How to Set Firewall Rules

Firewall Changes

By default we deny all inbound traffic from the Internet to your IP block except for ping (ICMP Echo---used to verify that the host is up).  Otherwise, initial access rules are configured based on the customer questionnaire. 

Since the new API 0.176 was released, there is no need to open an AppNexus support ticket to make changes to the Access Control List (ACL).  You can set and modify Access Control Entries (ACEs) yourself with new parameters in the manage-vlan CLI tool, which gives you immediate and flexible control.  For details on managing your firewall, please see Managing ACLs.

(warning) Note that in case you need to open SNMP to your instances/VLANs it's not enough to open 161 port via manage-vlan, as we need to "make a hole" on our borders as well. Please, open a Support ticket, requesting the task.

List of Standard Ports

For reference, here is a List of Standard Ports.

Port Ranges Enabled Within the Cloud

For reference, here is a list of Enabled Port Ranges.

AppNexus Specific ACLs

If you are specifically interested in allowing the AppNexus Impression Bus to hit your bidders, please use the IP ranges of AppNexus VLANs (subnets) from the below table:

Datacenter

Location

IP address

NYM2

New Jersey

68.67.160.0/23
68.67.178.0/23
68.67.180.0/23
204.13.192.0/23

LAX1

Los Angeles

104.254.148.0/22

AMS1

Amsterdam

185.33.222.0/23
185.33.220.0/22

SIN1

Singapore

103.243.220.0/23

FRA1

Frankfurt

37.252.172.0/23

 

Open Ports For FTP

Active FTP

Passive FTP

We recommend configuring ports 40000--41000 in your FTP software.  Our equipment is already set up to use the same range, however, it could be reconfigured if there are specific reasons to use a different port range.