Outbound connections using the new native Node.js runtime

I’m trying to connect to web services running inside our companies internal network, and my understanding so far is that forge apps can run under a really big CIDR range (the whole AWS network), which has made in infeasible for us to allow incoming traffic from Forge into our network.
I’ve been testing out the new native Node.js runtime, and vaguely understood that it uses an “outbound proxy” which could potentially mean that from the perspective of our companies web services, the incoming traffic from Forge originates from a much smaller CIDR range (specific to the outbound proxy only), which would make it less of a security concern for us to allow the incoming traffic into our network.

Am I on the right path here? I’m not even sure about that, I’m simply hoping that we can connect to the services running inside our network, from Forge, without having to enable traffic from a huge range of IP addresses.

Can someone explain the “outbound proxy” entity that is mentioned in the docs for the new runtime? Does it enable something like I’ve described above, and if so, how can I enable it (perhaps it is enabled by default soon as I start using the new native runtime?), and how can I figure out the IP addresses that we’d have to allow traffic from to enable connections from Forge through the outbound proxy and into our network?



Hi @SdsBjrkJnsdttir,

Not sure if it’s too late to reply but here’s the doc where you can find the IP list: https://developer.atlassian.com/platform/forge/runtime-reference/native-nodejs-runtime/#ip-address-range-changes-for-outgoing-connections

And yes, it’s enabled by default once your app is deployed with the new native runtime.

1 Like