FQDN's to route static IP traffic through to prevent console "Add My IP" popup
Hi There!
We are currently using the ip allow list functionality of Neon in conjunction with Twingate that allows you to route traffic from allowed clients targeted at particular domains (IE only requests to defined domains will get routed through the fixed IP)
https://www.twingate.com/docs/whitelisting-traffic-to-public-services
https://www.twingate.com/docs/resources#an-address
We have added
Do you know if there is another domain that I need to make receive requests from the static IP to remove this warning? I tried
*.aws.neon.tech which actually handles ensuring that all connections to the Database branches come from our defined fixed IP that is in the allow list, however, when you are using the neon console and go to tables or the SQL editor it gives a warning about your current IP not being added to the allow list and if we want to add it. However, if you ignore this when twingate is engaged the actual page will work fine as it too is making requests to *.aws.neon.tech which come from the fixed IP and succeed.Do you know if there is another domain that I need to make receive requests from the static IP to remove this warning? I tried
console.neon.tech which appears to be where the Neon console API's are hosted from but no luck. Is it doing something else to check the IP address of the client to show this warning? This is Kind of a bug ... but an understandable one!Resources | Docs
Twingate Docs
4 Replies
foreign-sapphire•16mo ago
asking the team
You need to add your IP address to the allow list
inland-turquoiseOP•16mo ago
... The IP address that my machine is actually making requests to the database is in the Allow List!
However only requests to
*.aws.neon.tech currently come from that Fixed IP as they are routed through Twingate. This is shown by the the fact that if I hit cancel and then use the pages they work fine... disable twingate and they break.
The popup seems to be getting it's IP from connections that are not heading towards *.aws.neon.tech ... hence giving the false positive.
So was looking for either:
- What domain is the IP checking for the console being done on?
- For the Neon Console to actually check if your IP that is going to *.aws.neon.tech is on the allow list instead
If you could clarify that would be great, I feel the situation has been misunderstood!foreign-sapphire•16mo ago
I would reach out to support
inland-turquoiseOP•16mo ago
Ah sorry ... thought that was what I was doing! ... will try and put a proper ticket in too...
Ticket # 3381