I want to know which IPs I need to whitelist to go from my corporate network to my Foundry instance. As we have strict firewall rules, we need to know which IPs Foundry is served on so that we can whitelist them.
e.g. when I download an agent, I want to know which IP I need to whitelist so that the curl command from the box on which I download the agent, to Foundry, work.
By default your Foundry instance is accessible through a Load Balancer over a publicly routable set of IPs. Those are the IPs you need to allowlist for egress in your corporate firewall - the only port used is 443 (HTTPS).
This set of IPs doesn’t change. The easiest way to obtain it is to query Public DNS for the A records corresponding to your Foundry instance URL (e.g. myfoundry.palantirfoundry.com) via online tools such as MxToolbox or via command line tools such as nslookup (Windows) or dig (MacOS/Linux).
Since you mentioned downloading an agent, you also need to make sure that the egress IP of the server you’re downloading the agent to, is covered by the ingress allowlist in the Control Panel of your Foundry instance.
There’s one caveat: If your Foundry instance has been configured to be accessed exclusively through a private network connection (such as a Private Link Endpoint), then the ingress IPs are the private IPs of the PLE inside your private network. In this case, you’ll need to either use this existing PLE, or contact your Palantir representative to assist in creating an additional PLE in the network you wish to access Foundry from.