End of Support for Zuora Firewall IP Whitelist

bibek Zuora Staff

Zuora Staff

End of Support for Zuora Firewall IP Whitelist

by Zuora Staff 2 weeks ago

As part of our ongoing commitment to ensure the highest availability and optimal security of our services we are making some updates to the way our services are made available. Effective 09/27/2018, Zuora will no longer support static IP addresses for customers to whitelist. This change is being made after thorough assessment of evolving security risks and will allow us to take full advantage of latest cloud technologies to provide greater availability and resiliency for you as our customer.

 

Actions you need to take:

If you use IP whitelisting to connect Zuora services, please remove IP whitelists to lift any restriction on IP addresses to connect to Zuora services.

 

Other actions you can take for secure integration:
If egress traffic filtering is a key security control for you, one or multiple of the below traffic filtering approaches can be used as alternative.

  • Domain name based filtering: You may use domain name based filtering to whitelist *.zuora.com
  • Access Control List using Proxy: You may use forward proxy and restrict proxy to allow only *.zuora.com domain.
  • Tenant IP Access Control List: Use IP Whitelisting within your tenant configuration to restrict access from origin IP addresses authorized by you.

How Zuora ensures security of your integration:

  • Encryption in transit: Zuora ensures latest and secure TLS protocols are used to encrypt all traffic to Zuora in transit.
  • Authentication: Zuora enforces strong authentication for all APIs used during integration.
  • Threat Detection: Zuora uses multiple state-of-the-art security tools to detect and mitigate any threat to Zuora services and customer data round the clock.

Comments
dmitry Tutor

Tutor

by Tutor dmitry
2 weeks ago

Hello Bibek,

 

Does it affect outbound (from Zuora) connections too or inbound (to Zuora) only? I.e. will Zuora make outbound API calls from the predefined IP list still?

bibek Zuora Staff

Zuora Staff

by Zuora Staff
2 weeks ago

That is correct @dmitry. No change with respect to outbound IP addresses Zuora use for callouts. 

kimura-tomohiro Valued Scholar

Valued Scholar

by Valued Scholar kimura-tomohiro
2 weeks ago

Hello Bibek,

 

Does this announcement mean that the following functions can not be used anymore?
Administration > Manage User Roles > Allowable Login IP Address Ranges

bibek Zuora Staff

Zuora Staff

by Zuora Staff
2 weeks ago

@kimura-tomohiro - You can continue to use IP Access List within Zuora product. This feature is a good way to secure access to your tenant. With respect to this announcement, we are only lifting IP address limitations, Zuora services use or resolve to.