Skip to page contentSkip to chat
ServiceNow support
    • Community
      Ask questions, give advice, and connect with fellow ServiceNow professionals.
      Developer
      Build, test, and deploy applications
      Documentation
      Find detailed information about ServiceNow products, apps, features, and releases.
      Impact
      Accelerate ROI and amplify your expertise.
      Learning
      Build skills with instructor-led and online training.
      Partner
      Grow your business with promotions, news, and marketing tools
      ServiceNow
      Learn about ServiceNow products & solutions.
      Store
      Download certified apps and integrations that complement ServiceNow.
      Support
      Manage your instances, access self-help, and get technical support.
Questions about Inbound and Outbound firewall rules needed to the instances and datacenters - Support and Troubleshooting
  • >
  • Knowledge Base
  • >
  • Support and Troubleshooting (Knowledge Base)
  • >
  • Questions about Inbound and Outbound firewall rules needed to the instances and datacenters
KB0679421

Questions about Inbound and Outbound firewall rules needed to the instances and datacenters


24970 Views Last updated : Nov 7, 2024 public Copy Permalink English (Original)
  • English (Original)
  • Japanese
KB Summary by Now Assist

Issue

Very often if happens customers need to confirm whether their instances are actually located in certain datacenters (DCs) or not. Also, my IP information shows the IPs in a CIDR format that could could be confusing. This trigger several questions.

Cause

Certain geo-location services online will show the Ips registered for the instances are in the US. Also, when reviewing the IP information in Hi, the information shows on a format IP/netmask that could be confusing.

Resolution

Here are a few questions commonly asked related to firewall rules to open.

Which IPs do I have to open?
Answer. The recommended solution it to open up to all the ServiceNow IPs, which allows customer support to troubleshot and the greatest amount of flexibility and accommodation for migrations or datacenter moves.

Our full ServiceNow CIDR IP ranges (recommended):

CIDR rangeIP ranges equivalent
37.98.232.0/2137.98.232.0 - 37.98.239.255
103.23.64.0/22103.23.64.0 - 103.23.67.255
148.139.0.0/16148.139.0.0 - 148.139.255.255
149.96.0.0/16149.96.0.0 - 149.96.255.255
199.91.136.0/21199.91.136.0 - 199.91.143.255

For a more granular range, please use my IP information on NOWSuport:

  • KB0538621 - Finding the IP information for your instance
  • KB0656358 - ServiceNow Customer IP Block Space Allocation

 


For example, consider the following extract for one instance:


Here are some additional questions and answers:
 
Q. If our instance are located in AMS and LHR DC, then why the IP on which our instance resolves is an IP of US (United States)?
Answer. As service-now is a US based company so as part of the cloud space IP registration all our IPs are registered in US but do not refer to the WHOIS website as that site is outdated. You can share the KB article about KB0656358 - ServiceNow Customer IP ranges over the datacenters to the customer so that he believe us that the IP to which his instance resolves actually belongs to the cloud space allocation of that specific DC.
 
NOTE: All our DC have their own cloud space IP allocation even when the geolocations shows in US incorrectly.
 
Q. What IP should we use when we need to establish an integration to customer network? 
Answer. It depends if the customer has a VPN or not. Most customer do not have a VPN
Here are the reasons not to have a VPN (community link)

On this case (see above screenshot), the recommended solution is to open 149.96.6.20/32 for the datacenter plus the IP addresses (VIP) of the instances.

Alternatively, (based on the screenshot) a more granular range can be achieved. IP depending  on whether the customer has a VPN connection with us or not:
Without VPN: 149.96.6.8/29
With VPN: 149.96.6.22/32
 
Q. What IP should we use when we need a 3rd Party to connect to service NOW (As web service)
Answer. For all inbound connection to the instance, customer should send traffic to the IP on which his instance resolves, thus you OWN instance IPs (on this case 149.96.6.119)
It would be wise to open up the ranges, to cover IP moves, on this case the 149.x.x.x series


More information:
* KB0598826 IP address information - access and integration articles

Related Links

149.96.6.8/29

 

149.96.6.22/32

 

 

 

149.96.6.20/32


The world works with ServiceNow.

Sign in for more! There's more content available only to authenticated users Sign in for more!
Did this KB article help you?
Did this KB article help you?

How would you rate your Now Support digital experience?

*

Very unsatisfied

Unsatisfied

Neutral

Satisfied

Very satisfied

Very unsatisfied

Unsatisfied

Neutral

Satisfied

Very satisfied

What can we improve? Please select all that apply.

What are we doing well? Please select all that apply.

Tell us more

*

Do you expect a response from this feedback?

  • Terms and conditions
  • Privacy statement
  • GDPR
  • Cookie policy
  • © 2025 ServiceNow. All rights reserved.