Tulip is designed to have minimal IT requirements. The most simple description is: If you can access the web, you can access Tulip. The rest of this article is meant for individuals with a background in Information Technology (IT) and addresses the specific firewall settings required to access Tulip.

Admin Interface

  • The Tulip admin interface (https://your-account.tulip.co) can be accessed from your web browser just like any other website. The admin interface currently only supports the Google Chrome browser and requires HTTPS over port 443.
  • Note that Tulip makes extensive use of websockets, a type of long-lived connection, to enable our real-time updates. These websockets use SSL-encryption over port 443 just as noted above, however, some proxies do not support these connections and some network monitors may need to whitelist these connections. You can check your connection compatibility at: https://your-account.tulip.co/networkCheck.

Tulip Player

Tulip Gateway - Normal Operation

  • The Gateway must make outgoing requests to https://your-account.tulip.co using TCP on port 443.
  • The Gateway must resolve https://your-account.tulip.co with a DNS. This is usually done using TCP on port 53, but may be done through a proxy.
  • The Gateway must make outgoing requests to a variety of NTP time servers using UDP on port 123 in order to synchronize its clock.
  • The Tulip Gateway does support HTTP proxies and custom SSL certificates. This is configured in the Gateway Portal.
  • Note that Tulip makes extensive use of websockets, a type of long-lived connection, to enable our real-time updates. These websockets use SSL-encryption over port 443 just as noted above, however, some proxies do not support these connections and some network monitors may need to whitelist these connections. You can check your connection compatibility at: https://your-account.tulip.co/networkCheck.

Tulip Gateway - Over-the-air Updates

Tulip Connector Host

  • In order for a Cloud Connector Host to connect to an external system, incoming connections will need to be allowed from Tulip’s Cloud. This means that all resources (such as an internal API or Database) need a publicly-resolvable DNS record or IP address. Many of our customers use port forwarding to limit the number of DNS records or IP addresses to provision and firewall whitelisting to block requests that do not come from Tulip.  See the section below for particular source IP addresses to whitelist.
  • If you will be running a Connector Host on-site, please refer to our Connector Host Requirements article.

Tulip IP Address Ranges

This section includes the ranges of IP addresses for particular regions. All requests from Tulip will originate from within these IP ranges. Furthermore, clients must have access to these IP address ranges to function properly.

To load assets such as images and videos, your clients will need outgoing access to our AWS S3 resources.

Contact Tulip for details if you are not sure which region applies to you.

North America - Tulip Standard Cloud

  • 3.208.72.192/26

North America - US GovCloud West

  • 52.61.162.10
  • 52.222.21.191
  • 52.222.47.65
  • 52.222.55.193
  • 96.127.64.206
  • 96.127.114.157

Europe - Central

  • 18.196.165.148
  • 35.158.235.163
  • 52.28.199.118
Did this answer your question?