Cannot Create Firewall Rules to Access Mapping Servers

Version 10


    You are unable to create firewall rules to allow access to online maps when using default IP addresses.


    • Tableau Server
    • Tableau Desktop

    Important: The following procedure is not a recommended or supported configuration of Tableau software for the following reasons:

    • The proxy IP addresses can change at any time without notice. Best practice is to use the host names for the map server (the default configuration).
    • Tableau mapping service provider recently made changes to improve performance. These changes will not take effect in the modified environment that results from following this procedure.


    To create a firewall rule for the Tableau map servers, you must use static IP addresses.


    To create firewall rules for Tableau map server:

    1. In a text editor, such as Notepad, open the Online.tms (8.1 and earlier versions) and Tableau.tms (8.2 and later versions) for any Tableau software that uses map servers. The default locations for the .tms files are as follows:
      • For Tableau Desktop on the Mac -/Users/<user>/Documents/My Tableau Repository/Mapsources
      • For Tableau Desktop on Windows - C:\Users\<user>\Documents\My Tableau Repository\Mapsources
      • For Tableau Server on Windows- C:\Program Files\Tableau\Tableau Server\<version>\vizqlserver\mapsources
      • For Tableau Server on Linux -/opt/tableau/tableau_server/packages/vizqlserver.<build number>/Mapsources
    2. On the third line of each file, do the following:
      1. Tableau.tms (2019.2 and higher)
        1. Replace the params-url from to
        2. Replace the server from with


      1. Tableau.tms (8.2 through 2019.2)
        1. Replace with

               2. Online.tms (8.1 and earlier)

        1. Replace with
        2. Replace with

       3. Save and close each file, and restart Tableau.

    Root CauseThe standard Tableau map servers are not tied directly to single IP addresses.
    Additional Information

    Use the following Tableau proxy map server IP addresses to create static firewall rules:

    • is a load balanced DNS that resolves to both of:

    Additional notes

    • IP addresses need to be white-listed and exempted from any other security restrictions that may block access.
    • Upgrading your Tableau product will remove this customization.
    Related Links

    Announcement: Amazon CloudFront IP Ranges Are Now Available in JSON Format

    Internet Access Requirements

    Configuring Proxies for Tableau Server


    Please read: feel free to update this article as the information evolves.