If you or your organization use restrictive firewall or proxy server settings, you or your network administrator may need to allow-list certain domains and IP address ranges to ensure Atlassian cloud products and other services work as expected.If you're using restrictive firewall or proxy server settings, you or your network admin will need to allow (whitelist) certain domains and IP address ranges to ensure Atlassian cloud products and other services work as expected.
The information on this page covers all Atlassian products. However, there is some additional information specific to some products, for that please see the section on Bitbucket and Trello.
Domain names
Allow these domains for Atlassian cloud products and related services:
https://*.atl-paas.net
https://*.atlassian.com
https://*.atlassian.net
https://*.jira.com
https://ajax.googleapis.com
https://cdnjs.cloudflare.com
IP address ranges
We currently use a mix of our own IP addresses and others provided by third parties (namely Amazon Web Services). You should review your network restrictions in the context of the following sections and update them as necessary to ensure your Atlassian cloud products work as intended.
Atlassian cloud products and sites
Atlassian products and sites don't have fixed individual IP addresses, instead they use defined ranges of IP addresses. You should allow-list these IP ranges to maintain access to Atlassian cloud products and sites:
https://ip-ranges.atlassian.com/
This list is sizable because it contains every IP range used globally by Atlassian for both receiving and responding to requests from clients (e.g. browsers) as well as those used for making connections to the internet on your behalf (e.g. webhooks and application links to on-premises servers).
In practice most Application, Network and Systems Administrators operating allow-listing systems (such as Firewalls, Access Control Lists and Security Groups) will only be interested in the IP ranges Atlassian products use to make outgoing connections to other networks. For that, much shorter, list please see the section of this page titled Outgoing Connections.
If you can update your allow list programmatically from the linked file, it'll save you from needing to check it regularly.
Outgoing Connections
The IP ranges for Atlassian cloud products and sites, mentioned above, also contain the IP address ranges we use for Outgoing Connections to the internet made on your behalf. Examples of Outgoing Connections include application links between Cloud products and on-premises Confluence Server and Jira Server instances, webhooks you request from our Cloud products, repository cloning, and checking for new emails on your email server.
We generally recommend using these IP ranges when allowing our outgoing connections to contact your network. However, if your situation requires a shorter list of only the specific IP ranges used by Atlassian for making outgoing connections, you can use this subset of ranges:
13.52.5.96/28
13.236.8.224/28
18.184.99.224/28
18.234.32.224/28
18.246.31.224/28
52.215.192.224/28
104.192.137.240/28
104.192.138.240/28
104.192.140.240/28
104.192.142.240/28
104.192.143.240/28
185.166.143.240/28
185.166.142.240/28
Amazon web services and CloudFront
We use Amazon Web Services and CloudFront Content Delivery Network (CDN) to deliver webpage assets to browsers. Customers employing strict network restrictions on destinations allowed for client browsers may find it necessary to allow-list IP ranges with the tags "AMAZON" or "CLOUDFRONT" from this list to ensure Atlassian applications work properly.
You'll save time regularly checking updates to the IP ranges if you programmatically update the IP ranges you allow.
Outbound email
We use the below IPs to send notifications. You should allow the following IP ranges:
167.89.0.0/17, 192.174.80.0/20, 147.253.208.0/20, 168.245.0.0/17, 34.211.27.137, 34.211.27.236, 34.213.22.229, 34.249.70.175, 34.251.56.38, 34.252.236.245, 52.51.22.205, 54.187.228.111, 34.209.119.136, 34.211.27.82, 34.212.5.76, 34.253.110.0, 34.253.57.155, 35.167.157.209, 35.167.7.36, 52.19.227.102, 52.24.176.31, 54.72.208.111, 54.72.24.111, 54.77.2.231
Bitbucket and Trello
Some of our products aren't hosted on the same atlassian.net domain as Confluence and Jira. Check the documentation for Bitbucket and Trello to find out which domains, IP address ranges, and ports you need to allow.