In March 2025, Dynatrace will change the underlying IP addresses that ActiveGates and OneAgents use when connecting to Dynatrace SaaS on AWS. This will result in a change of frontend IP addresses.
We’re optimizing the load balancing of data ingested to Dynatrace SaaS on AWS, which requires this change of the frontend IP addresses.
The initial change (in March 2025) will be completely transparent to everyone for now.
Eventually, however, you will need to take action if both of the following are true:
If your deployment is affected (see above), no immediate action is needed, but we recommend planning action in the next months.
The underlying IP addresses that ActiveGates and OneAgents use when connecting to Dynatrace SaaS on AWS will change in March 2025, but this will be transparent to you. OneAgents and ActiveGates will still be able to connect via the previously used connection through Dynatrace public ActiveGates.
If your deployment is affected, we strongly recommend adjusting your firewall rules to the new IP addresses soon. Later this year, the fallback to the previously used connection will be disabled. We will follow up with additional communication before introducing this change later this year.
In addition, we will also change the Dynatrace Environment domain and the Environment alias domain to point to the new IP addresses. You will need to allow-list the new IP addresses when restricting outgoing connections on your hosts.
No. The change only affects Dynatrace SaaS on AWS. You’re not affected if you’re using Dynatrace SaaS on Azure or GCP.
No. If you do not restrict connections via a firewall, no manual action is required at all. The change will happen automatically, and OneAgents and ActiveGates will connect via the new IP addresses.
No immediate action is necessary now, but we strongly recommend that you plan to allow-list the new IPs in the next months (from March 2025 onwards) so that you’re prepared in advance when we announce and introduce the final changes later this year.
You need to plan to adjust your firewall rules for the new IPs. We recommend doing that in the months following March 2025. Later this year, the fallback to the previously used connection will be disabled.
The new IP addresses can be found on the deployment pages in Dynatrace (OneAgent, ActiveGate) and in the Discovery & Coverage app.
This change does not impact OneAgents and ActiveGates connecting via AWS PrivateLink. However, you also need to plan action if:
You also need to update your firewall rules to the new IP addresses in the months following March 2025.
In March 2025, Dynatrace will change the IP addresses that ActiveGates and OneAgents use to connect to Dynatrace SaaS.
This change will be completely transparent and does not require immediate action.
However, if you restrict outgoing connections via a firewall on the hosts running ActiveGates and OneAgents, you should plan to allow the new IP addresses to be listed in the months following March 2025. Until later this year, ActiveGates and OneAgents will still be able to connect through the previously used IP addresses as a fallback.