# Prerequisites and Connectivity To ensure a smooth onboarding process, configure your environment to allow communication with essential Veza IP addresses and email domains. #### Domain Filtering The following domains should be allowed through email filters, proxies, and firewalls: * **Email notifications**: When a Veza local account is created, an email is sent to the user to create their password. This email comes from `noreply@vezacloud.com`. * **Veza tenant domain**: The domain for your Veza instance will be `*.vezacloud.com`, where `*` represents your Veza tenant name. * **Insight Point**: If using an [Insight Point](/4yItIzMvkpAvMVFAamTf/integrations/connectivity/insight-point.md), access to `public.ecr.aws` must be allowed for the Veza Insight Point. #### Firewall Rules and Filters Veza integrations connect to data sources across your on-premise environment, cloud providers, and SaaS applications. Most integrations use API tokens or other credentials to query for authorization metadata. By default, integrations run on the Veza SaaS platform. If your organization filters inbound connections to applications you want to integrate with Veza, allow traffic from the Veza NAT Gateway IP addresses for your deployment region in your firewall rules or filters. {% hint style="info" %} Only allowlist the IP addresses for your specific deployment region, which you can confirm by contacting your Customer Success Manager or Veza support. {% endhint %} | Region | Cluster | NAT Gateway IP Addresses | | ------------- | --------- | ------------------------------------------------ | | North America | Canada | `15.223.136.14`, `15.157.157.132`, `3.96.111.11` | | North America | U.S. East | `18.221.224.60`, `3.18.38.252`, `52.14.66.128` | | North America | U.S. West | `44.245.33.160`, `44.234.11.33`, `54.70.152.6` | | EMEA | UK | `18.133.37.58`, `18.171.45.61`, `13.42.176.0` | | EMEA | Germany | `3.68.250.84`, `63.177.202.135`, `3.68.15.78` | | Asia-Pacific | Australia | `54.206.248.16`, `13.238.99.75`, `3.25.20.138` | #### Insight Point Connectivity When configuring an integration, you can choose to use an Insight Point managed by your organization. An Insight Point allows querying authorization metadata within your environment, with no inbound calls from your Veza tenant to integrated data sources. When using this option, outbound traffic must be enabled, to allow the Insight Point to transmit authorization metadata securely to your Veza tenant. The Insight Point must also be able to pull images from the Veza ECR repository, as detailed in [Insight Point: Ports and Connectivity](/4yItIzMvkpAvMVFAamTf/integrations/connectivity/insight-point.md#ports-and-connectivity). --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.veza.com/4yItIzMvkpAvMVFAamTf/integrations/connectivity.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.