Secure communication

Secure WebSocket connections handle communication between Groundplexes and the control plane. To protect the communication between the SnapLogic Platform and your endpoints:

  • The SnapLogic Platform only accepts requests over HTTPS. The requester must support TLS 1.2. Our servers negotiate to the most secure TLS or OpenSSL cipher supported by the client. Supported ciphers lists the ciphers supported by the SnapLogic Platform.
  • Inbound requests to the Platform and outbound requests from pipelines use the load balancer or JRE settings for encryption defined in the host's java.security file. On Groundplex self-managed nodes, find JRE security configuration:
    • For Linux systems: in the lib/security/java.security file.
    • For Windows systems: the JAVA_HOME environment variable specifies the location of java.security.
  • Responses from the SnapLogic Platform include the following headers as recommended by the Open Web Application Security Project (OWASP):
    • Content-Security-Policy
    • Content-Type
    • Referrer-Policy
    • Strict-Transport-Security
    • X-Content-Type-Options
    • X-Frame-Options
    • X-SL-ClientIP
    • X-XSS-Protection
    • Content-Length

Allowlists

To enable communication from the SnapLogic Platform to your network or endpoints, you might need to add Snaplogic IP addresses to your allowlists.

If your network restricts outbound traffic:

The control plane provides allowlists to restrict incoming communication. By configuring allowlists in Admin Manager, you can limit requests to specific IP addresses and permit requests from web pages outside of the SnapLogic domain. Refer to Task Allowlists for more information.