Bells Knowledge

CT|One Public IP Ranges

Super Administrator

Written By Nate Kilzer (Super Administrator)

Updated at November 15th, 2024

CT|One is hosted on Amazon Web Services, and is implemented such that it does not have a fixed public IP that can be allow-listed in egress firewalls.

If you have an egress firewall that supports DNS resolution, you can configure it to allow access to the following host names:

  • web.ctone.io
    • This is the web portal used for logging into CT|One and accessing the RDP shortcuts
  • gatekeeper.ctone.io
    • This is the Remote Desktop connector that is used for accessing the CT|One desktop and remote apps
  • sftp.ctone.io
    • This is the SFTP server used for document uploads like scans

If you have an egress firewall that supports resolving AWS Service Ranges, CT|One is hosted in AWS region “us-east-2” (Ohio), and our public endpoint load balancers are all part of the base service “AMAZON”.

We recommend that your firewall be configured to refresh the list of IP addresses associated with these names at least once every 6 hours. If you experience connection issues, refreshing the list should pick up the latest IPs for these endpoints.

If you do not have an egress firewall that allows for DNS resolution, you will need to manually provision the IP addresses for the endpoints above. You can manually resolve these IPs with any DNS resolution tool and add them to your firewall.

If you have the ability to script your firewall configuration, you can either automatically resolve the above host names, or you can allow the AWS range for the region and services where CT|One is hosted.

AWS makes their list of IP Ranges publicly available here:
https://docs.aws.amazon.com/vpc/latest/userguide/aws-ip-ranges.html

That page provides a link to a JSON file of IP Ranges can be filtered in several ways to limit the results to what we need. As noted above, CT|One is currently deployed in the "us-east-2" (Ohio) region and the load balancers are considered part of the base service "AMAZON".

To download the list of IP addresses and extract the ones are relevant to the CT|One service, you can run the following one-liner on any system with cURL and JQ installed:

curl -sS -o- https://ip-ranges.amazonaws.com/ip-ranges.json | jq -r ‘.prefixes[] | select(.region=="us-east-2" and .service=="AMAZON").ip_prefix’

Note that availability of cURL and JQ are not guaranteed on all systems, and support will not be provided for installing them.

Was this article helpful?

Related Articles

Default Packets Tip

Default Packets A clinician’s time is valuable and CT|One strives to offer time s...

Add a Staff Identification Photo Guide

A .jpg photo can be uploaded to the Staff Master record providing visual identifi...

May 2022 - 1st Release

Clinical Progress Note Review Report – Forwarded Notes The core Progress Note Rev...