All of our servers use dynamic IP addresses. Dynamic IP addresses are used to provide a highly available, redundant, reliable, distributed, and load-balanced solution. As the name implies, Dynamic IP addresses are not permanently attached to the customer server. Dynamic IP addresses could change as frequently as once per minute.
Firewall Quick Start (preferred method)
When configuring firewalls, the best and simplest solution is to whitelist all traffic to
*.leading2lean.com. Filtering by DNS address is preferred since our servers are load balanced and span multiple IP addresses and address ranges, so you won't have to re-configure your Firewall every time the IP address changes.
If you are able to configure your Firewall to allow all traffic to
*.leading2lean.com, no further action is required. If your Firewall requires IP addresses, please see the Detailed Guide below.
Proxy Servers Quick Start (preferred method)
Generally speaking, proxies are not designed to work well with dynamic websites. It's best to bypass proxies for web traffic for destined for
*.leading2lean.com. Users with corporate proxies may sometimes get random http 502 Proxy / Bad Gateway Errors unless the proper whitelisting is setup.
If you are unable to configure your Proxy server to allow traffic to pass through to
*.leading2lean.com, please use the detailed guide below to configure your Proxy rules.
We use TCP port 443 (SSL/TLS 1.2/1.3) for outbound traffic from your local network by browsers, any integration scripts, and mobile apps.
Firewall/Proxy Detailed Guide
L2L DISPATCH is a distributed platform that utilizes assets across multiple domains. Since our websites use dynamic IP addresses, firewall/proxy rules must be updated every time an IP address changes. Dynamic IP addresses can change as often as once per minute, and they can be different in different parts of the world, so we highly recommend using DNS host-based rules as documented in the quick-start guides above when possible. Customers who use IP-based rules must monitor IP addresses internally; L2L does not notify customers of IP address changes.
Here are the websites that will need to be allowed through the firewall/proxy:
Support Sites. The following websites contain support articles and general information about L2L. These IP addresses do change. The IP addresses at the time of writing are included below.
support.leading2lean.com: 126.96.36.199 www.leading2lean.com: 188.8.131.52
Customer Servers. This is the URL that you use to log in to the DISPATCH solution. This URL is different for every customer. Substitute "[customer]" with your company name. The amazonaws.com rule will ensure that connections from the final host don't get dropped.
Amazon S3 Assets. Assets such as documents and images stored in L2L DISPATCH are stored in an isolated Amazon S3 bucket for each customer. These servers are load balanced and distributed, so the IP address ranges will depend on your location. The domains are:
How to look up IP address ranges
Since each of the above servers are configured using Dynamic IP addresses and use load balancers, you should configure your IP-based firewall/proxy using a range of IP addresses. There are multiple methods to look up IP address ranges. Here is one such method:
- From a command prompt use
nslookupto lookup an IP address for your customer server. For this example, we will use
l2l.leading2lean.com. You will receive a result that looks something like this:
;; ANSWER SECTION:
l2l.leading2lean.com. 300 IN A 184.108.40.206
- Take the IP address from the response (e.g.
220.127.116.11) and run a whois query on it. You can use built-in utilities or certain whois websites, such as http://www.arin.net/whois/.
- In the Whois results, you will see a range of IP addresses and a CIDR reference, like this:
Net Range: 18.104.22.168 - 22.214.171.124
- You can use the IP address range or CIDR reference in your firewall/proxy rules to whitelist the website.