Outbound IP requirements
There are specific IP addresses that Matillion ETL must communicate with to operate correctly. You will be required to configure your firewalls to allow communication with the IP addresses and ports listed in this article.
Access ports
In general, our data transfer components do not communicate over HTTP/S, but directly over specific ports. To use components that use the following services, the listed ports need to be opened between the Matillion ETL instance and the internet. Depending on what services you use, you may not need all of these to be opened.
| Internal Port | External Port | Direction | Description |
|---|---|---|---|
| 21 | 21 | Outgoing | FTP access used by the Data Transfer component. |
| 22 | 22 | Outgoing | SFTP access used by the Data Transfer component. |
| 22 | 22 | Incoming | SSH access to the Matillion ETL instance. |
| 389 | 389 | Both | LDAP, including external authentication. |
| 8080 | 80 | Both | HTTP access for Matillion ETL user interface and some connectors. |
| 8443 | 443 | Both | HTTPS access for Matillion ETL user interface and some connectors. |
| 5701-5703 | 5701-5703 | Both | Cluster ports between instances, if using high availability. |
| N/A | 5432 | Outgoing | PostgreSQL port if the Matillion ETL metadata database is kept externally. |
| N/A | 443 & 80 | Outgoing | Access to Snowflake, required by several connectors. |
| N/A | 443 | Outgoing | Access to Google BigQuery, required by several connectors. |
| N/A | 5439 | Outgoing | Access to AWS Redshift, required by several connectors. |
| N/A | 1433 | Outgoing | Access to Azure Synapse, required by several connectors. |
| N/A | 1433 | Outgoing | Access to Microsoft SQL Server, required by the Microsoft SQL Server Output component. |
| N/A | 1521 | Outgoing | Access to Oracle RDS, required by connectors such as RDS Query. |
| N/A | 3128 & 3130 | Outgoing | Required for access to the Squid proxy server. |
| N/A | 3306 | Outgoing | Access to MySQL, required by several connectors. |
Matillion billing API
For communication with Matillion's billing API, allow the following on port 443:
13.248.217.21
76.223.69.85
The following URL must be allowed, as it's a requirement for licensing billable instances. If it's blocked, the instance will stop functioning:
telemetry.matillion.com
Telemetry
Matillion ETL requires outbound communication with the following URLs to send telemetry data, used for pipeline observability:
api.observability-dashboard.core.matillion.com
telemetry.matillion.com
Communication during updates
The following URL must be allowed before performing an update to your Matillion ETL version. Read Updating and migrating for more details.
artifacts.matillion.com
Matillion ETL for Snowflake
Snowflake uses Online Certificate Status Protocol (OCSP) to provide security when Snowflake clients attempt to connect through HTTPS. All communication with Snowflake happens using port 443; however, OCSP certification checks are transmitted over port 80. Ensure that your firewall allows outgoing communication on both of these ports. In addition, ensure that the following URLs are allowed. This is mandatory if using Snowflake.
Note
These are examples of the most commonly used hosts. For each region (or individual account), Snowflake may use a certificate issued by a different CA, which results in different hosts and URLs. Read the Snowflake documentation for more details.
Snowflake on AWS
ocsp.snowflakecomputing.com:80
*.amazontrust.com:80
*.digicert.com:80
*.netsolssl.com:80
*.ss2.us:80
*.usertrust.com:80
Snowflake on Microsoft Azure
ocsp.snowflakecomputing.com:80
*.digicert.com:80
*.msocsp.com:80
Snowflake on Google Cloud Platform
ocsp.snowflakecomputing.com:80
ocsp.digicert.com:80
ocsp.pki.goog:80