Granting the Coveo Cloud V1 Access to Your On-Premises CES Index

In the case of a Cloud V1 Hybrid Organization deployment, the Coveo Cloud V1 platform must be able to access your on-premises Coveo Search Enterprise (CES) to execute queries on the index. Most of the time, your CES index is running behind your corporate firewall. The access can be granted securely by only opening the CES SOAP Service port and whitelisting only the Coveo Cloud V1 IP addresses. This configuration is typically done by a network or system administrator of your IT department.

To grant the Coveo Cloud V1 access to your on-premises CES index

  1. Open a port in your firewall that will forward incoming TCP connections to the SOAP Search Service exposed by your Coveo index server. By default, the server listens on port 52810.

    • You must configure a direct TCP link, without any HTTP/HTTPS reverse proxy.

    • You can use the port of your choice as long as the port is on the Internet side of the firewall.

    • When you are using an internal Network Load Balancer (NLB) to spread query load over several mirrors, the opened firewall port should forward incoming connections to your NLB.

    • This port is the same you will enter when configuring the on-premises index in the Settings panel (see Creating a Coveo Hybrid Cloud V1 Organization).

  2. For additional security, the endpoint should only allow connections coming from the Coveo Cloud V1 IP addresses (see IP Addresses to Whitelist).