Before you can set automating test cases for your application, one step that need to be addressed is to ensure that Worksoft SaaS can access your application. If your application is available in public domain and all functionality can be accessed then you can skip this step. If not read through this article to understand different approaches that can be used to setup access permissions.

Worksoft SaaS invariantly executes tests from two different clouds: 1) Cross Browser/Device Cloud and 2) Functional Cloud. Access to these clouds need to be setup separately as specified in following sections.

Firewall Rules required for performing executions in Cross Browser/Device Cloud:

The rules depend on whether the AUT is publicly accessible or is private to an environment.

When Application is publicly accessible, and a firewall is in place that restricts access, customers need to whitelist the following range of addresses for ports the AUT is running on for inbound traffic.

Executions performed on this cloud, originate from an IP address that is a part of the below-mentioned ranges:

United States Data Center

• 162.222.72.0/21 (this is equivalent to the range 162.222.72.0 – 162.222.79.255)
• 66.85.48.0/21 (this is equivalent to the range 66.85.48.0 - 66.85.55.255)

Even if the AUT is publicly accessible, and no firewall prevents access, you may have to whitelist the IPs to avoid any rate-limiting issues if such a mechanism is kept in place.

If the customer prefers not to whitelist the above-mentioned IP addresses, they can choose to perform the executions over the Sauce Connect Proxy, wherein a secure tunnel is established and the executions are performed over the tunnel. In this case, no inbound firewall rules need to be configured as the traffic to the AUT originates from the machine where the Sauce Connect Proxy is running.

However, to facilitate a successful tunnel, you will have to open outbound traffic on ports 80 and 443 for "saucelabs.com" and "*.miso.saucelabs.com". Sauce Connect Proxy needs to make outbound connections to "saucelabs.com" and "*.miso.saucelabs.com" on port 443 for the REST API and the primary tunnel connection to the Sauce cloud.

Verifying the SSL certificate in use may require an outbound connection on ports 443 and 80 to "*.symcd.com" and/or "*.symcb.com" (e.g. g.symcd.com and gs.symcb.com).

Sauce Connect Proxy can optionally create tunnels through a web proxy and more information regarding the same is available here

When the application is accessible only over the private network, executions can be performed over the Sauce Connect Proxy alone. More information about the certificate handling by Sauce Proxy is available here

Firewall Rules required for performing executions on Functional Cloud or Performance Cloud:

Executions performed on this cloud, originate from one of the below-mentioned IP address:

• 52.203.74.63

Firewall Rules required for developer access from Worksoft SaaS Development Center:

When engineers from Worksoft SaaS require access to the application that is behind a firewall, customers can choose to whitelist the below IP addresses or provide VPN access.

If decision is made to whitelist IP addresses, then the below-mentioned ranges have to be configured:

• 54.152.161.128

Firewall Rules required to access Worksoft SaaS & QaCONNECT Service: