Update Your Network's Allowlist

If the computer that hosts the robot agent has restrictions on outbound connections to the public internet, you might need to update your network's allowlist to allow outbound access to the websites that are required for the robot to run.

 

When to Update the Allowlist

Updating your network's allowlist is not required when the robot agent's computer has unrestricted access to and from the public internet.

However, if your network restricts outbound connections to the public internet, you probably need to update the allowlist. For example, update the allowlist if either of the following statements is true:

• Your organization installed the robot agent on a computer in a private subnet, which doesn't have direct access to or from the public internet.

• Your organization restricts the outbound connections from the robot agent's VM to specific websites.

 

Reasons to Update the Allowlist

Updating the allowlist allows for improved security, compliance, and cost and performance control.

• Security: Restrict outbound traffic to only trusted destinations, and prevent unauthorized data exfiltration.

• Compliance: Meet regulatory requirements by limiting traffic to only approved networks and services, and avoid the accidental exposure of sensitive data.

• Cost and performance control: Prevent unnecessary or malicious outbound traffic, and keep workloads focused on intended services (for example, allowing access to only OCI Object Storage or specific corporate networks).

 

Update the Allowlist

Update your network's allowlist to allow outbound access to robots' required websites.

1. Update the allowlist for your corporate firewall so that you allow outbound calls to the required websites. You have several options:

   • Option 1 (recommended): Add domain names to the allowlist. See Option 1. Domain Names.

   • Option 2: Add CIDR ranges to the allowlist. See Option 2. CIDR Ranges.

2. If you add CIDR ranges, update your work instructions so that you periodically get the latest IP addresses and CIDR ranges for the websites in the table.

   For example, use command-line tools such as dig (Domain Information Groper) or nslookup (Name Server Lookup) to query Domain Name System (DNS) servers for the IP address(es) associated with the website's domain name. Then, update the CIDR ranges in your allowlist.

3. Update your work instructions so that everyone who builds robots periodically updates their internet browser and WebDriver versions.

   For example, use the following URL to download these components for the Google Chrome browser:

   https://googlechromelabs.github.io/chrome-for-testing/#stable

 

Option 1. Domain Names

The recommended approach is adding the following domain names to your network's allowlist.

• Required for everyone:

  • pypi.org

  • files.pythonhosted.org

  • conda-forge.org

  • anaconda.org

  • github.com

• Required if the robot works in Google Chrome:

  • storage.googleapis.com

• Required if the robot works in Firefox or GeckoDriver:

  • objects.githubusercontent.com

• Required if the robot works in Microsoft Edge:

  • msedgewebdriverstorage.blob.core.windows.net

 

Option 2. CIDR Ranges

Adding CIDR ranges to your network's allowlist is an option but isn't the recommended approach. IP addresses and CIDR ranges can change over time, so an IP address that is valid today could be invalid tomorrow.

Website	CIDR range
Oracle Integration endpoint	Obtain this value from the InstallerProfile.cfg file, which is one of the files that you download for installing the robot agent. See Download the Robot Agent.
Oracle Cloud Infrastructure Identity and Access Management (IAM) endpoint	Obtain this value from the InstallerProfile.cfg file, which is one of the files that you download for installing the robot agent. See Download the Robot Agent.
Websites that robots work in	Obtain these values on your own.
conda.anaconda.org	104.19.144.37/32 104.19.145.37/32
conda-forge.org	104.21.48.1/32 104.21.32.1/32 104.21.16.1/32 104.21.96.1/32 104.21.80.1/32 104.21.112.1/32 104.21.64.1/32
api.anaconda.org	104.19.144.37/32 104.19.145.37/32
pypi.org	151.101.192.223/32 151.101.128.223/32 151.101.0.223/32 151.101.64.223/32
downloads.robocorp.com	104.20.45.65/32 172.66.163.236/32
files.pythonhosted.org	This set of IP addresses is different for each region's Content Delivery Network (CDN). To obtain the IP addresses for your region, run either of the following commands on the computer where you installed the robot agent: “dig files.pythonhosted.org +short” “nslookup files.pythonhosted.org”
Google’s DNS endpoint	8.8.8.8/32