SOLVED
IP Allow List Cloud manager
1 Accepted Solution
Correct answer by
Hi @NavyaVo,
If you’re moving from no IP Allow List -> an active Allow List, yes - it can definitely cause unexpected access issues if some internal or external IPs weren’t included.
A few things based on experience:
1. Yes, outages can happen
When the allow list is enabled, all non-listed IPs are instantly blocked, including:
-
internal corporate networks
-
VPN exit IPs
-
Adobe I/O-based integrations
-
monitoring tools
-
CI/CD systems
-
external partners
If any of these aren’t on the list, you can lose access to Author or Publish until you update the list.
2. How teams usually identify missing IPs
Common methods that worked well:
• Check access logs
Forbidden (403) entries suddenly appear for blocked IP ranges.
Adobe Support can help review dispatcher logs if needed.
• Temporarily whitelist broader ranges
Some teams add a temporary /16 or /24 range to restore access, then narrow it down once all required IPs are known.
• Collect IPs from all stakeholders
Before enabling the list, gather:
-
VPN ranges
-
corporate outbound ranges
-
offshore team IPs
-
automation pipeline IPs
-
external system IPs (e.g., image processors, API gateways)
Adobe recommends using your network/security team for this step.
3. Best practices before enabling IP Allow Lists
• Build an inventory of every integration
Make sure you document all tools that talk to AEM.
• Test in lower environments first
Apply the allow list in Dev -> Stage first, ensure no access gaps, then move to Prod.
• Consider automation
Some companies maintain IP ranges in a script or repo and sync them automatically using Cloud Manager APIs.
• Use multiple allow lists
If you have different teams or partners, grouping IPs into separate lists helps with maintenance.
Santosh Sai
Correct answer by
Hi @NavyaVo,
If you’re moving from no IP Allow List -> an active Allow List, yes - it can definitely cause unexpected access issues if some internal or external IPs weren’t included.
A few things based on experience:
1. Yes, outages can happen
When the allow list is enabled, all non-listed IPs are instantly blocked, including:
-
internal corporate networks
-
VPN exit IPs
-
Adobe I/O-based integrations
-
monitoring tools
-
CI/CD systems
-
external partners
If any of these aren’t on the list, you can lose access to Author or Publish until you update the list.
2. How teams usually identify missing IPs
Common methods that worked well:
• Check access logs
Forbidden (403) entries suddenly appear for blocked IP ranges.
Adobe Support can help review dispatcher logs if needed.
• Temporarily whitelist broader ranges
Some teams add a temporary /16 or /24 range to restore access, then narrow it down once all required IPs are known.
• Collect IPs from all stakeholders
Before enabling the list, gather:
-
VPN ranges
-
corporate outbound ranges
-
offshore team IPs
-
automation pipeline IPs
-
external system IPs (e.g., image processors, API gateways)
Adobe recommends using your network/security team for this step.
3. Best practices before enabling IP Allow Lists
• Build an inventory of every integration
Make sure you document all tools that talk to AEM.
• Test in lower environments first
Apply the allow list in Dev -> Stage first, ensure no access gaps, then move to Prod.
• Consider automation
Some companies maintain IP ranges in a script or repo and sync them automatically using Cloud Manager APIs.
• Use multiple allow lists
If you have different teams or partners, grouping IPs into separate lists helps with maintenance.
Santosh Sai
Related Conversations
