1. Symphony Help Center
  2. Admin and Troubleshooting
  3. Other

Obtaining GCP IP ranges to enable proxy and firewall configuration

Avatar
Ming Kwong
Depending on your company's infrastructure configuration, the on-prem components may or may not go through a proxy/firewall to reach your pod.

When your organizations internal IT team uses a static IP in the proxy/firewall setting to allow traffic directly to your pod, there has sometimes been an issue due to Amazon Web Services (AWS) performing automatic scaling on their side, which will assign/remove IP from the ELB dynamically. 

Note: Symphony have no control over AWS regarding their scaling.

In the event that your company does use a static IP in the proxy/firewall settings, you may want to use the steps below to find the IP ranges for your pod. 

As per the FAQ here, Google Cloud Platform (GCP) uses a large range of IP addresses, which change over time. For historical reasons, GCP publishes its list of public IP addresses in an SPF record for_cloud-netblocks.googleusercontent.com.


When you need the literal IP addresses for GCP, use one of the common DNS lookup commands, for example nslookup, dig or host, to retrieve the TXT records for the domain _cloud-netblocks.googleusercontent.com (Figure 1):

$ nslookup -q=TXT _cloud-netblocks.googleusercontent.com 8.8.8.8

Figure 1 Command

This returns a list of the domains included in Google's SPF Record (Figure 2):

_cloud-netblocks1.googleusercontent.com, _cloud-netblocks2.googleusercontent.com, 
_cloud-netblocks3.googleusercontent.com, _cloud-netblocks4.googleusercontent.com,
_cloud-netblocks5.googleusercontent.com
Figure 2 Response

Next, look up the DNS records associated with those domains one at a time (Figure 3):
$ nslookup -q=TXT _cloud-netblocks1.googleusercontent.com 8.8.8.8
$ nslookup -q=TXT _cloud-netblocks2.googleusercontent.com 8.8.8.8
$ nslookup -q=TXT _cloud-netblocks3.googleusercontent.com 8.8.8.8
$ nslookup -q=TXT _cloud-netblocks4.googleusercontent.com 8.8.8.8
$ nslookup -q=TXT _cloud-netblocks5.googleusercontent.com 8.8.8.8

Figure 3 Commands

The above results will return a list of IP Ranges and once consolidated, these will be the GCP IP ranges used.

Note: GCP does not provide any mapping between the IP range to their corresponding zones.

If you require further assistance regarding this, please contact the Symphony Support team at support@symphony.com

Based on your organization's settings, some features in this Knowledge Article may not be applicable to you. Please contact your Technical Account Manager (TAM), Symphony Support, or your internal IT team with any questions.

Articles in this section
See more