IP Allowlisting
When self-hosting the Transcend Security Gateway (AKA "Sombra"), you will need to allowlist ingress traffic from Transcend to your Sombra gateway by allowing the following list of IP addresses (Note all IP addresses need to be allowed)
| Region | IP Addresses (CIDR notation) |
|---|---|
| Europe (Ireland + Frankfurt) | 52.215.231.215/32 63.34.48.255/32 34.249.254.13/32 54.75.178.77/32 |
| United States (Virginia + Oregon) | 54.144.160.228/32 3.218.78.195/32 34.199.52.20/32 |
If you do not know which region you are hosted in, it is likely Europe. This is the default hosting region for most Transcend customers. We chose this as the default as there are more laws preventing EU data from transfering to the US compared to US data transferring to the EU. It is possible to localize different data stores by deploying multiple Sombra Gateways to different regions or clouds.
If you are not self-hosting the security gateway, you may want to add IP-restriction on all incoming webhooks and database connections. All traffic will originate from:
| Region | IP Addresses (CIDR notation) | Address |
|---|---|---|
| Europe (Ireland + Frankfurt) | 34.252.15.52/32 99.81.28.239/32 | https://multi-tenant.sombra.transcend.io |
| United States (Virginia + Oregon) | 44.209.5.150/32 54.226.163.189/32 | https://multi-tenant.sombra.us.transcend.io |
Restricting IP ranges for receiving a webhook is always a great idea; however, you should only use this as a secondary form of authentication. It is crucial that you always verify the incoming webhook signature. Please refer to this guide for information on verifying the webhook signature.