Tunnel with Firewall
Last updated: June 2026
If your tunnel client runs inside a restricted network (e.g., behind a corporate firewall or inside an AWS VPC with strict Security Groups and NACLs), whitelist the following outbound destinations:
| Endpoint | Protocol | Port |
|---|---|---|
tunnel-manager.katalon.com | HTTPS | 443 |
tunnel-proxy-1.katalon.com | HTTP/2 (H2) | 443 |
| QUIC (UDP) | 2345 | |
tunnel-proxy-2.katalon.com | HTTP/2 (H2) | 443 |
| QUIC (UDP) | 2345 |
IP addresses for tunnel-proxy-1.katalon.com:
44.223.117.82107.21.215.10944.222.19.4
IP addresses for tunnel-proxy-2.katalon.com:
3.215.206.23734.197.20.2944.194.125.0
AWS example​
The following shows an example of configuring network rules for Katalon Tunnel in an AWS environment with strict security controls.
Environment assumptions​
Assuming you have a VPC that includes:
- A Public Subnet that has access to an Internet Gateway for internet access (both ingress and egress).
- A Private Subnet that only has access to the internet through a NAT Gateway in the Public Subnet above.
- The EC2 instance running the Katalon Tunnel client is in the Private Subnet.
- A strict network configuration with the least-privilege Security Groups and NACLs — everything is blocked unless explicitly allowed.
Security Group configuration​
- Security Group Name: TestCloudSG (for example)
- Inbound Rules: Not required
- Outbound Rules:
Type: UDP
Protocol: UDP
Port Range: 2345
Source: 107.21.215.109/32
Type: UDP
Protocol: UDP
Port Range: 2345
Source: 44.222.19.4/32
Type: UDP
Protocol: UDP
Port Range: 2345
Source: 44.223.117.82/32
Type: UDP
Protocol: UDP
Port Range: 2345
Source: 3.215.206.237/32
Type: UDP
Protocol: UDP
Port Range: 2345
Source: 34.197.20.29/32
Type: UDP
Protocol: UDP
Port Range: 2345
Source: 44.194.125.0/32
NACL configuration​
Inbound Rules:
Rule #: 101 (or next sequential)
Type: Custom UDP Rule
Protocol: UDP (17)
Port Range: 1024-65535
Source: 44.223.117.82/32
Allow/Deny: Allow
Rule #: 102 (or next sequential)
Type: Custom UDP Rule
Protocol: UDP (17)
Port Range: 1024-65535
Source: 107.21.215.109/32
Allow/Deny: Allow
Rule #: 103 (or next sequential)
Type: Custom UDP Rule
Protocol: UDP (17)
Port Range: 1024-65535
Source: 44.222.19.4/32
Allow/Deny: Allow
Rule #: 104 (or next sequential)
Type: Custom UDP Rule
Protocol: UDP (17)
Port Range: 1024-65535
Source: 3.215.206.237/32
Allow/Deny: Allow
Rule #: 105 (or next sequential)
Type: Custom UDP Rule
Protocol: UDP (17)
Port Range: 1024-65535
Source: 34.197.20.29/32
Allow/Deny: Allow
Rule #: 106 (or next sequential)
Type: Custom UDP Rule
Protocol: UDP (17)
Port Range: 1024-65535
Source: 44.194.125.0/32
Allow/Deny: Allow
Outbound Rules:
Rule #: 101 (or next sequential)
Type: Custom UDP Rule
Protocol: UDP (17)
Port Range: 2345
Destination: 44.223.117.82/32
Allow/Deny: Allow
Rule #: 102 (or next sequential)
Type: Custom UDP Rule
Protocol: UDP (17)
Port Range: 2345
Destination: 107.21.215.109/32
Allow/Deny: Allow
Rule #: 103 (or next sequential)
Type: Custom UDP Rule
Protocol: UDP (17)
Port Range: 2345
Destination: 44.222.19.4/32
Allow/Deny: Allow
Rule #: 104 (or next sequential)
Type: Custom UDP Rule
Protocol: UDP (17)
Port Range: 2345
Destination: 3.215.206.237/32
Allow/Deny: Allow
Rule #: 105 (or next sequential)
Type: Custom UDP Rule
Protocol: UDP (17)
Port Range: 2345
Destination: 34.197.20.29/32
Allow/Deny: Allow
Rule #: 106 (or next sequential)
Type: Custom UDP Rule
Protocol: UDP (17)
Port Range: 2345
Destination: 44.194.125.0/32
Allow/Deny: Allow
- Place these rules in the correct order in your NACL — after any explicit deny rules and before any default deny rules — to ensure UDP traffic on port 2345 is permitted.
- Inbound rules must allow return traffic on ports 1024–65535 because responses from Katalon servers arrive on a random ephemeral port in that range.