> ## Documentation Index
> Fetch the complete documentation index at: https://docs.textql.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Network Configuration

> Configure firewall rules to allow TextQL to connect to your databases

## Overview

To allow TextQL to connect to your database, you need to whitelist the following IP addresses in your database's firewall or security group settings:

* `44.229.62.69`
* `54.69.138.147`

These IP addresses are used by TextQL's backend services to establish connections to your databases.

<Warning>
  **Important:** This IP whitelisting requirement **does not apply** to VPC, on-premises, or single-tenant deployments. If you have a custom deployment arrangement, contact your TextQL representative for specific network configuration requirements.
</Warning>

<Tip>
  **Database in a private subnet?** If your database is not publicly accessible, you can connect through an SSH tunnel (bastion host) instead of whitelisting IPs directly on the database. This is currently supported for [PostgreSQL](/core/datasources/databases/postgresql#connecting-via-ssh-tunnel) connectors. When using an SSH tunnel, whitelist TextQL's IPs on the **bastion host's** security group rather than the database's.
</Tip>

## Configuration by Database Provider

### AWS (RDS, Aurora, Redshift)

1. Go to your database in the **RDS Console**
2. Click the **Connectivity & Security** tab
3. Click on the **VPC security group** link
4. Click **Inbound rules** and then **Edit inbound rules**

**Add rules based on your database engine:**

**For MySQL/Aurora MySQL:**

* Add rule: Type=`MYSQL/Aurora`, Port=`3306`, Source=`44.229.62.69/32`
* Add rule: Type=`MYSQL/Aurora`, Port=`3306`, Source=`54.69.138.147/32`

**For PostgreSQL/Aurora PostgreSQL:**

* Add rule: Type=`PostgreSQL`, Port=`5432`, Source=`44.229.62.69/32`
* Add rule: Type=`PostgreSQL`, Port=`5432`, Source=`54.69.138.147/32`

**For Redshift:**

* Add rule: Type=`Redshift`, Port=`5439`, Source=`44.229.62.69/32`
* Add rule: Type=`Redshift`, Port=`5439`, Source=`54.69.138.147/32`

5. Click **Save rules**

### Azure (Synapse, SQL Database, PostgreSQL)

1. Go to your database or workspace in the **Azure portal**
2. Navigate to **Networking** in the left menu
3. Under **Firewalls**, click **Add firewall rule**
4. Add rule: Name=`TextQL-IP-1`, Start IP=`44.229.62.69`, End IP=`44.229.62.69`
5. Add rule: Name=`TextQL-IP-2`, Start IP=`54.69.138.147`, End IP=`54.69.138.147`
6. Click **Save** to apply the changes

### Google Cloud (BigQuery, Cloud SQL)

**For Cloud SQL:**

1. Go to your Cloud SQL instance in the **Google Cloud Console**
2. Click **Connections** in the left menu
3. Under **Authorized networks**, click **Add network**
4. Add network: Name=`TextQL-IP-1`, Network=`44.229.62.69/32`
5. Add network: Name=`TextQL-IP-2`, Network=`54.69.138.147/32`
6. Click **Done** and then **Save**

**For BigQuery:**

BigQuery typically doesn't require IP whitelisting as it uses OAuth authentication. Follow the BigQuery connector setup guide for authentication steps.

### Databricks

1. Go to your Databricks workspace settings
2. Navigate to **IP Access Lists**
3. Click **Add** to create a new IP access list
4. Add IP: `44.229.62.69/32`
5. Add IP: `54.69.138.147/32`
6. Enable the IP access list

### Other Database Providers

For databases hosted on other platforms, add the TextQL IP addresses to your firewall or network security settings according to your provider's documentation. The general principle is the same: allow inbound connections from the two IP addresses listed above.

## Troubleshooting

### TextQL Cannot Connect After Adding IPs

**Verify the following:**

1. **IP addresses entered correctly**: `44.229.62.69` and `54.69.138.147`
2. **Correct port is open** for your database type:
   * MySQL/Aurora MySQL: 3306
   * PostgreSQL/Aurora PostgreSQL: 5432
   * Redshift: 5439
   * SQL Server/Azure Synapse: 1433
   * Snowflake: 443
3. **Database credentials are correct**
4. **Database is publicly accessible** (or appropriately configured for external connections)
5. **VPC or subnet configurations** allow external traffic
6. **Multiple layers of firewalls** (network ACLs, security groups, etc.) all need updating

### Connection Timeout

**Possible causes:**

* Firewall rules not applied yet (may take a few minutes)
* Incorrect host URL or port
* Database server not running
* Network connectivity issues

### Authentication Errors

**These are not network issues:**

* Verify username and password
* Check user permissions
* Ensure user can connect from external IPs

## Security Best Practices

### Principle of Least Privilege

* Create a dedicated read-only user for TextQL
* Grant access only to necessary schemas/tables
* Use strong passwords
* Rotate credentials regularly

### Monitoring and Auditing

* Enable query logging
* Monitor connection attempts
* Set up alerts for unusual activity
* Review access logs regularly

### Data Protection

* Use SSL/TLS for connections (enabled by default)
* Encrypt sensitive data at rest
* Implement row-level security where appropriate
* Mask sensitive columns

## VPC and Private Network Deployments

<Info>
  **Enterprise Deployment Options:** The IP whitelisting instructions above are for standard cloud deployments. If you require VPC peering, on-premises connectivity, or single-tenant deployment, different network configuration applies.
</Info>

For organizations requiring private network connectivity:

* **VPC Peering**: Available for dedicated deployments
* **AWS PrivateLink**: Supported for AWS customers
* **Azure Private Endpoints**: Available for Azure customers
* **On-Premises Connectivity**: Custom network configuration required
* **Single-Tenant Deployments**: Dedicated infrastructure with custom networking

**Contact TextQL Support:**

* Email: [support@textql.com](mailto:support@textql.com)
* Subject: Enterprise Network Configuration
* Include: Your deployment type and network requirements

## Related Documentation

* [PostgreSQL Connector](/core/datasources/databases/postgresql)
* [Amazon Aurora Connector](/core/datasources/databases/aurora)
* [Azure Synapse Connector](/core/datasources/databases/azure-synapse)
* [The Connectors Page](/core/datasources/the-connectors-page)
* [Security Best Practices](/core/admin/compliance/security)
