Hello guys, we are currently working with the Forge platform to integrate Atlassian Cloud solutions with data center environments and have observed some changes and updates regarding outgoing connections.
We have transitioned our apps to the “new” native runtime for Forge apps. To ensure our customers’ firewall and security configurations are up-to-date, could you please provide clarification on the following points?
Current IP Address Ranges: With the transition to the new native runtime, which IP address ranges should our customers use for configuring their firewalls and other network security measures? Should they refer to the ranges listed in the Outgoing Connection documentation or the ranges mentioned in the dev change logs?
Frequency of Changes: How often are these IP address ranges updated, particularly those listed in the Outgoing Connection documentation? Our customers using data center solutions might face challenges with automatically updating their security settings based on the JSON file that provides all IP ranges.
Handling Proxy Solutions or Cloud Tunnels: Are there any recommended practices or Atlassian-supported methods for managing outgoing connections through proxy solutions or cloud tunnels? We aim to ensure that our setup remains compliant and functional with minimal disruptions.
Thanks for your questions. I will try to answer them at the best of my abilities,
The dev change logs will refer to the same Outgoing Connection documentation. So it’s probably best to keep a tap on the latter for ip addresses. But I’d definitely recommend keeping an eye on the dev change log regardless as we’re always announcing upcoming changes and features that might be useful
I couldn’t find anything if these addresses change on a regular interval so it’s probably best to keep monitoring the UTL mentioned: https://ip-ranges.atlassian.com/. The outgoing connections documentation has some instructions in case you’d want to automate this. But maybe a simple script to compare output from curl -s https://ip-ranges.atlassian.com/ | jq ".creationDate" -r can be suffiecient to know the list has been updated.
We will monitor the development change log for sure we just wanted to clarify which IP address ranges to use as the ranges mentioned in the development log do not match those in the Outgoing Connection documentation. Now it is clear.
Anyway application tunnels are not suitable for our case as we do not send requests to Jira within our Forge app, but to another third-party service (a data center solution). Therefore, we are looking for some Atlassian proxy solution, if available, to avoid the need for users to react to changes in IP address ranges, as this requires extensive company processes on their side.
At the moment I’m not aware of any other tunneling offering we may have but maybe if I understand the architecture better, there could be alternative solutions, like Forge Remote?
thank you for your suggestions. Unfortunately, Forge Remote is not suitable for our scenario, as it primarily handles authorization and integration between two platforms. Our main objective is to eliminate the need to react to changes in IP ranges, ideally consolidating to a single address or range for outbound requests, which would be managed automatically without requiring our intervention (our own infrastructure).
We also explored whether Atlassian offers a solution that fits this need but have not found anything that addresses it directly.
