What is IP Allowlisting?
IP Allowlisting is a security feature that controls which IP addresses can connect to a particular server. Customers usually set up IP Allowlisting to allow their internal servers and networks to connect to specific other networks to protect their networks from malicious activity and unauthorized access.
Why do we need IP Allowlisting?
One of the main reasons customers use IP Allowlisting is to prevent unauthorized access to networks. By setting up an IP Allowlist, customers can control who can access networks, restricting access to only users they trust. IP Allowlisting also allows customers to prevent malicious or unwanted traffic from entering their networks. This further protects customers from threats such as distributed denial of service attacks, malicious bots, and other malicious activities. In addition, IP Allowlisting allows customers to monitor and control the traffic that enters their networks, enabling them to identify abnormal network activity and respond quickly to protect their networks.
IP Allowlisting for Freshchat
IP Allowlisting can restrict access to specific websites and services, making it an important tool for protecting sensitive information. It is important to add Freshworks IP addresses to your Allowlist to ensure your servers continue to interact with Freshchat while minimizing risks. It is important to note that any calls from Freshworks applications to your infrastructure must be initiated from NAT IPs.
It is essential for customers that have already set up an Allowlist in their firewall to accept API calls and webhooks from Freshworks applications. The Allowlist should contain NAT IPs of Freshchat and Freddy Self-service, as calls from these applications must be initiated from the NAT IPs for them to reach your infrastructure. This could include webhooks to your servers from Freshchat and bot flows triggered by Freddy Self-service.
Do customers need to Allowlist any ports?
Since this Allowlisting are for outbound calls from Freshworks toward customer servers — the domain and the port are within the customer's control. Generally, if the customer domain uses HTTPS protocol, 443 is the appropriate port. Please decide based on the protocol used.
Is it possible to allow-list a domain instead of IPs?
That is not the case. The domain is under the control of the customer.
For example, the customers would have been given a domain in Freshchat to send webhook requests to your server. In this case, only you know your domain is configured within Freshchat or bots. The allow-listing is to recognize Freshworks IPs as the only legitimate source to receive calls for those domains you have configured within Freshchat or bots.