CIC Inbound and Outbound Connections

  • Updated

This article provides information about connections between Trading Partners and CIC. The terms Inbound and Outbound are used relative to CIC. 

Inbound Connections to CIC

Trading Partners (and in some cases, internal systems) can initiate connections to CIC using a variety of protocols. When you set up a CIC Endpoint, the Endpoint configuration describes the fully qualified domain names and ports to be used for these connections.

Endpoint Type How to connect
Partner Mailbox
  • Plain FTP: ftp://tenant.cleointegration.cloud:21
  • Explicit FTPS: ftps://tenant.cleointegration.cloud:21
  • Implicit FTPS: ftps://tenant.cleointegration.cloud:990
  • SFTP: sftp://tenant.cleointegration.cloud:22
  • Cleo Portal: https://tenant.cleointegration.cloud/portal
    Users should change their password in Cleo Portal upon first login.
AS2
  • AS2 URL: https://tenant.cleointegration.cloud/as2
  • AS2-To Header: My AS2 Name
  • AS2-From Header: Partner AS2 Name
OFTP
  • Plain OFTP: oftp://tenant.cleointegration.cloud:3305
  • Secure OFTPS: oftps://tenant.cleointegration.cloud:6619
API Provider
  • https://tenant-api.integrationplatform.io/API Name

Authenticating Inbound Connections

Trading Partners want to be assured that they are connecting to CIC and not to an unauthorized interloper. This assurance can be based on:

  • X.509 Certificate, when using a protocol based on TLS, including FTPS, HTTPS, secure AS2, and secure OFTP.
  • SSH fingerprint, when using SFTP.
  • IP address for any protocol. See IP Allowed List.

Outbound Connections from CIC

CIC can establish connections to Trading Partners and internal systems using a variety of technologies, including the following file transfer protocols, invoked through Cloud Adapters and Data Flows:

  • AS2
  • OFTP
  • FTP(S)
  • SFTP
  • Email (SMTP, POP, and IMAP)
  • Other specialized connections including:

Authenticating Outbound Connections

Typically, these connections from CIC are authenticated based on the credentials configured for the endpoints or other CIC objects. Additionally, some trading partners and internal systems may choose to whitelist the source IP addresses of the connections.  See IP Allowed List.

IP Allowed List

The CIC IP Allowed List for CIC consists of the following:

  • 44.224.240.12
  • 44.226.68.8
  • 44.233.112.35
  • 44.233.41.247
  • 192.245.195.0/24

CIC also uses technologies for outbound connections that use additional source IP addresses. Outbound connections for JDBC Data Sources (other than those using a proxy to connect from CIC - see Connecting CIC to an existing database) and web service consumer connections originate from one of the following IP addresses:

  • 54.214.91.118
  • 52.24.101.82
  • 54.68.21.169

SMTP Connections for the SendEmail task leverage Amazon Web Services Simple Email Service (AWS SES). The source IP addresses for AWS SES are described by the SES SPF record as described in Amazon SES IP Addresses.

Using a Subnet Mask

If your network requires a subnet mask and you use individual IP addresses, the subnet mask is 255.255.255.255.

If you use the range of IP addresses, the subnet mask is 255.255.255.0.

You can specify the range as shown below:

Format Example
CIDR Notation 192.245.195.0/24
Wildcard Notation 192.245.195.*
Range Notation 192.245.195.0-192.245.195.255

Limited Primary/Failover IP Network

CIC supports a limited primary/failover IP network for cases where Trading Partners cannot support whitelisting a large number of addresses. The following two IP addresses are dedicated to this limited network.

  • 192.245.195.1
  • 192.245.195.3

See Limited Primary/Failover IP Network for more information.

 

 

 

Related articles