Network connections to Guidewire Cloud

All network transmission with Guidewire Cloud Platform is over the public internet. This includes connectivity via AWS DirectConnect Public VIF. Guidewire Cloud Platform supports AWS PrivateLink for both inbound and outbound connections. Other private connections are not supported, including but not limited to S2S VPN, AWS VPC peering, AWS Transit Gateway, AWS DirectConnect Private VIF, and S3 bucket replication.

Once your applications are running in Guidewire Cloud, you may want to establish connections between those applications and external systems. This is typically for the following uses:

• Inbound communication – Connecting to a Guidewire Cloud service by accessing its user interface or by calling its APIs. For example, you can connect to the InsuranceSuite web user interface. Additionally, if you have an external portal or an integration with Salesforce, those systems can call the APIs exposed by Guidewire Cloud services.
• Outbound communication – Having Guidewire Cloud applications connect with external systems. For example, an application might connect to LexisNexis, a credit scoring service, or one of your self-managed services such as a unique ID generator.

All network communication from Guidewire Cloud Platform to external services is over the public internet via TLS/TCP, primarily using HTTPS but also email and messaging protocols.

Guidewire Cloud Platform does provide several mechanisms to ensure the security of your data connections:

• All connections to Guidewire Cloud are restricted to only approved and allowlisted IP addresses.
• Connections to Guidewire Cloud application user interfaces and APIs use HTTPS over TLS.
• API connections can optionally use mTLS.