Communicating with the Internet

In most enterprises, Tableau Server needs to communicate with the internet. Tableau Server was designed to operate inside a protected internal network. Do not set up Tableau Server directly on the internet or in a DMZ. Instead, communications between your network and the internet should be mediated using proxy servers. If the computer running Tableau Server cannot access the internet directly, then you may need to deploy forward proxy servers to mediate traffic from inside the network to targets on the internet. Tableau Server doesn't support pass-through or manual proxy authentication.

For inbound traffic, we recommend running Tableau Server behind reverse proxy servers.

How Tableau communicates with the internet

Tableau Server requires outbound access to the internet for these scenarios:

  • Working with maps. Tableau uses map data that is hosted externally.

    Tableau Server needs to connect to the following internet locations with port 443 to use maps:

    • mapsconfig.tableau.com
    • api.mapbox.com

    If Tableau cannot make these connections, maps may fail to load.

    You can test connectivity by accessing each of those addresses in a browser: https://mapsconfig.tableau.com/v1/config.json(Link opens in a new window) and https://api.mapbox.com/(Link opens in a new window) will prompt you to download a json file.

    If you use a proxy to connect to the internet and are unable to connect to api.mapbox.com, see Working with firewalls(Link opens in a new window) on the Mapbox website.

    For Tableau Server version 2019.1 and earlier, see the documentation for your version: Tableau Help(Link opens in a new window)

  • Connecting to the Tableau send-logs server.

    You can upload log files to Tableau when working with Support. See tsm maintenance send-logs(Link opens in a new window). To successfully upload files to Tableau, your Tableau Server must be able to communicate with the send-logs server on port 443:

    report-issue.tableau.com:443

  • Sending Basic Product Data.

    The domain, prod.telemetry.tableausoftware.com, is used by Tableau to receive the Basic Product Data about process launch and shutdown. It is also used for the more general Product Usage Data.

    Traffic to this domain will occur on port 80 (for initial registration of our Product Data clients) and on port 443 (for all subsequent traffic).

    prod.telemetry.tableausoftware.com:80

    prod.telemetry.tableausoftware.com:443

  • Licensing. Tableau products connect to the internet to activate product keys. Unless you activate Tableau software with the Offline Activation Tool, all Tableau products must have access to the internet to validate licenses. Specifically Tableau requires internet access during the following licensing operations: activation, deactivation, and on the refresh maintenance date. For more information about these operations, see Manage Licenses(Link opens in a new window).

    Tableau Server needs to connect to the following internet locations for licensing purposes:

    • licensing.tableau.com:443

    • atr.licensing.tableau.com:443

    • s.ss2.us

    • ocsp.rootg2.amazontrust.com

    • ocsp.rootca1.amazontrust.com

    • ocsp.sca1b.amazontrust.com

    • crt.sca1b.amazontrust.com

    • crt.rootca1.amazontrust.com

    • ocsp.sca0a.amazontrust.com

    • crt.sca0a.amazontrust.com

    • ocsp.sca1a.amazontrust.com

    • crt.sca1a.amazontrust.com

    • ocsp.sca2a.amazontrust.com

    • crt.sca2a.amazontrust.com

    • ocsp.sca3a.amazontrust.com

    • crt.sca3a.amazontrust.com

    • ocsp.sca4a.amazontrust.com

    • crt.sca4a.amazontrust.com

    • crl.rootca1.amazontrust.com

    • crl.rootg2.amazontrust.com

    • crl.sca1b.amazontrust.com

    Requests to the above domains may be on port 80 or 443. Port 80 is used for certificate validation (revocation, certificate chain, etc). Port 443 is used for SSL connections.

    If Tableau Server cannot make a connection while attempting to activate its license, you will be prompted to do an offline activation.

  • Working with external or cloud-based data.

    Tableau Server needs to connect to the following internet location for Box, Dropbox, OneDrive, Google Drive, Google Sheets, and Anaplan services:

    galop.connectors.tableau.com:443

Tableau Server can run without internet access. For more information about deploying Tableau Server in organizations without access to the internet, see Install Tableau Server in a Disconnected (Air-Gapped) Environment.

In many enterprises, users also need to access Tableau Server from outside the network (that is, from the internet). For example, in many enterprises, users want to be able to reach Tableau Server from their mobile devices in order to interact with views that are stored on the server. To configure access to Tableau Server from the internet or from mobile devices, you should use a reverse proxy. See Configuring Proxies for Tableau Server.

Thanks for your feedback!