NetSuite IP Addresses
Oracle NetSuite does not support the use of NetSuite IP addresses to access or manage access to any NetSuite services. There are better alternatives than using a list of allowed IP addresses to manage access to NetSuite. Using IP addresses (either as part of a URL or in your Domain Name Server, or DNS) to access NetSuite services prevents dynamic DNS routing.
Ensure that you understand the following:
-
The IP addresses of NetSuite services may change at any time without notice.
-
NetSuite Customer Support will not provide a list of NetSuite IP addresses.
-
NetSuite Customer Support will not be able to assist you when your integration breaks due to a change in NetSuite IP addresses.
-
Using IP addresses to directly access NetSuite services can result in unpredictable service outages or significant performance degradation.
Managing Access to NetSuite Services
You should not rely on methods that require explicit reference to any NetSuite IP address. Modifying the results of DNS translation prevents optimal resource allocation. This practice can cause unpredictable service outages or performance degradation.
See the following sections for more information:
Managing Inbound Access
You should not modify routing to NetSuite services by using IP addresses manually resolved from DNS.
For more information about alternatives to managing inbound access in NetSuite, see the following topics:
-
User access to NetSuite: See Two-Factor Authentication (2FA).
-
SOAP web services: See Integration Record Overview. See also Token-based Authentication (TBA).
-
RESTlets: See Token-based Authentication (TBA) and OAuth 2.0.
-
REST web services: See Authentication and Session Management for REST Web Services.
-
Client application access to NetSuite: See Token-based Authentication (TBA).
-
Access to NetSuite through SuiteAnalytics Connect (ODBC): See Authentication Using Server Certificates for ODBC.
-
Websites and web stores: See Point Your Domain Name at Your Domain (DNS Settings).
Managing Outbound Access
NetSuite Customer Support will not provide you with a list of services or IP addresses for outbound communication from NetSuite.
For more information about alternatives to managing outbound access in NetSuite, see the following topics:
IP addresses for outbound communication from NetSuite are not documented in the NetSuite Help Center or in SuiteAnswers.
If you choose to use IP addresses to access or manage access to NetSuite services in firewall or proxy configuration, it is your responsibility to monitor for changes and update these settings when NetSuite IP address ranges change. If you decide to deploy a firewall, ensure that you have the resources to make it work in cloud environment.
-
Outbound HTTPS calls from NetSuite using SuiteScript 2.0: Improve the security of integrations and customizations that use the N/https Module for outbound HTTPS calls from NetSuite to a third-party server. Your integrations and customizations should use client certificates for outbound HTTPS calls. Client certificates ensure authenticity of the traffic source. See N/https/clientCertificate Module.
-
Access to an external SFTP server from NetSuite: See SSH Keys for SFTP. See also SFTP Authentication.
-
DNS Lookups: If you cannot take advantage of any of the previous options, advanced firewall tools can perform a lookup on the DNS record
outboundips.netsuite.com
and automatically grant access to requests from NetSuite. For outbound access, you can enteroutboundips.netsuite.com
as the fully qualified domain name (FQDN). You can use the FQDN, for example:-
To permit NetSuite through your firewall to connect to your FTP servers.
-
To let a SuiteScript integration transmit data from NetSuite to an external system.
-
-
Email services: See Email Best Practices.
To access a NetSuite service (routing), see the following topics:
In cases where an application accesses more than one NetSuite account, you can use APIs for dynamic service discovery. See Dynamic Discovery of URLs.
CDNs in the NetSuite Global Distribution Network
Oracle NetSuite has enhanced our global distribution network by incorporating Content Delivery Networks, or CDNs. A CDN is a system of connected servers that improve application response times by caching and delivering data using the geographical proximity of a server to a person accessing a website.
NetSuite cannot predict the IP addresses CDN providers use to serve *.netsuite.com
requests.
Due to our partnership with CDN providers, we cannot predict the IP addresses that are used to serve inbound requests to *.netsuite.com
requests. If you are programming a firewall for your company’s outbound requests (inbound to NetSuite) please allow all *.netsuite.com
entry points.
The authenticity of NetSuite services is ensured by PKI (Public Key Infrastructure) certificates.