Allowlist public NAT gateways¶

You might need to allowlist the public NAT gateways used by the Control Plane to ensure seamless communication between Venafi and your internal network.

For example, if you're using GlobalSign MSSL as your certificate authority (CA), have IP access restrictions with Digicert Cert Central, or require TLS Protect Cloud webhooks to interact with internal company resources, you may need to add Venafi NAT gateways to your allowlist.

NAT gateway IPs (US)¶

The Venafi Control Plane routes outbound network traffic through the following NAT gateway IP addresses in the United States:

• 54.152.176.29
• 54.88.235.205
• 35.168.251.228

NAT gateway IPs (EU)¶

The Venafi Control Plane routes outbound network traffic through the following NAT gateway IP addresses in Europe:

• 3.77.245.88
• 3.74.136.88
• 18.158.118.133

Example use cases for using this information¶

1. GlobalSign MSSL users: If you have IP access restrictions, include the above NAT gateway IPs in your allowlist.
2. Digicert Cert Central users: Add these IPs to your IP access restrictions settings to ensure seamless interactions with Venafi Control Plane.
3. Webhook configuration: If you wish for Venafi Control Plane webhooks to call internal company resources, ensure these IPs are configured to bypass any existing restrictions.

By adding these NAT gateway IPs to your respective settings, you'll facilitate seamless communication between Venafi and your internal network.

Related links¶

• VSatellite network connections (US)
• VSatellite network connections (EU)