Question:
I am unable to enable or allow outbound access by DNS names. How do I find the list of IP addresses used by Sumo Logic so I can add these to my firewall rules?
Answer:
Sumo Logic runs within AWS and utilizes dynamic load balancing to manage incoming requests to the service. Due to the dynamic nature of the service, Sumo Logic cannot guarantee a static set of IPs will always be used so you will need to allow or enable a range of possible IPs based on where your account is located.
The first thing to check is the Sumo Logic deployment your account is currently registered on, which was selected at the time of account sign up. The easiest way to see which deployment your account uses is to look at the Sumo Logic URL after you have logged into your account. For example, if you see "us2" that means you're running on the US2 pod. If you see "eu" or "au" you're on one of those pods.
Once your deployment has been determined you will need to determine the AWS Region where your account is managed in order to determine the list of IPs that may be used.
Once you know which AWS region your account is hosted under you can get the list of IPs for that region by downloading the AWS IP Address Ranges JSON file from the AWS IP Address Ranges documentation. AWS supplies some tools for filtering through the list of IPs found within this JSON file. For the purpose of allow-listing outbound access to Sumo Logic you will need to use the IPs for the "Amazon" and "EC2" services for your selected region.

Comments
0 comments
Please sign in to leave a comment.