Follow
Configuring Your Firewall

***

If your firewall or mail server is configured to allow access only to specific vendors, you must add certain IP addresses to the whitelist in order to allow open communication between your environment and the Workfront servers. (This is required in order to perform any of the processes described in the section, "Workfront Processes That Require Firewall Access.")

You also need to open certain ports in order for email messages to be delivered encrypted.

For information about allowing access to Workfront only from designated IP addresses, see "Restricting Access to Workfront by IP Address."

Upcoming Changes for Clusters 1, 2, and 3

In the coming months, Workfront will be introducing a change that is designed to enhance and improve our core infrastructure. As a part of this change, you might be required to update your whitelist IP blocks to prevent blocking of Workfront services. The new IPs you need to add to your whitelists are listed below:

For SSO and POP

  • 34.215.145.168
  • 54.69.155.48
  • 35.160.44.226
  • 34.213.96.218
  • 3.16.210.22
  • 3.16.229.153
  • 18.224.117.99
  • 3.18.123.153
  • 3.211.159.196
  • 3.85.255.45
  • 3.210.78.197
  • 3.211.23.183

For email

  • 54.240.60.174
  • 54.240.60.175

IP Addresses to Add to the Whitelist

The IP addresses that you must whitelist on your firewall vary depending on the type of environment (Production, Preview, or Sandbox) and the cluster where the environment is running.

To find out what cluster your Production environment is on, contact Workfront Support. (For information on how to contact Workfront Support, see "Contacting Customer Support.")

IP Addresses to Whitelist for Cluster 1

Email in Production

Add the following IP addresses for receiving email from the Workfront application if your Production environment is on Cluster 1:

  • 54.240.60.174
  • 54.240.60.175
  • 69.42.126.188 (old. Delete soon)
  • 66.119.37.185 (old. Delete soon)
  • 66.119.37.186 (old. Delete soon)

SSO and POP in Production

Add the following IP addresses for SSO and POP if your Production environment is on Cluster 1:

  • 52.33.45.20
  • 18.217.61.34
  • 52.42.207.139
  • 18.223.232.108
  • 54.218.158.86
  • 13.59.129.130
  • 69.42.126.188 (this address must also be added to your whitelist to receive emails from Workfront) (old. Delete soon)
  • 66.119.37.186 (old. Delete soon)
  • 66.119.37.167 (old. Delete soon)

SSO and POP in Preview

Add the following IP addresses for SSO and POP if your Preview environment is on Cluster 1:

  • 34.214.209.50
  • 54.186.231.145
  • 54.189.241.146

SSO and POP in Custom Refresh Sandbox 1

Add the following IP addresses for SSO and POP if your Custom Refresh Sandbox environment is on Cluster 1:

  • 34.211.153.116
  • 34.213.93.212
  • 54.200.181.0

SSO and POP in Custom Refresh Sandbox 2

Add the following IP addresses for SSO and POP if your Custom Refresh Sandbox environment is on Cluster 1:

  • 52.37.107.98
  • 52.33.210.90
  • 52.25.233.106

IP Addresses to Whitelist for Cluster 2

Email in Production

Add the following IP addresses for receiving email from the Workfront application if your Production environment is on Cluster 2:

  • 54.240.60.174
  • 54.240.60.175
  • 69.42.126.188 (old. Delete soon)
  • 66.119.37.185 (old. Delete soon)
  • 66.119.37.186 (old. Delete soon)

SSO and POP in Production

Add the following IP addresses for SSO and POP if your Production environment is on Cluster 2:

  • 52.13.128.9
  • 34.211.175.103
  • 34.217.224.196
  • 69.42.126.188 (this address must also be added to your whitelist to receive emails from Workfront) (old. Delete soon)
  • 66.119.37.186 (old. Delete soon)
  • 66.119.37.167 (old. Delete soon)

SSO and POP in Preview

Add the following IP addresses for SSO and POP if your Preview environment is on Cluster 2:

  • 52.40.57.152
  • 34.209.20.60
  • 34.208.72.194

SSO and POP in Custom Refresh Sandbox 1

Add the following IP addresses for SSO and POP if your Custom Refresh Sandbox environment is on Cluster 2:

  • 52.38.199.152
  • 35.164.212.108
  • 35.166.156.149

SSO and POP in Custom Refresh Sandbox 2

Add the following IP addresses for SSO and POP if your Custom Refresh Sandbox environment is on Cluster 2:

  • 54.71.14.190
  • 52.34.127.105
  • 34.223.215.236

IP Addresses to Whitelist for Cluster 3

Email in Production

Add the following IP addresses for receiving email from the Workfront application if your Production environment is on Cluster 3:

  • 54.240.60.174
  • 54.240.60.175
  • 69.42.126.188 (old. Delete soon)
  • 66.119.37.185 (old. Delete soon)
  • 66.119.37.186 (old. Delete soon)

SSO and POP in Production

Add the following IP addresses for SSO and POP if your Production environment is on Cluster 3:

  • 52.88.179.112
  • 52.89.37.226
  • 54.203.199.11
  • 69.42.126.188 (this address must also be added to your whitelist to receive emails from Workfront) (old. Delete soon)
  • 66.119.37.186 (old. Delete soon)
  • 66.119.37.167 (old. Delete soon)

SSO and POP in Preview

Add the following IP addresses for SSO and POP if your Preview environment is on Cluster 3:

