Latest Dynatrace
With environment IP allowlisting, Dynatrace provides you with fine-tuned control over external access to your environments.
IP address allowlisting restricts access to your environment to specific IP addresses that you consider acceptable.
This includes access to the latest Dynatrace web UI and the API. With this configuration, you can significantly restrict the threat actor from direct access to your Dynatrace environment.
If a user's IP is not contained in the IP allowlist, they're effectively blocked from accessing and using the latest Dynatrace web UI and API.
The IP allowlist feature does not block the following:
Dynatrace employs the IPv4 Classless Inter-Domain Routing (CIDR) system, as defined in RFC 4632, to specify which IP ranges can access your Dynatrace environment. This system pairs an IPv4 address with a subnet mask to define a range of allowable IP addresses.
For example, the CIDR notation 192.168.0.128/28
encompasses a block of 16 IP addresses, starting from 192.168.0.129
and ending at 192.168.0.142
.
IPv6 CIDR notation isn't currently supported.
The guide is intended for the Dynatrace and network administrators who are tasked to limit external access to their Dynatrace environments to well-known and accepted CIDR ranges.
Dynatrace verifies your configuration to make sure that Dynatrace IP addresses aren't affected by your configuration.
The Dynatrace Account Management API provides you with the endpoints that let you manage and create IP allowlists at scale.