This diagram illustrates CFT Firewall configuration, depicting the various connections between CFT and Tenant systems and zones.
View a complete reference list of CFT IPs
| Internet | Intranet |
|---|---|
| Webhook (IP1): 18.143.30.35:443 |
Webhook (IP5): 10.211.0.128/28:443 10.211.0.144/28:443 10.211.0.160/28:443 10.211.0.176/28:443 |
| HTTPS API (IP2): 13.215.24.12:443 13.251.95.103:443 54.179.172.253:443 |
HTTPS API (IP6): 10.211.0.128/28:443 10.211.0.144/28:443 |
| SFTP Server (IP3): SSH only 18.143.254.126:22 54.255.69.2:22 13.214.73.225:22 SSH + Password 13.228.88.235:22 18.142.149.152:22 52.221.109.108:22 |
SFTP Server (IP7): 10.211.0.128/26:22 |
| SFTP Client (IP4): 54.255.110.113:22 |
SFTP Client (IP8): 10.211.0.128/28:22 10.211.0.144/28:22 10.211.0.160/28:22 10.211.0.176/28:22 |
Depending on your system and zone, perform the whitelisting steps required.
- CFT HTTPS Server Whitelisting
- CFT SFTP Server Whitelisting
- CFT SFTP Client Whitelisting
- CFT Notification (Webhooks) Server Whitelisting
| CFT Zone | Tenant Action |
|---|---|
| Internet | None. Whitelisting is not required because CFT APIs are public and accessible within Singapore for all public IPs. |
| Intranet | If you are on GCC1.0 or GCC2.0 on AWS, follow the steps for Connecting to CFT VPCE. |
| CFT Zone | Tenant Action |
|---|---|
| Internet | Raise an SR via CFT-SM to whitelist your Tenant SFTP Client on CFT. |
| Intranet | If you are on GCC1.0 or GCC2.0 on AWS, follow the steps for Connecting to CFT VPCE. |
| CFT Zone | Tenant Action |
|---|---|
| Internet | Raise an SR via CFT-SM to whitelist your Tenant SFTP Server on CFT. |
| Intranet | None. |
| CFT Zone | Tenant Action |
|---|---|
| Internet | None. Whitelisting is not required. |
| Intranet | None. |
-
To validate the firewall rules from tenant system to CFT intranet, refer to:
-
You may need to allow or whitelist CFT endpoints on your Tenant/Agency Firewalls.