Navigation

Firewall Configuration

Cloud Manager requires access on the following ports and whitelisted IP addresses.

Required Outbound Access

The agents connect to Cloud Manager on port 443. Whether you provision your hosts on a cloud service provider or on your own network, configure your network infrastructure to allow outbound connections on port 443.

If you wish to restrict outbound access on port 443 to specific IP addresses, you must whitelist the following addresses and domains.

IP Addresses for GET and POST

Whitelist the following IP addresses:

  • 18.210.185.2
  • 18.210.245.203
  • 34.192.82.120
  • 34.233.152.179
  • 34.233.179.140
  • 35.172.148.213
  • 35.172.245.18
  • 52.206.222.245
  • 52.21.89.200
  • 54.173.82.137
  • 54.175.147.155

This allows the agents to GET and POST to the following hosts:

  • api-agents.mongodb.com
  • api-backup.mongodb.com
  • api-backup.us-east-1.mongodb.com
  • queryable-backup.us-east-1.mongodb.com
  • restore-backup.us-east-1.mongodb.com

Domain for Download of MongoDB Binaries

The Automation Agents require outbound access to the following domains, depending on your MongoDB edition, for downloading MongoDB binaries:

MongoDB Edition Whitelist Domain IP Ranges Service Provider
Community fastdl.mongodb.org

IP ranges for CloudFront.

The IP ranges for CloudFront change frequently.

Amazon CloudFront
Enterprise downloads.mongodb.com    
Custom Build of MongoDB URL accessible to the Automation Agent    

Required Inbound Access

IP Addresses and CIDR Blocks for Alert Webhooks

You have the option to configure alerts to be delivered via webhook. This sends an HTTP POST request to an endpoint for programmatic processing.

If you want to successfully deliver a webhook to the specified endpoint, the endpoint must accept incoming HTTP POST from the following IP addresses and CIDR blocks:

  • 107.20.0.247
  • 18.210.185.2
  • 18.210.245.203
  • 18.214.178.145
  • 18.235.145.62
  • 18.235.48.235
  • 34.192.82.120
  • 34.233.152.179
  • 34.233.179.140
  • 34.235.52.68
  • 35.171.106.60
  • 35.172.148.213
  • 35.172.245.18
  • 35.174.179.65
  • 35.174.230.146
  • 35.175.94.38
  • 52.206.222.245
  • 52.21.89.200
  • 52.87.98.128
  • 54.173.82.137
  • 54.175.147.155
  • 4.71.186.128/25
  • 4.35.16.128/25

Backup SCP Restores

Important

Restore delivery via SCP has been removed as of March 27, 2018.

Required Ports within Your Network

All MongoDB processes in a deployment must be accessible to all Cloud Manager agents managing processes in that deployment. Therefore, all MongoDB ports must be open to every host within your network that serve an Automation, Monitoring or Backup Agent.

Example

If you are running MongoDB processes on 27000, 27017 and 27020, then those three ports must be open from all hosts that are serving an Agent.