FusionReactor Observability & APM

Login
Facebook Youtube Linkedin-in
Start Free Trial

Installation

Downloads

Quick Start for Java

Observability Agent

Ingesting Logs

Kubernetes

System Requirements

Configure

On-Premise Quickstart

Cloud Quickstart

Application Naming

Tagging Metrics

Building Dashboards

Setting up Alerts

Troubleshoot

Performance Issues

Stability / Crashes

Debugging

CF Consultancy

Blog / Info

Blog

Videos / Webinars

Buy ColdFusion

EULA

Customers

Video Reviews

Reviews

Success Stories

About Us

Company

Careers

Contact

Contact support

FAQ

Installation

Downloads

Quick Start for Java

Observability Agent

Ingesting Logs

Kubernetes

System Requirements

Configure

On-Premise Quickstart

Cloud Quickstart

Application Naming

Tagging Metrics

Building Dashboards

Setting up Alerts

Troubleshoot

Performance Issues

Stability / Crashes

Debugging

CF Consultancy

Blog / Info

Blog

Videos / Webinars

Buy ColdFusion

EULA

Customers

Video Reviews

Reviews

Success Stories

About Us

Company

Careers

Contact

Contact support

FAQ

[FRS-454] FusionReactor Firewall DNS and Static IP address rules (FusionReactor 8.0.x and above)

Posted by on | Featured

Introduction

This article applies to FusionReactor users running version 8.0.0 and above. Some users run FusionReactor behind restricted firewalls that do not allow all outbound connections. In this case, these users may need to add specific firewall rules to enable FusionReactor to communicate with FusionReactor Cloud.

This Technote covers configuring both the on-premise and cloud editions of FusionReactor.

If FusionReactor versions 5 -7 were previously installed, your DNS or static IP rules should still be valid, but your FusionReactor instances must be reconfigured.

To configure FusionReactor versions 5 to 7, see:

FusionReactor 5 to 7 On-Premise – https://fusion-reactor.com/support/kb/frs-425/

FusionReactor 5 to 7 Cloud – https://fusion-reactor.com/support/kb/frs-418/

PLEASE NOTE THAT THIS TECHNOTE IS VALID IF YOU ARE RUNNING FUSIONREACTOR 8.0.0 and above only

Using DNS Firewall Rules

To communicate with the FusionReactor infrastructure, each FusionReactor instance attempts to connect to the following services, which are identified by their DNS names:

These services require outgoing firewall rules for FusionReactor to communicate with FusionReactor Cloud. SSL ciphers protect all communications.

If possible, the firewall should be configured with the DNS names of these services, since they can change in response to scaling events.

If the IP addresses are required, nslookup can be used to find their current values. Most services will yield two addresses: both must be added.

Using Static IP Addresses

If you are unable or unwilling to use the dynamic DNS rules above, we have provided a static IP address which can be used for all services.

  • 46.137.127.35 – port tcp/443 and port tcp/2804

After enabling this firewall rule, the following -D options need to be applied to your JVM environment, to instruct FusionReactor to use the single address:

-Dfr.gcs.client.endpoint=wss://cc-static.fusionreactor.io:2804/
-Dfr.cloud.endpoint=https://api-static.fusionreactor.io

Locked-Down Environments

If you are using a non-standard Java security policy, you may have to add rules to allow FusionReactor to connect to these services. The form of these rules is:

permission java.net.SocketPermission “cc-static.fusionreactor.io:2804”, "connect, accept, resolve”;
permission java.net.SocketPermission “api-static.fusionreactor.io:443”, "connect, accept, resolve”;

Issue Details

Type Technote
Issue Number FRS-454
Components security
Resolution Fixed
Last Updated 05/23/2025
Affects Version(s) 8.0.0
Fix Version(s) Pending
Tags: ,

Loved by our users

Book a 15 minute call

4.9

4.8

4.8