US
Ports, IP Addresses, and Hostnames to Allow
In your network, you must add the hostnames and ports of various parts of Anypoint Platform to your allowlist to enable the Runtime Manager agent in a customer-hosted Mule runtime engine to communicate with the online Anypoint Platform APIs and services managed by MuleSoft.
These tables show you the ports or IP addresses and hostnames to add to your allowlists to allow communication between the agent and the Runtime Manager console.
Because the following endpoints use mutual TLS authentication, to establish the connection, you must configure SSL passthrough to allow the certificates:
-
mule-manager.anypoint.mulesoft.com
-
mule-manager.eu1.anypoint.mulesoft.com
-
runtime-manager.anypoint.mulesoft.com
-
runtime-manager.eu1.anypoint.mulesoft.com
-
runtime-manager.gov.anypoint.mulesoft.com
-
arm-auth-proxy.prod.cloudhub.io
-
data-authenticator.anypoint.mulesoft.com
-
data-authenticator.gov.anypoint.mulesoft.com
In addition, the following endpoints use WebSockets:
-
mule-manager.anypoint.mulesoft.com
-
mule-manager.eu1.anypoint.mulesoft.com
-
runtime-manager.anypoint.mulesoft.com
-
runtime-manager.eu1.anypoint.mulesoft.com
-
runtime-manager.gov.anypoint.mulesoft.com
Ports, IP addresses, and hostnames are required for outbound connectivity. Inbound connectivity is not required to your network and servers. The connection between customer-hosted Mule runtime and Anypoint Platform is established via persistent Websocket connections. All connections are outbound. |
Ports
Region | Name | Port |
---|---|---|
anypoint.mulesoft.com |
443 |
|
US |
mule-manager.anypoint.mulesoft.com |
443 |
US |
runtime-manager.anypoint.mulesoft.com |
443 |
US |
analytics-ingest.anypoint.mulesoft.com |
443 |
US |
arm-auth-proxy.prod.cloudhub.io |
443 |
US |
data-authenticator.anypoint.mulesoft.com |
443 |
US |
exchange-files.anypoint.mulesoft.com |
443 |
US |
exchange2-asset-manager-kprod.s3.amazonaws.com |
443 |
US-GOV |
runtime-manager.gov.anypoint.mulesoft.com |
443 |
US-GOV |
data-authenticator.gov.anypoint.mulesoft.com |
443 |
US-GOV |
gov.anypoint.mulesoft.com |
443 |
US-GOV |
exchange-files.gov.anypoint.mulesoft.com |
443 |
US-GOV |
exchange2-asset-manager-kgprod.s3.us-gov-west-1.amazonaws.com |
443 |
EU |
eu1.anypoint.mulesoft.com |
443 |
EU |
mule-manager.eu1.anypoint.mulesoft.com |
443 |
EU |
runtime-manager.eu1.anypoint.mulesoft.com |
443 |
EU |
analytics-ingest.eu1.anypoint.mulesoft.com |
443 |
EU |
arm-auth-proxy.prod-eu.msap.io |
443 |
EU |
data-authenticator.eu1.anypoint.mulesoft.com |
443 |
EU |
exchange2-asset-manager-kprod-eu.s3.eu-central-1.amazonaws.com |
443 |
Static IP Addresses
As part of our continuous infrastructure improvement, MuleSoft introduces a new set of static IP addresses in Runtime Manager to augment existing ones. To avoid service disruption, allow the IP addresses or domains, depending on your network policy, through your organization’s firewall before February 1st, 2024, as listed below. For more information, visit KB: New IP addresses in Runtime Manager 2024 February . |
-
Allowlist these static IPs in the
US
region to access themule-manager
hosts:Region Name IP Address US
mule-manager.anypoint.mulesoft.com
52.201.174.72
US
mule-manager.anypoint.mulesoft.com
52.201.67.218
US
mule-manager.anypoint.mulesoft.com
44.196.243.83 (Starting Feb 2024)
US
mule-manager.anypoint.mulesoft.com
3.223.189.76 (Starting Feb 2024)
US
mule-manager.anypoint.mulesoft.com
18.210.198.109 (Starting Feb 2024)
-
Allowlist these static IPs in the
US
region to access theruntime-manager
hosts:Region Name IP Address US
runtime-manager.anypoint.mulesoft.com
18.214.68.14
US
runtime-manager.anypoint.mulesoft.com
35.174.151.175
US
runtime-manager.anypoint.mulesoft.com
18.213.137.40 (Starting Feb 2024)
US
runtime-manager.anypoint.mulesoft.com
34.232.255.44 (Starting Feb 2024)
US
runtime-manager.anypoint.mulesoft.com
44.209.29.79 (Starting Feb 2024)
-
Allowlist these static IPs in the
EU
region to access themule-manager
hosts:Region Name IP Address EU
mule-manager.eu1.anypoint.mulesoft.com
18.195.19.18
EU
mule-manager.eu1.anypoint.mulesoft.com
18.194.245.32
EU
mule-manager.eu1.anypoint.mulesoft.com
18.193.248.250 (Starting Feb 2024)
-
Allowlist these static IPs in the
EU
region to access theruntime-manager
hosts:Region Name IP Address EU
runtime-manager.eu1.anypoint.mulesoft.com
18.185.141.77
EU
runtime-manager.eu1.anypoint.mulesoft.com
3.123.216.217
EU
runtime-manager.eu1.anypoint.mulesoft.com
3.127.253.183 (Starting Feb 2024)
Dynamic IP Addresses
Some of the IP addresses used by Anypoint Platform services are assigned automatically by the underlying cloud infrastructure. Because these are dynamic, do not implement an allowlist based on the specific IP addresses assigned to Anypoint services.
Many firewall devices allow you to define Layer 7 firewall rules so that you can filter by destination name or application type.
Include the following fully qualified hostnames in your Layer 7 firewall rules:
Region | Hostname |
---|---|
US |
anypoint.mulesoft.com |
US |
analytics-ingest.anypoint.mulesoft.com |
US |
arm-auth-proxy.prod.cloudhub.io |
US |
data-authenticator.anypoint.mulesoft.com |
US-GOV |
runtime-manager.gov.anypoint.mulesoft.com |
US-GOV |
data-authenticator.gov.anypoint.mulesoft.com |
US-GOV |
gov.anypoint.mulesoft.com |
EU |
eu1.anypoint.mulesoft.com |
EU |
analytics-ingest.eu1.anypoint.mulesoft.com |
EU |
arm-auth-proxy.prod-eu.msap.io |
EU |
data-authenticator.eu1.anypoint.mulesoft.com |
Allowlist
Allowlist the following URLs only if you are using Agent versions earlier than 1.12.0 (in Mule 3.x) and 2.2.0 (in Mule 4.x):
URL | Description |
---|---|
mule-manager.anypoint.mulesoft.com |
Connection for ARM management capabilities (self-signed agents) |
arm-auth-proxy.prod.cloudhub.io |
Connection to the metrics ingestion service of arm-monitoring stack (self-signed agents) |
Allowlist the following URLs only if you are using Agent versions 1.12.0 (in Mule 3.x) and 2.2.0 (in Mule 4.x) or higher:
URL | Description |
---|---|
runtime-manager.anypoint.mulesoft.com |
Connection for ARM management capabilities (public-cert agents) |
data-authenticator.anypoint.mulesoft.com |
Connection to the metrics ingestion service of arm-monitoring stack (public-cert agents) |