Secure communication
SnapLogic security features protect the communication between the SnapLogic Platform and your endpoints:
- The control plane only stores metadata. The data plane processes data but does not store it permanently. During design and testing, validation fetches a subset of records as a data preview. You can set the maximum number of documents to display in the data preview or disable validation for the environment to prevent users from viewing live data.
- The SnapLogic Platform only accepts requests over HTTPS. The requester must support TLS 1.2. Our servers negotiate to the most secure TLS or OpenSSL cipher supported by the client. Supported ciphers lists the ciphers supported by the SnapLogic Platform.
- Inbound requests to the Platform and outbound requests from pipelines use the load balancer or JRE
settings for encryption defined in the host's java.security file. On
Groundplex self-managed nodes, find JRE security configuration:
- For Linux systems: in the lib/security/java.security file.
- For Windows systems: the
JAVA_HOME
environment variable specifies the location of java.security.
- Responses from the SnapLogic Platform include the following headers as recommended by the
Open Web
Application Security Project
(OWASP):
- Content-Security-Policy
- Content-Type
- Referrer-Policy
- Strict-Transport-Security
- X-Content-Type-Options
- X-Frame-Options
- X-SL-ClientIP
- X-XSS-Protection
- Content-Length
Allowlists
To enable communication from the SnapLogic Platform to your network or endpoints, you might need to add Snaplogic IP addresses to your allowlists. The control plane provides allowlists to restrict incoming requests. By configuring allowlists in Admin Manager, you can limit callers to specific IP addresses and permit requests from web pages outside of the SnapLogic domain. Refer to Task Allowlists for more information.
If your network restricts outbound traffic:
- Add SnapLogic IP addresses to your allowlist to permit calls to the control plane.
- Add Cloudplex IP addresses to your allowlist to permit use of Cloudplex Secured URLs to invoke Tasks.
To permit calls from the data plane to endpoints that restrict inbound traffic, you must add the appropriate SnapLogic IP addresses to your endpoint allowlists.