmatically update our internal access controls?

    0
  • Luis Muegues
    Comment actions Permalink

    This will require some level of security, authentication and for sure some kind of encryption.

    I see it as risky action. Imagine the packets in the network get successfully intercepted (by some good man in the middle attacker focussed in your network) when after you perform the get action to get the list of IP addresses of Zendesk by some job. Then, he can actually inject his IP addresses into the list and open up your firewall for further attacks.

    What do you think? 

    0
  • Kevin Martin
    Comment actions Permalink

    It would need to be secured just like the rest of the Core API endpoints. It would also need to gather details about your current pod so that it could provide an accurate list for each customer based on that pod.

    https://developer.zendesk.com/rest_api/docs/core/introduction#security-and-authentication

    0
  • Richard Giddens
    Comment actions Permalink

    This is a fairly annoying way to do things. I'd like to add my voice to requesting an API endpoint to retrieve these, even better being able to narrow this down to our pod only... doesn't work when I lookup the A record and whitelist that only. Adding this many addresses to my whitelist makes me anxious... 

     

     

    0
  • Joe Koenig
    Comment actions Permalink

    It would really be appreciated if you guys could either use gateway's for outbound traffic, or tell us what they are. Anyone that leaves unnecessary ports open to the world these days is crazy, but to try to constantly update a whitelist after hearing from users that integrations aren't working is frustrating. If the machines are set to route out a number of common gateways and those were listed, it would make it MUCH easier to whitelist those gateway addresses that we need to allow in for JIRA integration. Just my $0.02.

    4
  • Frank Lück
    Comment actions Permalink

    so far we have around 100 ip's to whitelist - can we please reduce this to less than 5?

    upvote for Joe Koenig - thanks!

    0
  • Andrei Balcanasu
    Comment actions Permalink

    Added two new ingress IPs:

    104.18.172.234
    104.18.173.234
    1
  • John Grenz
    Comment actions Permalink

    I've been following this article for some time now and maintaining the list of IPs we whitelist with all the post updates for removals and new additions, with the latest 2 new ones as of 10/19/18.  I was comparing my full list I had to the main master list of the article.  I had 86 total IPs on my list, but the main article list has 98 IPs.  So I found there were these 12 new IPs that are on the master list that I did not have on my list.  I searched all the postings to see if maybe I missed a post about them, but didn't see anything.

    So here are the 12 IPs I see were added without a post update, any idea the date these were added?

    18.205.33.7/32
    18.236.24.80/32
    199.127.232.0/22
    199.255.192.0/22
    23.22.136.103/32
    34.198.132.11/32
    34.225.61.68/32
    52.0.60.126/32
    52.36.216.7/32
    52.87.17.117/32
    54.213.203.82/32
    54.240.0.0/18

    1
  • Jennifer Rowe
    Comment actions Permalink

    Hi John,

    Most of the ones on your list were added on August 14th this year. 

    These three were not added at that time (and I haven't been able to determine when they were added):

    • 199.127.232.0/22
    • 199.255.192.0/22
    • 54.240.0.0/18
     

     

    2
  • Dr. J
    Comment actions Permalink

    Thanks Jennifer & team for continuing to keep this list up to date — we all greatly appreciate it!

     

    2
  • Allen Hancock
    Comment actions Permalink

    I saw that the list was updated.. here's a fresh post of IPs. I've added subnet masks to all, and sorted them, because that makes it easier for us to see what's changed.

     

     

     13.55.4.222/32
    13.55.84.43/32
    13.55.104.134/32
    13.210.202.182/32
    13.211.9.239/32
    13.211.27.207/32
    18.194.213.105/32
    18.195.109.170/32
    18.196.61.131/32
    18.196.66.109/32
    18.196.192.91/32
    18.205.33.7/32
    18.206.72.19/32
    18.233.240.4/32
    18.236.24.80/32
    23.22.136.103/32
    34.197.119.172/32
    34.197.211.159/32
    34.198.132.11/32
    34.199.96.193/32
    34.206.241.1/32
    34.214.170.210/32
    34.216.174.56/32
    34.225.61.68/32
    34.225.199.37/32
    34.251.237.213/32
    34.253.42.1/32
    35.153.123.152/32
    35.158.67.8/32
    35.167.245.158/32
    35.171.179.180/32
    35.172.245.139/32
    35.173.105.139/32
    35.174.158.178/32
    35.174.160.246/32
    52.0.60.126/32
    52.2.33.185/32
    52.21.112.236/32
    52.27.183.82/32
    52.33.130.83/32
    52.34.190.153/32
    52.34.200.91/32
    52.36.216.7/32
    52.37.212.231/32
    52.37.220.11/32
    52.43.228.19/32
    52.57.0.38/32
    52.57.21.10/32
    52.58.121.97/32
    52.63.26.17/32
    52.63.132.21/32
    52.87.17.117/32
    52.192.205.30/32
    52.193.22.204/32
    52.203.0.71/32
    52.203.58.200/32
    52.209.40.193/32
    52.209.118.114/32
    52.210.87.214/32
    52.210.245.193/32
    52.214.140.202/32
    54.71.249.105/32
    54.72.137.238/32
    54.79.46.48/32
    54.88.153.44/32
    54.92.60.91/32
    54.95.12.3/32
    54.168.60.210/32
    54.172.126.223/32
    54.172.209.60/32
    54.178.87.147/32
    54.190.230.46/32
    54.194.140.222/32
    54.200.201.186/32
    54.203.161.166/32
    54.208.38.43/32
    54.213.203.82/32
    54.240.0.0/18
    54.245.210.112/32
    104.16.51.111/32
    104.16.52.111/32
    104.16.53.111/32
    104.16.54.111/32
    104.16.55.111/32
    104.18.70.113/32
    104.18.71.113/32
    104.18.72.113/32
    104.18.73.113/32
    104.18.74.113/32
    104.18.172.234/32
    104.18.173.234/32
    104.18.248.37/32
    104.18.249.37/32
    104.218.200.0/21
    185.12.80.0/22
    188.172.128.0/20
    192.161.144.0/20
    199.127.232.0/22
    199.255.192.0/22
    216.198.0.0/18
    0
  • Jessie Schutz
    Comment actions Permalink

    Thanks, Allen!

    0
  • Kristyn Thomas
    Comment actions Permalink

    @Allen Hancock or Zendesk - Any chance we can just have a list of only what's changed in this last update?

    0

Please sign in to leave a comment.

Powered by Zendesk