Issued: Sep 17th, 2021
This bulletin addresses changes to the Contrast SaaS system
To make it easier and more efficient for customers to open firewalls using multiple IP ranges, Contrast plans to move to a small range of static IP addresses.
What’s changing and why?
Several months ago, Contrast took steps to cut network latency in half by moving inbound traffic from the Contrast SaaS system to AWS CloudFront Content Delivery Network (CDN).
At the time, Contrast used a large number of IP addresses, which was hard for our customer to manage. With the changes, the list will decline to only 8 and will not change over time—thus making it easier to manage open firewalls without manually checking for IP address changes. Beginning on September 17, customers should open these 8 holes in their firewall. On October 31, all traffic will come from these 8 IP addresses and customers will not need to "allowlist" the Amazon IP space.
What does this mean to you?
If it is necessary to add an IP-based rule to your firewall in order to allow traffic to reach the Contrast SaaS system, you will need to add the new IP addresses to your edge firewalls. For a further list of new IPs as well as any other applicable technical details click here.
If the new IP addresses are not added to your edge firewalls, your network could be blocked when trying to reach Contrast SaaS systems.