2659632 - Integration Center can't connect to an external SFTP due to IP restrictions

You are using Integration Center to connect to an SFTP not hosted by SAP and it is returning the error below:

"Cannot connect to sftp://username@sftp.hostname.com:22
Could not connect to SFTP server sftp.hostname.com from IP Address <IP_address>. Please check to see if IP Address <IP_address> is added into allow list by your SFTP server. Contact your IT for more information".

"Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental."

• SAP SuccessFactors HXM Suite
• Integration Center

When checking the event log of the failed Integration Center execution, you will find the error message mentioned above.

Sample of Event Log of the error:

You are trying to connect from SuccessFactors Integration Center process to a private or public SFTP server but the SuccessFactors IP is not added into allow list on the public/private server.

In other words, when a process in the Integration Center tries to connect on a server outside SAP's datacenter, it gets refused by the SFTP server.

Check with the team responsible for the SFTP to add into its allow list the IP Address of SuccessFactors datacenter. And also check with them if the SFTP is using the port configured on your Integration Center job ("Destination Settings" tab).

This KBA has a list of all IP addresses from the SuccessFactors Data Centers: 2395508 - IP addresses to be added into allow list when customer's own SFTP is used with Integration Center.

In order to authorize this connection, please follow the steps:

1. Request the SFTP vendor team to confirm if SuccessFactors' IPs are not added on their server IP Auto Ban List. The SAP data center addresses can be added to the SFTP server Auto-Ban list when there are multiple communications failures.
2. If the SFTP vendor restricts access by IP address, you must request the SFTP vendor to add all the SuccessFactors data center IP addresses on their server IP Allow List.

Frequently Asked Questions (FAQ):

1 - The SFTP vendor team already added into their allow list the IP address of SuccessFactors Data Center, but the issue was not fixed yet. What else can I do?
You need to collect at least the logs from the SFTP server which contains the connections being refused or accepted by your server and provide to SuccessFactors support team to progress on the investigation.

2 - Is there a possibility of the issue is located on the Integration Center or on SAP's Data Center?
Yes, beyond the allowlisting in your third-party SFTP side, an allowlisting in SF datacenter side is required too. For that, refer to the KBA 3122406 and see how to proceed.

Public SFTP; SFTP owned by customer; Cannot connect to SFTP; allow list by your SFTP server, ftp, connection, error, connectivity, successfactors, sf, success factors, firewall, block, blocking, 3rd party sftp, vendor sftp, third party sftp, customer sftp , KBA , LOD-SF-INT-INC , Integration Center , LOD-SF-INT , Integrations , Problem