Cannot Create Firewall Rules to Access Mapping Servers

Version 14

    Issue

    You are unable to create firewall rules to allow access to online maps when using default IP addresses.

    Environment

    • Tableau Server
    • Tableau Desktop
    Resolution

    Important: The following procedure is not a recommended or supported configuration of Tableau software for the following reason:

    • The proxy IP addresses can change at any time without notice. Best practice is to use the host names for the map server (the default configuration).

     

     

    To create a firewall rule for the Tableau map servers, you must use static IP addresses.

     

    To create firewall rules for Tableau map server:

    1. In a text editor, such as Notepad, open the Online.tms (8.1 and earlier versions) and Tableau.tms (8.2 and later versions) for any Tableau software that uses map servers. The default locations for the .tms files are as follows:
      • For Tableau Desktop on the Mac -/Users/<user>/Documents/My Tableau Repository/Mapsources
      • For Tableau Desktop on Windows - C:\Users\<user>\Documents\My Tableau Repository\Mapsources
      • For Tableau Server on Windows- C:\Program Files\Tableau\Tableau Server\<version>\vizqlserver\mapsources
      • For Tableau Server on Linux -/opt/tableau/tableau_server/packages/vizqlserver.<build number>/Mapsources
    2. On the third line of each file, do the following:
      • Tableau.tms (2019.2 and higher)
        • Replace the params-url from mapsconfig.tableau.com/v1/config.json to mapsproxy.tableau.com/mbconfig/v1/config.json.
        • Replace the server from api.mapbox.com with mapsproxy.tableau.com

    screenshot_maps20192.png

      • Tableau.tms (8.2 through 2019.1, inclusive)
        • Replace maps.tableausoftware.com with mapsproxy.tableau.com

      • Online.tms (8.1 and earlier)
        • Replace mapspatial.tableausoftware.com with mapsproxy.tableau.com
        • Replace mapvisual2.tableausoftware.com with mapsproxy.tableau.com

       3. Save and close each file, and restart Tableau.

       4. Ensure that the following two domains are allowed by the proxy server on the computer where Tableau is installed and in the network firewall (if there is one). Also make sure that the proxy server can access them without manual or pass-through authentication, so that your users do not have to authenticate each time they need to access the internet.

      • Tableau 2019.2 and higher
        • mapsconfig.tableau.com
        • api.mapbox.com
      • Tableau 2019.1 and lower
        • maps.tableausoftware.com
    Root CauseThe standard Tableau map servers are not tied directly to single IP addresses.
    Additional Information

    Use the following Tableau proxy map server IP addresses to create static firewall rules:

    • mapsproxy.tableau.com is a load balanced DNS that resolves to both of:
      • 54.70.6.148
      • 35.155.234.192

    Additional notes

    • IP addresses need to be white-listed and exempted from any other security restrictions that may block access.
    • Upgrading your Tableau product will remove this customization.
    Related Links

    Announcement: Amazon CloudFront IP Ranges Are Now Available in JSON Format

    Internet Access Requirements

    Configuring Proxies for Tableau Server

     

    Please read: feel free to update this article as the information evolves.