Skip to main content

Network configuration for TestCloud

If your application under test is hosted in a highly secure network, you might want to whitelist TestCloud infrastructure public IPs & endpoints.

TestCloud Internet facing components

Component Domains / IPsUsage
TestCloud Main Web Servicehttps://testcloud.katalon.comTestOps web application that interacts with this Restful service to handle all test runs.
Tunnel Manager https://tunnel-manager.katalon.comTunnel metadata management that provides authentication and manages tunnel traffic routing.
Tunnel Server (Network Load Balancing)

QUIC over UDP:

tunnel-proxy-1.katalon.com:2345
  • 44.223.117.82
  • 107.21.215.109
  • 44.222.19.4
tunnel-proxy-2.katalon.com:2345
  • 3.215.206.237
  • 34.197.20.29
  • 44.194.125.0
Tunnel server that controls traffic between test execution engine and target website behind a firewall.
NAT Gateway (TestCloud Cluster)
  • 34.197.223.43
  • 54.82.166.185
  • 54.197.235.86
The gateway to the Internet for outgoing network operations from TestCloud Agent components. The gateway has specific public IPs (or IP range) for easy white-listing, if needed.

Common network issues and solutions

IssueSolutionWhitelist
The AUT is in their private networkUse Tunnel
  • Tunnel Manager and Tunnel Server endpoints
  • Allow QUIC / UDP on port 2345
AUT is behind a firewall (but publicly accessible)

There are 2 solutions, pick one of them:

  • Whitelist our NAT Gateway public IP addresses
  • Use Tunnel and whitelist the Tunnel Server hostnames.
  • NAT Gateway IP addresses
  • Tunnel endpoints
Note:

In case your network still receives connection refused due to insufficient IP whitelist, you can reach out to the Katalon support team.

Set up TestCloud Tunnel in AWS network

This guide shows an example of configuring network rules for TestCloud Tunnel in the context of AWS.

AWS environment context

Assuming you have a VPC that includes:
  1. A Public Subnet that has access to an Internet Gateway for internet access (both ingress and egress).

  2. A Private Subnet that only has access to internet through a NAT Gateway, that stay in the Public Subnet in #1.

  3. The EC2 instance that will be used to deploy TestCloud Tunnel Client stay in the Private Subnet.

  4. A strict network configuration with the least open Security Group(s) and NACL(s), i.e. everything (protocol, port, ip address…) is blocked/denied unless specifically allowed. No Security Group and NACL are shared.

Solution

You need to whitelist these domains to use TestCloud Tunnel.

  • tunnel-manager.katalon.com:443 (HTTPS)

  • tunnel-proxy-1.katalon.com:2345 (QUIC) or:

  • 44.223.117.82:2345

  • 107.21.215.109:2345

  • 44.222.19.4:2345

  • tunnel-proxy-2.katalon.com:2345 (QUIC) or:

  • 3.215.206.237:2345

  • 34.197.20.29:2345

  • 44.194.125.0:2345

Security group configuration

  • Security Group Name: TestCloudSG (for example)
  • Inbound Rules: Don't need any
  • Outbound Rules:
    Type: UDP
    Protocol: UDP
    Port Range: 2345
    Source: 107.21.215.109/32
    Type: UDP
    Protocol: UDP
    Port Range: 2345
    Source: 44.222.19.4/32
    Type: UDP
    Protocol: UDP
    Port Range: 2345
    Source: 44.223.117.82/32
    Type: UDP
    Protocol: UDP
    Port Range: 2345
    Source: 3.215.206.237/32
    Type: UDP
    Protocol: UDP
    Port Range: 2345
    Source: 34.197.20.29/32
    Type: UDP
    Protocol: UDP
    Port Range: 2345
    Source: 44.194.125.0/32

NACL configuration

Inbound Rules:
Rule #: 101 (or next sequential)
Type: Custom UDP Rule
Protocol: UDP (17)
Port Range: 1024-65535
Source: 44.223.117.82/32
Allow/Deny: Allow
Rule #: 102 (or next sequential)
Type: Custom UDP Rule
Protocol: UDP (17)
Port Range: 1024-65535
Source: 107.21.215.109/32
Allow/Deny: Allow
Rule #: 103 (or next sequential)
Type: Custom UDP Rule
Protocol: UDP (17)
Port Range: 1024-65535
Source: 44.222.19.4/32
Allow/Deny: Allow
Rule #: 104 (or next sequential)
Type: Custom UDP Rule
Protocol: UDP (17)
Port Range: 1024-65535
Source: 3.215.206.237/32
Allow/Deny: Allow
Rule #: 105 (or next sequential)
Type: Custom UDP Rule
Protocol: UDP (17)
Port Range: 1024-65535
Source: 34.197.20.29/32
Allow/Deny: Allow
Rule #: 106 (or next sequential)
Type: Custom UDP Rule
Protocol: UDP (17)
Port Range: 1024-65535
Source: 44.194.125.0/32
Allow/Deny: Allow
Outbound Rules:
Rule #: 101 (or next sequential)
Type: Custom UDP Rule
Protocol: UDP (17)
Port Range: 2345
Destination: 44.223.117.82/32
Allow/Deny: Allow
Rule #: 102 (or next sequential)
Type: Custom UDP Rule
Protocol: UDP (17)
Port Range: 2345
Destination: 107.21.215.109/32
Allow/Deny: Allow
Rule #: 103 (or next sequential)
Type: Custom UDP Rule
Protocol: UDP (17)
Port Range: 2345
Destination: 44.222.19.4/32
Allow/Deny: Allow
Rule #: 104 (or next sequential)
Type: Custom UDP Rule
Protocol: UDP (17)
Port Range: 2345
Destination: 3.215.206.237/32
Allow/Deny: Allow
Rule #: 105 (or next sequential)
Type: Custom UDP Rule
Protocol: UDP (17)
Port Range: 2345
Destination: 34.197.20.29/32
Allow/Deny: Allow
Rule #: 106 (or next sequential)
Type: Custom UDP Rule
Protocol: UDP (17)
Port Range: 2345
Destination: 44.194.125.0/32
Allow/Deny: Allow
Note:
  • Place these rules in your NACL in the correct order, typically after any rules that explicitly deny traffic, and before any default deny rules if applicable. This ensures that UDP traffic on port 2345 is permitted as intended.

  • When considering inbound rules, it is necessary to enable traffic from your services to return to the node. Since traffic entering the node arrives on a random port within the range of 1024 - 65535, these ports must be opened accordingly.