When self-hosting the Transcend Security Gateway (AKA "Sombra"), you can allowlist ingress traffic from Transcend to be from the list of IP addresses found here. Note all IP addresses need to be allowed.
|Region||IP Addresses (CIDR notation)|
|Europe (Ireland + Frankfurt)||220.127.116.11/32|
|United States (Virginia + Oregon)||18.104.22.168/32|
Note: Europe is the default hosting region for most Transcend customers. It is possible to localize different data stores by deploying multiple Sombra Gateways to different regions or clouds.
If you are not self-hosting the security gateway, you may want to add IP-restriction on all incoming webhooks and database connections. All traffic will originate from:
|Region||IP Addresses (CIDR notation)||Address|
|Europe (Ireland + Frankfurt)||22.214.171.124/32|
|United States (Virginia + Oregon)||126.96.36.199/32|
Restricting IP ranges for receiving a webhook is always a great idea; however, you should only use this as a secondary form of authentication. It is crucial that you always verify the incoming webhook signature. Please refer to this guide for information on verifying the webhook signature.