Learn how to put your digital team to work with MuleSoft for Agentforce.
Register now
Contact Us 1-800-596-4880
  1. Homepage
  2. Runtime Manager
  3. Deployment Options
  4. Deploy to Your Servers

  5. Ports, IP Addresses, and Hostnames to Allow

Ports, IP Addresses, and Hostnames to Allow

logo hybrid active Hybrid logo server active Private Cloud Edition

In your network, you must add the hostnames and ports of various parts of Anypoint Platform to your allowlist to enable the Runtime Manager agent in a customer-hosted Mule runtime engine to communicate with the online Anypoint Platform APIs and services managed by MuleSoft.

These tables show you the ports or IP addresses and hostnames to add to your allowlists to allow communication between the agent and the Runtime Manager console.

Because the following endpoints use mutual TLS authentication, to establish the connection, you must configure SSL passthrough to allow the certificates:

  • mule-manager.anypoint.mulesoft.com

  • mule-manager.eu1.anypoint.mulesoft.com

  • runtime-manager.anypoint.mulesoft.com

  • runtime-manager.eu1.anypoint.mulesoft.com

  • runtime-manager.gov.anypoint.mulesoft.com

  • arm-auth-proxy.prod.cloudhub.io

  • data-authenticator.anypoint.mulesoft.com

  • data-authenticator.gov.anypoint.mulesoft.com

  • us1.ingest.mulesoft.com

  • eu1.ingest.mulesoft.com

In addition, the following endpoints use WebSockets:

  • mule-manager.anypoint.mulesoft.com

  • mule-manager.eu1.anypoint.mulesoft.com

  • runtime-manager.anypoint.mulesoft.com

  • runtime-manager.eu1.anypoint.mulesoft.com

  • runtime-manager.gov.anypoint.mulesoft.com

Ports, IP addresses, and hostnames are required for outbound connectivity. Inbound connectivity is not required to your network and servers. The connection between customer-hosted Mule runtime and Anypoint Platform is established via persistent Websocket connections. All connections are outbound.

Ports

Region Name Port

US

anypoint.mulesoft.com

443

US

mule-manager.anypoint.mulesoft.com

443

US

runtime-manager.anypoint.mulesoft.com

443

US

analytics-ingest.anypoint.mulesoft.com

443

US

arm-auth-proxy.prod.cloudhub.io

443

US

data-authenticator.anypoint.mulesoft.com

443

US

exchange-files.anypoint.mulesoft.com

443

US

exchange2-asset-manager-kprod.s3.amazonaws.com

443

US

us1.ingest.mulesoft.com

8443

US-GOV

runtime-manager.gov.anypoint.mulesoft.com

443

US-GOV

data-authenticator.gov.anypoint.mulesoft.com

443

US-GOV

gov.anypoint.mulesoft.com

443

US-GOV

exchange-files.gov.anypoint.mulesoft.com

443

US-GOV

exchange2-asset-manager-kgprod.s3.us-gov-west-1.amazonaws.com

443

EU

eu1.anypoint.mulesoft.com

443

EU

mule-manager.eu1.anypoint.mulesoft.com

443

EU

runtime-manager.eu1.anypoint.mulesoft.com

443

EU

analytics-ingest.eu1.anypoint.mulesoft.com

443

EU

arm-auth-proxy.prod-eu.msap.io

443

EU

data-authenticator.eu1.anypoint.mulesoft.com

443

EU

exchange2-asset-manager-kprod-eu.s3.eu-central-1.amazonaws.com

443

EU

eu1.ingest.mulesoft.com

8443

Static IP Addresses

As part of our continuous infrastructure improvement, MuleSoft introduces a new set of static IP addresses in Runtime Manager to augment existing ones. To avoid service disruption, allow the IP addresses or domains, depending on your network policy, through your organization’s firewall before February 1st, 2024, as listed below. For more information, visit KB: New IP addresses in Runtime Manager 2024 February Leaving the Site.

