Docs Menu
Docs Home
/
MongoDB Cloud Manager
/

Firewall Configuration

On this page

  • Accessible Ports

The Cloud Manager must be able to connect to users and MongoDB Agents over HTTP or HTTPS. MongoDB Agents must be able to connect to MongoDB client MongoDB databases.

Though Cloud Manager only requires open HTTP (or HTTPS) and MongoDB network ports to connect with users and to databases, what ports are opened on a firewall depend upon what capabilities are enabled: encryption, authentication and monitoring.

This page defines which systems need to connect to which ports on other systems.

Cloud Manager requires access on the following ports and IP addresses.

The MongoDB Agents connect to Cloud Manager on port 443. Whether you provision your hosts on a cloud service provider or on your own network, configure your network infrastructure to allow outbound connections on port 443.

If you wish to restrict outbound access on port 443 to specific IP addresses, you must add the following addresses and domains to your access list.

Add the following IP addresses to your access list:

3.93.83.52
3.94.56.171
3.214.160.189
18.210.185.2
18.210.245.203
18.232.30.107
18.235.209.93
34.192.82.120
34.194.131.15
34.194.251.66
34.195.55.18
34.195.194.204
34.200.195.130
34.203.104.26
34.227.138.166
34.230.213.36
34.233.152.179
34.233.179.140
35.172.148.213
35.172.245.18
44.211.4.85
44.216.169.184
52.86.156.12
54.147.76.65
54.204.237.208

This allows the MongoDB Agents to GET and POST to the following hosts:

  • api-agents.mongodb.com

  • api-backup.mongodb.com

  • api-backup.us-east-1.mongodb.com

  • queryable-backup.us-east-1.mongodb.com

  • restore-backup.us-east-1.mongodb.com

  • real-time-api-agents.mongodb.com

The MongoDB Agents require outbound access to the following domains, depending on your MongoDB edition, for downloading MongoDB binaries:

MongoDB Edition
Access List Domain
IP Ranges
Service Provider
Community
fastdl.mongodb.org
Amazon CloudFront
downloads.mongodb.com
Custom Build of MongoDB
URL accessible to the MongoDB Agents

If you restrict outbound access, you must grant your MongoDB Agents access to the following domain to download and update the MongoDB Agent.

Access List Domain
IP Ranges
Service Provider
s3.amazonaws.com

IP ranges for AWS.

The IP ranges for AWS change frequently.

AWS

You have the option to configure alerts to be delivered via webhook. This sends an HTTP POST request to an endpoint for programmatic processing.

If you want to successfully deliver a webhook to the specified endpoint, the endpoint must accept incoming HTTP POST requests from the following IP addresses:

3.92.113.229
3.208.110.31
3.211.96.35
3.212.79.116
3.214.203.147
3.215.10.168
3.215.143.88
18.214.178.145
18.235.30.157
18.235.48.235
18.235.145.62
34.193.91.42
34.193.242.51
34.196.151.229
34.200.66.236
34.235.52.68
34.236.228.98
34.237.40.31
35.153.40.82
35.169.184.216
35.171.106.60
35.174.179.65
35.174.230.146
35.175.93.3
35.175.94.38
35.175.95.59
50.19.91.100
52.71.233.234
52.73.214.87
52.87.98.128
54.145.247.111
54.163.55.77
100.26.2.217
107.20.0.247
107.20.107.166

All MongoDB processes in a deployment must be accessible to all MongoDB Agents managing processes in that deployment. Therefore, all MongoDB ports must be open to every host within your network that serve a MongoDB Agent.

Example

If you are running MongoDB processes on 27000, 27017 and 27020, then those three ports must be open from all hosts that are serving a MongoDB Agent.

Back

Security Overview

Next

Secure Connections to MongoDB Deployments

On this page