Skip to main content
If you are using the Full SaaS version of , you may need to configure your source systems to accept requests from a set range of IP addresses. If the Hybrid SaaS version means you have installed some hybrid agents in your cloud infrastructure and don’t want to allow unrestricted outbound access, then you will need to allow access to a specified range of IP addresses.

Agents and Git repositories

Full SaaS

If you’re using a Full SaaS agent configuration, you may need to allow the following IP address ranges from which agents will call out to their source systems or to cloud data platforms. The IP addresses differ between EU and US regions. UK and EU region: 
3.253.125.96/28
3.145.243.112/28
US region: 
44.213.193.16/28
13.39.113.112/28

Hybrid SaaS agents and Git repositories

This applies to both s and s. If you’re using a Hybrid SaaS deployment, note that it only necessitates outbound communication. For added security measures—along with ensuring access to any desired data sources for —you need to allow the following IP address ranges to enable communication between the agent and . You must also allow outbound communication on port 443 from the agent container to . For users connecting to their own external repositories (such as “connect your own Git” on Github or Azure DevOps), these IPs will need to be allowed on the repository or organization being connected to. Note that these IP addresses vary between the EU and US regions. UK and EU region: 
3.252.50.48/28
13.38.202.208/28
US region: 
44.211.122.80/28
3.145.235.48/28
You also need to include the following DNS entries in your outbound allowlist: Global: 
keycloak.core.matillion.com
EU region: 
opentelemetry.eu1.core.matillion.com
US region: 
opentelemetry.us1.core.matillion.com
You must also ensure that any other internal services (for example, AWS or Azure) are accessible, as well as the source systems you wish to connect to (for example, Oracle or SAP).

Connecting Matillion ETL to

When configuring a connection from Matillion ETL to , allow list the following address: api.billing.matillion.com. If you need to allow a static IP address, allow the following outbound addresses (on port 443) in your security group: 
13.248.217.21
76.223.69.85
Full details on connecting Matillion ETL to are provided in Configuring a connection from Matillion ETL to .

Custom connectors and Flex Connectors

You may need to allow the following IP addresses before using custom connectors, Flex connectors or connecting to your own Git repository. UK and EU region: 
3.252.50.48/28
13.38.202.208/28
US region: 
44.211.122.80/28
3.145.235.48/28

Data Loader CDC

Allow outbound communication on port 443 from the agent container to for initiating the websocket connection. The initial connection is from the agent out to —ongoing communication is then bidirectional, but there is no need to allow inbound traffic. The specific endpoints that the agent must communicate with are: 
ws-us.matillion-cdc-prod.matillion.com
ws-eu.matillion-cdc-prod.matillion.com