  • 52.10.125.143
  • 52.32.130.108
  • 54.68.229.212

SSO and POP in Custom Refresh Sandbox 1

Add the following IP addresses for SSO and POP if your Custom Refresh Sandbox environment is on Cluster 3:

  • 34.218.43.4
  • 35.155.160.16
  • 35.160.162.99

SSO and POP in Custom Refresh Sandbox 2

Add the following IP addresses for SSO and POP if your Custom Refresh Sandbox environment is on Cluster 3:

  • 54.200.145.27
  • 52.25.97.72
  • 52.43.116.84

IP Addresses to Whitelist for Cluster 4

If your Production environment is on Cluster 4, add the following IP addresses for POP and SSO, and to receive email from the Workfront application:

  • 52.31.132.175
  • 52.19.188.226
  • 52.28.49.94
  • 52.29.41.175
  • 52.29.197.69
  • 52.48.124.108 

IP Addresses to Whitelist for Cluster 5

If your Production environment is on Cluster 5, add the following IP addresses for receiving email from the Workfront application:

  • 13.58.86.183
  • 34.209.181.84
  • 35.161.82.137
  • 52.14.70.114
  • 52.15.230.220
  • 54.71.252.65

If your Production environment is on Cluster 5, add the following IP addresses for SSO and POP :

IP Addresses for Your Production Environment for SSO and POP

If your Production environment is on Cluster 5, add the following IP addresses for your Production environment for SSO and POP:

  • 13.58.82.59
  • 34.208.255.239
  • 52.24.154.46
  • 52.14.134.251
  • 52.14.208.59
  • 54.69.62.181

IP Addresses for Your Preview Environment for SSO and POP

If your Production environment is on Cluster 5, add the following IP addresses for your Preview Sandbox environment for SSO and POP:

  • 13.58.57.211
  • 13.58.126.18
  • 52.14.179.237

IP Addresses for Your First Refresh Sandbox (CR1) for SSO and POP

If your Production environment is on Cluster 5, add the following IP addresses for your first Custom Refresh Sandbox environment (CR1) for SSO and POP:

  • 13.58.98.241
  • 52.14.175.191
  • 52.15.213.186

IP Addresses for Your Second Custom Refresh Sandbox (CR2) for SSO and POP

If your Production environment is on Cluster 5, add the following IP addresses for your second Custom Refresh Sandbox environment (CR2) for SSO and POP:

  • 13.58.58.6
  • 52.15.208.139
  • 52.15.62.153

IP Addresses to Whitelist for Test Drive

Add the following IP addresses for receiving email from the Workfront application when using a Test Drive:

  • 69.42.126.188
  • 66.119.37.185
  • 66.119.37.186

Add the following IP addresses for SSO and POP when using a Test Drive:

  • 69.42.126.188 (this address must also be added to your whitelist to receive emails from Workfront)
  • 66.119.37.186
  • 66.119.37.167

IP Addresses to Whitelist When Implementing Event Subscriptions

For all environments, add the following IP addresses to receive payloads from Workfront Event Subscriptions:

  • 35.162.39.124
  • 52.89.16.253 

IP Addresses to Add for Accessing Workfront Fusion

Add the following IP addresses to your whitelist to ensure access to Workfront Fusion:

  • 18.216.172.146
  • 18.218.153.209

IP Addresses to Add for Using Workfront for Jira

Add the following IP address to your whitelist to use the Workfront for Jira integration:

  • 35.162.128.73

The jira.workfront.com domain must also be accessible from your corporate servers. This domain is required because it serves as middleware between Workfront for Jira.

URLs to Add for Accessing Workfront Proof

For all environments, add the following URLs to allow Workfront Proof to access Workfront on any cluster:

  • *.proofhq.com
  • webcapture.int.proofhq.com - web capture tool
  • mx.proofhq.com - email servers

NOTE We do not support whitelisting IP Addresses for Workfront Proof. They are dynamic since Workfront moved to AWS. We recommend to whitelist Workfront Proof domains only.

Ports to Open to Ensure Best Proof Performance with Workfront Proof

Open the following ports if you are experiencing problems with proofs loading or not working:

  • 5671
  • 5672
  • 15670
  • 15671
  • 15672
  • 15673
  • 15674

 Ports to Open for Encrypted Email  

Emails from the Workfront application are sent encrypted using ports 465 and 587. If your mail server does not support encrypted email, emails are delivered unencrypted using port 25.

Email Notifications from Support

If you are not receiving emails from Workfront Support, ensure that you add the IP addresses listed in "Configuring your firewall for use with Zendesk."

Workfront Processes That Require Firewall Access

Add certain Workfront IP addresses to your firewall whitelist for the following purposes:

  • Allowing messages from the Workfront application
  • Using Single Sign-On (SSO) with Active Directory or LDAP
  • Using POP when replying to Workfront email notifications or for entering issues into Workfront through email
  • Using Document Webhooks when configuring custom document integrations (for more information, see "Configuring Document Integrations.")
  • Using Workfront Event Subscriptions (for more information, see "Event Subscription API.")

DON'T DELETE, DRAFT OR HIDE THIS ARTICLE. IT IS LINKED TO THE PRODUCT, THROUGH THE CONTEXT SENSITIVE HELP LINKS. ** There was some talk that this article should be split in separate articles for each cluster, but we cannot do this because it is linked to the UI: Setup> System> Customer Info> IP Whitelist

This article last updated on 2019-04-11 15:13:36 UTC