For customers using Sitecore xDB Cloud, only domain names such as *.fleet.mongolab.com and specific ports can be used to set up firewall restrictions.
The domain names and ports of endpoints are stable. This information for each xDB Cloud set could be requested via the xDB Cloud REST API endpoint. The sample set of endpoints looks like this:
*.cloud.sitecore.net: 443 dsxxxxx-a0.qmt44.fleet.mongolab.com: 46408 dsyyyyy-a1.qmt44.fleet.mongolab.com: 46406
xDB Cloud does not currently support any static IPs or ranges of IPs for setting up firewall restrictions. xDB Cloud's MongoDB servers and other endpoints have a dynamic set of IP addresses that can change within the lifetime of the deployment.
If the firewall does not support host-based rules, it is best practice to open unique ports in the firewall of the Content Delivery and Content Management instances. Get this port information using the xDB Cloud REST API method.
Another possible way to configure the firewall is to perform DNS lookups on the xDB Cloud hosts specific to a particular xDB Cloud setup, in order to get IP addresses. The IP addresses received using such a method are dynamic and might cause connection problems if IPs are changed.
For better consistency of IP-based rules, the following custom approaches are possible: