Obtaining AWS IP ranges to enable proxy and firewall configuration

Depending on your company's infrastructure configuration, the on-prem components may or may not go through a proxy/firewall to reach your Symphony instance.

When your organization's internal IT team uses a static IP in the proxy/firewall setting to allow traffic directly to your Symphony instance, an occasional issue may occur due to Amazon Web Services (AWS) performing automatic scaling on their side, which dynamically assigns/removes an IP from the ELB.

Notes

  • Since the set of IP addresses associated with a Load Balancer can change over time, you should never create an 'A' record with any specific IP address. If you want to use a friendly DNS name for your Load Balancer instead of the name generated by the ELB service, you should create a CNAME record for the Load Balancer DNS name, or use Amazon Route 53 to create a hosted zone. Further information on using domain names with ELB can be found here.
  • Symphony has no control over AWS regarding their scaling.

Find the IP ranges for your Symphony instance if your company uses a static IP in the proxy/firewall settings

  • To find the AWS region where your Symphony instance is located or the IP currently used by your Symphony instance in the ELB, use the following NSLOOKUP command:
nslookup <POD NAME>.symphony.com

Server:  USPA-DC03.companyabc.symphony.com

Address:  AAA.BBB.CCC.DDD

Non-authoritative answer:

Name:    XXXXXXXXXXXXXXXXXXXX.us-east-1.elb.amazonaws.com

Addresses:  AAA.BBB.CCC.DDD

          AAA.BBB.CCC.DDD

          AAA.BBB.CCC.DDD

Aliases:  <POD NAME>.symphony.com
    • In the above example, the region name is US-East-1. If that is the case, you may want to have your internal IT team review the AWS IP address range for the US-East-1 region.
    • As there are many IP address which AWS holds, it's best advised to filter for the specific IP address. (There were approximately 251 IP addresses for the US-East-1 region.)
    • You can also use this resource to filter for the IP address.
    • This URL tool lets you calculate the IP range and its netmask (supernet) address.
      In the example below, the IP netmask (supernet) for 34.199.96.10 will give you the IP and netmask 34.192.0.0/12. This will cover the range from 34.192.0.1 to 34.207.255.254:

If you require further assistance with this topic, please contact the Symphony Support team at support@symphony.com