Networking Requirements

Firewall Requirements

The following firewall rules are required for accessing Bindplane Cloud. This includes user browsers, API clients, and collectors.

app.bindplane.com

The primary endpoint for Bindplane Cloud is https://app.bindplane.com. This endpoint serves all user traffic including browsers, API clients, and managed collectors.

Endpoints

Bindplane provides an Open API spec with programmatic access to all Bindplane functionality.

• REST API — https://app.bindplane.com/v1/<endpoint>

• OpAMP — wss://app.bindplane.com/v1/opamp

Protocols

The following operations access app.bindplane.com over port 443:

• API requests (HTTPS REST) — /v1/<endpoint>

• User browsers (HTTPS and WebSocket)

• Collectors (OpAMP WebSocket) — /v1/opamp

Your firewall and/or proxy must allow WebSocket upgrades.

Egress

Allow outbound access to Bindplane Cloud:

• Host: https://app.bindplane.com (TLS)

• IP: 34.120.255.184

• Port: 443/tcp

Note: IP addresses associated with app.bindplane.com can change in the future. If your environment supports it, prefer allowing outbound access by hostname (SNI/explicit proxy allowlist) rather than pinning a single IP. If you must pin IPs, ensure you have a process to update allowlists when the resolved IP changes.

Outbound access to Bindplane Cloud is required to support collector management.

Ingress

Bindplane Cloud does not require inbound access into customer networks. Collectors initiate outbound connections to Bindplane Cloud; Bindplane Cloud does not initiate inbound connections to collectors.

Other Endpoints

bdot.bindplane.com

Collector installation scripts utilize this endpoint for collector downloads. This endpoint uses HTTPS and does not require websockets.

Allow outbound access to Bindplane Cloud:

• Host: https://bdot.bindplane.com (TLS)

• IP: 34.36.182.107

• Port: 443/tcp

FAQ

Q: Does Bindplane use Transport Layer Security (TLS)? A: All connections to Bindplane cloud utilize Transport Layer Security (TLS).