This article provides information about connections between Trading Partners and CIC. The terms Inbound and Outbound are used relative to CIC.
Inbound Connections to CIC
Trading Partners (and in some cases, internal systems) can initiate connections to CIC using a variety of protocols. When you set up a CIC Endpoint, the Endpoint configuration describes the fully qualified domain names and ports to be used for these connections.
|Endpoint Type||How to connect|
Authenticating Inbound Connections
Trading Partners want to be assured that they are connecting to CIC and not to an unauthorized interloper. This assurance can be based on:
- X.509 Certificate, when using a protocol based on TLS, including FTPS, HTTPS, secure AS2, and secure OFTP.
- SSH fingerprint, when using SFTP.
- IP address for any protocol. See IP Allowlist.
Outbound Connections from CIC
- Email (SMTP, POP, and IMAP)
- Other specialized connections including:
Authenticating Outbound Connections
Typically, these connections from CIC are authenticated based on the credentials configured for the endpoints or other CIC objects. Additionally, some trading partners and internal systems may choose to whitelist the source IP addresses of the connections. See IP Allowed List.
The CIC IP Allowlist for CIC consists of the following:
CIC also uses technologies for outbound connections that use additional source IP addresses. Outbound connections for JDBC Data Sources (other than those using a proxy to connect from CIC - see Connecting CIC to an existing database) and web service consumer connections originate from one of the following IP addresses:
SMTP Connections for the SendEmail task leverage Amazon Web Services Simple Email Service (AWS SES). The source IP addresses for AWS SES are described by the SES SPF record as described in Amazon SES IP Addresses.
Using a Subnet Mask
If your network requires a subnet mask and you use individual IP addresses, the subnet mask is 255.255.255.255.
If you use the range of IP addresses, the subnet mask is 255.255.255.0.
You can specify the range as shown below:
Limited Primary/Failover IP Network
CIC supports a limited primary/failover IP network for cases where Trading Partners cannot support whitelisting a large number of addresses. The following two IP addresses are dedicated to this limited network.
See Limited Primary/Failover IP Network for more information.