US
Ports, IP Addresses, and Hostnames to Allow
In your network, you must add the hostnames and ports of various parts of Anypoint Platform to your allowlist to enable the Runtime Manager agent in a customer-hosted Mule runtime engine to communicate with the online Anypoint Platform APIs and services managed by MuleSoft.
These tables show you the ports or IP addresses and hostnames to add to your allowlists to allow communication between the agent and the Runtime Manager console.
Because the following endpoints use mutual TLS authentication, to establish the connection, you must configure SSL passthrough to allow the certificates:
-
mule-manager.anypoint.mulesoft.com
-
mule-manager.eu1.anypoint.mulesoft.com
-
runtime-manager.anypoint.mulesoft.com
-
runtime-manager.eu1.anypoint.mulesoft.com
-
runtime-manager.gov.anypoint.mulesoft.com
-
arm-auth-proxy.prod.cloudhub.io
-
data-authenticator.anypoint.mulesoft.com
-
data-authenticator.gov.anypoint.mulesoft.com
In addition, the following endpoints use WebSockets:
-
mule-manager.anypoint.mulesoft.com
-
mule-manager.eu1.anypoint.mulesoft.com
-
runtime-manager.anypoint.mulesoft.com
-
runtime-manager.eu1.anypoint.mulesoft.com
-
runtime-manager.gov.anypoint.mulesoft.com
Ports
Region | Name | Port |
---|---|---|
anypoint.mulesoft.com |
443 |
|
US |
mule-manager.anypoint.mulesoft.com |
443 |
US |
runtime-manager.anypoint.mulesoft.com |
443 |
US |
analytics-ingest.anypoint.mulesoft.com |
443 |
US |
arm-auth-proxy.prod.cloudhub.io |
443 |
US |
data-authenticator.anypoint.mulesoft.com |
443 |
US |
exchange-files.anypoint.mulesoft.com |
443 |
US |
exchange2-asset-manager-kprod.s3.amazonaws.com |
443 |
US-GOV |
runtime-manager.gov.anypoint.mulesoft.com |
443 |
US-GOV |
data-authenticator.gov.anypoint.mulesoft.com |
443 |
US-GOV |
gov.anypoint.mulesoft.com |
443 |
US-GOV |
exchange-files.gov.anypoint.mulesoft.com |
443 |
US-GOV |
exchange2-asset-manager-kgprod.s3.us-gov-west-1.amazonaws.com |
443 |
EU |
eu1.anypoint.mulesoft.com |
443 |
EU |
mule-manager.eu1.anypoint.mulesoft.com |
443 |
EU |
runtime-manager.eu1.anypoint.mulesoft.com |
443 |
EU |
analytics-ingest.eu1.anypoint.mulesoft.com |
443 |
EU |
arm-auth-proxy.prod-eu.msap.io |
443 |
EU |
data-authenticator.eu1.anypoint.mulesoft.com |
443 |
EU |
exchange2-asset-manager-kprod-eu.s3.eu-central-1.amazonaws.com |
443 |
Static IP Addresses
-
Allowlist these static IPs in the
US
region to access themule-manager
hosts:Region Name IP Address US
mule-manager.anypoint.mulesoft.com
52.201.174.72
US
mule-manager.anypoint.mulesoft.com
52.201.67.218
-
Allowlist these static IPs in the
US
region to access theruntime-manager
hosts:Region Name IP Address US
runtime-manager.anypoint.mulesoft.com
18.214.68.14
US
runtime-manager.anypoint.mulesoft.com
35.174.151.175
-
Allowlist these static IPs in the
EU
region to access themule-manager
hosts:Region Name IP Address EU
mule-manager.eu1.anypoint.mulesoft.com
18.195.19.18
EU
mule-manager.eu1.anypoint.mulesoft.com
18.194.245.32
-
Allowlist these static IPs in the
EU
region to access theruntime-manager
hosts:Region Name IP Address EU
runtime-manager.eu1.anypoint.mulesoft.com
18.185.141.77
EU
runtime-manager.eu1.anypoint.mulesoft.com
3.123.216.217
Dynamic IP Addresses
Some of the IP addresses used by Anypoint Platform services are assigned automatically by the underlying cloud infrastructure. Because these are dynamic, do not implement an allowlist based on the specific IP addresses assigned to Anypoint services.
Many firewall devices allow you to define Layer 7 firewall rules so that you can filter by destination name or application type.
Include the following fully qualified hostnames in your Layer 7 firewall rules:
Region | Hostname |
---|---|
US |
anypoint.mulesoft.com |
US |
analytics-ingest.anypoint.mulesoft.com |
US |
arm-auth-proxy.prod.cloudhub.io |
US |
data-authenticator.anypoint.mulesoft.com |
US-GOV |
runtime-manager.gov.anypoint.mulesoft.com |
US-GOV |
data-authenticator.gov.anypoint.mulesoft.com |
US-GOV |
gov.anypoint.mulesoft.com |
EU |
eu1.anypoint.mulesoft.com |
EU |
analytics-ingest.eu1.anypoint.mulesoft.com |
EU |
arm-auth-proxy.prod-eu.msap.io |
EU |
data-authenticator.eu1.anypoint.mulesoft.com |
Allowlist
Allowlist the following URLs only if you are using Agent versions earlier than 1.12.0 (in Mule 3.x) and 2.2.0 (in Mule 4.x):
URL | Description |
---|---|
mule-manager.anypoint.mulesoft.com |
Connection for ARM management capabilities (self-signed agents) |
arm-auth-proxy.prod.cloudhub.io |
Connection to the metrics ingestion service of arm-monitoring stack (self-signed agents) |
Allowlist the following URLs only if you are using Agent versions 1.12.0 (in Mule 3.x) and 2.2.0 (in Mule 4.x) or higher:
URL | Description |
---|---|
runtime-manager.anypoint.mulesoft.com |
Connection for ARM management capabilities (public-cert agents) |
data-authenticator.anypoint.mulesoft.com |
Connection to the metrics ingestion service of arm-monitoring stack (public-cert agents) |