Groundplex allowlist for self-managed Snaplexes
By default, Groundplex nodes can communicate with the control plane from any IP address. To make communication more secure, you can create a Groundplex allowlist to restrict communication to the IP address ranges that you specify.
When restricting communication with the Groundplex allowlist, be sure to include all nodes for all Groundplexes. If you remove a node from the allowlist, pipelines running on the node become disconnected from the control plane. When you start a new Groundplex node, the control plane checks the IP address against the allowlist before activating the node. If the node IP address is not found, the node sleeps for a one-day grace period and shuts down if you do not add its address. To restore the node in the grace period, reconfigure the IP range, and manually restart the Groundplex node.
The Groundplex allowlist restricts all communication between the control plane and your Groundplexes. You can also restrict calls to Triggered Task and Ultra Task URLs to specific IP addresses or add domains to enable Cross-Origin Request Sharing (CORS).