Skip to main content

Firewall configuration

Background

NEXT AI applications in your browser must connect to the NEXT AI backend to load data. It's therefore required that your organization's firewalls allow:

  1. Your browser to load the NEXT AI applications and
  2. The NEXT application in your browser to connect to the NEXT AI backend.

You will need the IT department of your organization to configure the corporate firewalls.

Required configurations for your firewall

The following traffic must be enabled in your firewall in order to use NEXT AI:

UsersDomainsPortProtocols
All*.nextapp.co443https, wss
Allcognito-idp.REGION.amazonaws.com443https
All*.s3-accelerate.amazonaws.com443https

NEXT AI is hosted on cloud infrastructure with load balancing. We therefore cannot provide a list of IPs to whitelist.

Please contact NEXT AI Support if you IT team can't enable access to AWS domains.

Detect if your firewall is configured correctly

There are various reasons why you might not be able to connect to NEXT AI. Use these steps to isolate if the problem is caused by your corporate firewall:

  1. Try to connect with the latest version of Chrome from your device => If this works: your browser isn't supported. See here the list of supported browsers
  2. Try to connect from another device in your corporate network (e.g. tablet) => If this works: check for virus scanner or other protections on your device
  3. Try to connect from a non-corporate network (e.g. your network at home). => If this works: this is likely a problem with your corporate firewall

FAQ

Q: Can I allow a list of public IP addresses instead of domains?

NEXT AI runs on AWS' infrastructure. For maximal fault tolerance, we can't limit the IP addresses to a NEXT AI-specific ranges but leverage the full IP range of AWS. Please consult the AWS documentation on how to download the current IP ranges.

We advise against allowing IP addresses instead of domains because:

  • Limited benefit: The IP ranges of AWS are rather wide and everyone can deploy software in these ranges (e.g. sign up for AWS and bring up an EC2 instance). Hence, the benefit vs. no limit at all is only marginal.
  • Lots of complexity: The IP ranges of AWS change frequently. This requires you to develop an automated tool that regularly downloads the IP ranges JSON from AWS and updates your firewall configuration. Failure to do so might lead to NEXT AI not being accessible.