Secure communication
Secure WebSocket connections handle communication between Groundplexes and the control plane. To protect the communication between the SnapLogic Platform and your endpoints:
- The SnapLogic Platform only accepts requests over HTTPS. The requester must support TLS 1.2. Our servers negotiate to the most secure TLS or OpenSSL cipher supported by the client. Supported ciphers lists the ciphers supported by the SnapLogic Platform.
- Inbound requests to the Platform and outbound requests from pipelines use the load balancer or JRE
settings for encryption defined in the host's java.security file. On Groundplex
self-managed nodes, find JRE security configuration:
- For Linux systems: in the lib/security/java.security file.
- For Windows systems: the
JAVA_HOME
environment variable specifies the location of java.security.
- Responses from the SnapLogic Platform include the following headers as recommended by the Open Web
Application Security Project (OWASP):
- Content-Security-Policy
- Content-Type
- Referrer-Policy
- Strict-Transport-Security
- X-Content-Type-Options
- X-Frame-Options
- X-SL-ClientIP
- X-XSS-Protection
- Content-Length
Allowlists
To enable communication from the SnapLogic Platform to your network or endpoints, you might need to add Snaplogic IP addresses to your allowlists.
If your network restricts outbound traffic:
- Add SnapLogic IP addresses to your allowlist to permit calls to the control plane.
- Add Cloudplex IP addresses to your allowlist to permit use of Cloudplex Secured URLs to invoke Tasks.
The control plane provides allowlists to restrict incoming communication. By configuring allowlists in Admin Manager, you can limit requests to specific IP addresses and permit requests from web pages outside of the SnapLogic domain. Refer to Task Allowlists for more information.