  • Allowlist these static IPs in the US region to access the mule-manager hosts:

    Region Name IP Address

    US

    mule-manager.anypoint.mulesoft.com

    52.201.174.72

    US

    mule-manager.anypoint.mulesoft.com

    52.201.67.218

    US

    mule-manager.anypoint.mulesoft.com

    44.196.243.83 (Starting Feb 2024)

    US

    mule-manager.anypoint.mulesoft.com

    3.223.189.76 (Starting Feb 2024)

    US

    mule-manager.anypoint.mulesoft.com

    18.210.198.109 (Starting Feb 2024)

  • Allowlist these static IPs in the US region to access the runtime-manager hosts:

    Region Name IP Address

    US

    runtime-manager.anypoint.mulesoft.com

    18.214.68.14

    US

    runtime-manager.anypoint.mulesoft.com

    35.174.151.175

    US

    runtime-manager.anypoint.mulesoft.com

    18.213.137.40 (Starting Feb 2024)

    US

    runtime-manager.anypoint.mulesoft.com

    34.232.255.44 (Starting Feb 2024)

    US

    runtime-manager.anypoint.mulesoft.com

    44.209.29.79 (Starting Feb 2024)

  • Allowlist these static IPs in the EU region to access the mule-manager hosts:

    Region Name IP Address

    EU

    mule-manager.eu1.anypoint.mulesoft.com

    18.195.19.18

    EU

    mule-manager.eu1.anypoint.mulesoft.com

    18.194.245.32

    EU

    mule-manager.eu1.anypoint.mulesoft.com

    18.193.248.250 (Starting Feb 2024)

  • Allowlist these static IPs in the EU region to access the runtime-manager hosts:

    Region Name IP Address

    EU

    runtime-manager.eu1.anypoint.mulesoft.com

    18.185.141.77

    EU

    runtime-manager.eu1.anypoint.mulesoft.com

    3.123.216.217

    EU

    runtime-manager.eu1.anypoint.mulesoft.com

    3.127.253.183 (Starting Feb 2024)

Dynamic IP Addresses

Some of the IP addresses used by Anypoint Platform services are assigned automatically by the underlying cloud infrastructure. Because these are dynamic, do not implement an allowlist based on the specific IP addresses assigned to Anypoint services.

Many firewall devices allow you to define Layer 7 firewall rules so that you can filter by destination name or application type.

Include the following fully qualified hostnames in your Layer 7 firewall rules:

Region Hostname

US

anypoint.mulesoft.com

US

analytics-ingest.anypoint.mulesoft.com

US

arm-auth-proxy.prod.cloudhub.io

US

data-authenticator.anypoint.mulesoft.com

US

us1.ingest.mulesoft.com

US-GOV

runtime-manager.gov.anypoint.mulesoft.com

US-GOV

data-authenticator.gov.anypoint.mulesoft.com

US-GOV

gov.anypoint.mulesoft.com

EU

eu1.anypoint.mulesoft.com

EU

analytics-ingest.eu1.anypoint.mulesoft.com

EU

arm-auth-proxy.prod-eu.msap.io

EU

data-authenticator.eu1.anypoint.mulesoft.com

EU

eu1.ingest.mulesoft.com

Allowlist

Allowlist the following URLs only if you are using Agent versions earlier than 1.12.0 (in Mule 3.x) and 2.2.0 (in Mule 4.x):

URL Description

mule-manager.anypoint.mulesoft.com

Connection for ARM management capabilities (self-signed agents)

arm-auth-proxy.prod.cloudhub.io

Connection to the metrics ingestion service of arm-monitoring stack (self-signed agents)

Allowlist the following URLs only if you are using Agent versions 1.12.0 (in Mule 3.x) and 2.2.0 (in Mule 4.x) or higher:

URL Description

runtime-manager.anypoint.mulesoft.com

Connection for ARM management capabilities (public-cert agents)

data-authenticator.anypoint.mulesoft.com

Connection to the metrics ingestion service of arm-monitoring stack (public-cert agents)