Skip to content

Outbound IP requirements

There are specific IP addresses that Matillion ETL must communicate with to operate correctly. You will be required to configure your firewalls to allow communication with the IP addresses and ports listed in this article.


Access ports

In general, our data transfer components do not communicate over HTTP/S, but directly over specific ports. To use components that use the following services, the listed ports need to be opened between the Matillion ETL instance and the internet. Depending on what services you use, you may not need all of these to be opened.

Internal Port External Port Direction Description
21 21 Outgoing FTP access used by the Data Transfer component.
22 22 Outgoing SFTP access used by the Data Transfer component.
22 22 Incoming SSH access to the Matillion ETL instance.
389 389 Both LDAP, including external authentication.
8080 80 Both HTTP access for Matillion ETL user interface and some connectors.
8443 443 Both HTTPS access for Matillion ETL user interface and some connectors.
5701-5703 5701-5703 Both Cluster ports between instances, if using high availability.
N/A 5432 Outgoing PostgreSQL port if the Matillion ETL metadata database is kept externally.
N/A 443 & 80 Outgoing Access to Snowflake, required by several connectors.
N/A 443 Outgoing Access to Google BigQuery, required by several connectors.
N/A 5439 Outgoing Access to AWS Redshift, required by several connectors.
N/A 1433 Outgoing Access to Azure Synapse, required by several connectors.
N/A 1433 Outgoing Access to Microsoft SQL Server, required by the Microsoft SQL Server Output component.
N/A 1521 Outgoing Access to Oracle RDS, required by connectors such as RDS Query.
N/A 3128 & 3130 Outgoing Required for access to the Squid proxy server.
N/A 3306 Outgoing Access to MySQL, required by several connectors.

Matillion billing API

For communication with Matillion's billing API, allow the following on port 443:

13.248.217.21
76.223.69.85

The following URL must be allowed, as it's a requirement for licensing billable instances. If it's blocked, the instance will stop functioning:

api.billing.matillion.com

For further information on communication with the billing API, read Configuring a connection from Matillion ETL to Hub.


Telemetry

Matillion ETL requires outbound communication with the following URLs to send telemetry data, used for pipeline observability:

api.observability-dashboard.core.matillion.com
telemetry.matillion.com

Communication during updates

The following URL must be allowed before performing an update to your Matillion ETL version. Read Updating and migrating for more details.

artifacts.matillion.com

Matillion ETL for Snowflake

Snowflake uses Online Certificate Status Protocol (OCSP) to provide security when Snowflake clients attempt to connect through HTTPS. All communication with Snowflake happens using port 443; however, OCSP certification checks are transmitted over port 80. Ensure that your firewall allows outgoing communication on both of these ports. In addition, ensure that the following URLs are allowed. This is mandatory if using Snowflake.

Note

These are examples of the most commonly used hosts. For each region (or individual account), Snowflake may use a certificate issued by a different CA, which results in different hosts and URLs. Read the Snowflake documentation for more details.

Snowflake on AWS

ocsp.snowflakecomputing.com:80
*.amazontrust.com:80
*.digicert.com:80
*.netsolssl.com:80
*.ss2.us:80
*.usertrust.com:80

Snowflake on Microsoft Azure

ocsp.snowflakecomputing.com:80
*.digicert.com:80
*.msocsp.com:80

Snowflake on Google Cloud Platform

ocsp.snowflakecomputing.com:80
ocsp.digicert.com:80
ocsp.pki.goog:80