IP range allow listing ip-range-allow-listing
SFTP servers are protected. In order to be able to access them to view files or write new ones, you need to add the public IP address of the system or client that accesses the servers to the allow list.
Discover this feature in video using Campaign v7/v8 or Campaign Standard
About the CIDR format about-cidr-format
CIDR (Classless Inter-Domain Routing) is the supported format when adding IP ranges with the Control Panel interface.
The syntax consists of an IP address, followed by a ‘/’ character, and a decimal number. The format and its syntax are fully detailed in this article.
You can search on the Internet for free online tools that will help you convert the IP range that you have in hand to CIDR format.
Best practices best-practices
Make sure you follow the recommendations and limitations below when adding IP addresses to the allow list in the Control Panel.
- Add IP ranges to the allow list rather than single IP addresses. To add a single IP address to the allow list, append a ‘/32’ to it to indicate that the range only includes a single IP.
- Do not add very wide ranges to the allow list, for example including > 265 IP addresses. The Control Panel will reject any CIDR-format ranges that are between /0 and /23.
- Only public IP addresses can be added to the allow list.
- Make sure to regularly delete IP addresses that you do not need anymore from the allow list.
Adding IP addresses to the allow list adding-ip-addresses-allow-list
To add an IP range to the allow list, follow these steps:
-
Open the SFTP card, then select the IP Allow Listing tab.
-
The list of IP addresses on the allow list displays for each instance. Select the desired instance from the left-hand side list, then click the Add new IP range button.
-
Define the IP range that you want to add to the allow list. This field only accepts IP ranges in CIDR format, such as 192.150.5.0/24.
note important IMPORTANT An IP range cannot overlap an existing range on the allow list. In that case, first delete the range that contains the overlapping IP. -
It is possible to add a range to the allow list for multiple instances. To do this, press the down arrow key or type the first letters of the desired instance, then select it from the suggestions list.
-
Define the label that will display for this IP range in the list.
note note NOTE The following special characters are allowed in the Label field: . _ - : / ( ) # , @ [ ] + = & ; { } ! $
-
To better manage your IP allow list, you can set a duration for the availability of each IP range. To do so, select a unit in the Type drop-down list and define a duration in the corresponding field. For more on IP range expiry, see this section.
note note NOTE By default, the Type field is set to Unlimited, which means that the IP range never expires. -
In the Comment field, you can indicate a reason for allowing this IP range (why, for whom, etc.).
-
Click the Save button. The IP range addition to the allow list will be displayed as Pending until the request is fully processed, which should only take a few seconds.
Managing IP ranges managing-ip-ranges
The IP ranges that you create display in the IP Allow Listing tab.
You can sort the items based on the creation date or edition date, on the user who created or edited it, and on the IP range expiry.
You can also search an IP range by starting to type a label, a range, a name or a comment.
To edit one or more IP ranges, see this section.
To delete one or more IP ranges from the allow list, select them, then click the Delete IP range button.
Expiry expiry
The Expires column shows how many days remain until the IP range will expire.
If you subscribed to email alerting, you will receive notifications by email 10 days and 5 days before an IP range will expire, and on the day it is due to expire. Upon receiving the alert, you can edit the IP range to extend its validity period if needed.
An expired IP range will be automatically deleted after 7 days. It is shown as Expired in the Expires column. Within this 7 day-period:
-
An expired IP range cannot be used anymore to access the SFTP servers.
-
You cannot create another IP range that overlaps an expired range. You need to first delete the expired IP range before creating the new one.
-
You can edit an expired IP range and update its duration to make it available again.
-
You can delete it from the allow list.
Editing IP ranges editing-ip-ranges
To edit IP ranges, follow the steps below.
-
Select one or more IP ranges from the IP Allow Listing list.
-
Click the Update IP range button.
-
You can only edit the IP range expiry and/or add a new comment.
note note NOTE To modify the CIDR format, its label or edit the related instance(s), you must first delete the IP range and create a new one corresponding to your needs. -
Save your changes.
Monitoring changes monitoring-changes
The Job Logs in the Control Panel home page let you track and monitor all changes that have been made to IP addresses on the allow list.
For more on the Control Panel interface, refer to this section.