Skip to Content
Back to blog

Product

Network-level access: lock your MCP servers to trusted networks

Speakeasy Team

Speakeasy Team

June 9, 2026 - 2 min read

Product

Speakeasy helps teams connect their data to AI safely. Most of that connection happens inside an organization, not out on the open internet. The MCP servers teams build with us expose internal capabilities to internal users, so restricting them to trusted networks is common sense security, the same boundary teams already put around internal apps and APIs.

We’re happy to release network controls allowing you to restrict an MCP server to the networks you trust. Set an IP allowlist on your custom domain, and any request originating outside it is refused before it reaches your tools.

How it works

Add one or more IPv4 addresses or CIDR ranges to a custom domain. From that point on, only traffic from those ranges can reach the MCP servers and install pages served on that domain. Everything else is dropped at the edge.

Enforcement happens at the ingress, not in application code. Speakeasy applies the allowlist to the underlying Kubernetes networking on both supported paths: NGINX ingress (whitelist-source-range) and the Envoy gateway (a SecurityPolicy). The request never makes it to your server, so there is no tool execution, no auth handshake, no log of a call that should not have happened. A blocked client simply cannot connect.

The moment an organization configures a non-empty allowlist, all of that org’s MCP traffic on the platform host is refused with a 403 and must flow through the custom domain, where the network rules actually apply. Requests arriving via the custom domain pass through untouched. Install pages stay reachable so private servers can still be set up. There is no second address that quietly bypasses the policy you just set. An empty list means unrestricted, exactly as before, so nothing changes for servers that do not opt in.

Set it up

Network-level access is configured per custom domain in your org’s domain settings. Add the IP ranges your team connects from, save, and the rules take effect on the live domain. Clear the list to go back to unrestricted.

Editing the IP allowlist for a custom domain in Speakeasy's domain settings, restricting access to specific IP addresses or CIDR ranges.

This is the first tier of network-level security for MCP. It covers the most common ask from security teams today. Deeper integrations with trusted networking layers are coming soon.

Rolling out MCP across an organization with real security requirements? Book time with our team and we’ll walk through it with you.

Last updated on

AI everywhere.

Control here.

Talk to usLearn more