Skip to content

How to Configure the Corporate Firewall to Get the Product Running


Some network environments are locked down via a Firewall and allow connecting only to allow-listed IP addresses from within their corporate networks.

The table below lists Revenue Inbox resources IPs which must be allow-listed in your local firewall settings for inbound/outbound connection.


All listed IPs are guaranteed to be secure, according to our privacy and security policies; transferred data is encrypted with TLS 1.2.


Firewall exceptions for Revenue Inbox


Check out the description of a typical whitelisting procedure for the standard Windows 10 firewall here.

In the latest update, Revenue Inbox servers IP addresses were changed.


Why were they changed?

  • RI server-side performance boosting (with up-to-date server equipment)
  • Possible server-side disaster recovery scenarios improvement, by reducing users impact and functions recovery time (using the extra backup servers)
  • Some of the reserved addresses are in resting state, they will be used in case of main servers downing, ensuring minimum users impact; they will be left unchanged in case of future server-side migrations


All Revenue Inbox traffic is intended to go directly, not through a proxy connection. It is recommended to configure an MS Active Directory group which can access and consent to the solution’s App. In this group, the App’s manifest must be deployed. Then you can manage the group’s users list to controlling who exactly accesses the App and who the App is consented to work for. See this article for detailed information on deployment scenarios.

The outbound connections are for the user’s devices, the inbound connections are for servers communication. RI Sync engine works directly between Exchange/Office 365 or Gmail server and Salesforce.


Note: the list also includes backup servers which ensure increased stability

Destination Source Port / Protocol Details
End users’ devices [inbound connections]
443 / HTTPS RI Sync Engine connections (MS Azure infrastructure)
[outbound connections]
Users’ Exchange server
Users’ Salesforce Org configuration
443 / HTTPS Revenue Inbox connections required for emails and calendar items handling
End users’ devices *
443 / HTTPS Required Revenue Grid resources
End users’ devices *
443 / HTTPS Auxiliary CDN, API, and other resources used by RI Add-In
End users’ devices *
443 / HTTPS If issues occur on opening RI Sidebar, Sync dashboard, Customization page, or RI Admin panel, also add these resources to the allow-list of your firewall (or proxy server)
These are required Salesforce, Microsoft, wizards rendering, and other relevant resources
In addition, make sure that your browser’s ad blocking plugins (e.g. AdBlock Plus or uBlock Origin) are disabled for RI Sync dashboard


In addition, in some Orgs Salesforce logging in and data access are restricted for a pre-set IP addresses range. If you cannot log in to Salesforce via Revenue Inbox, make sure that the above listed IP addresses are included in Login / Trusted IP ranges of your Salesforce account or Org. Please find more info on how to manage them in this official Salesforce blog or official documentation regarding Login IP ranges and Trusted IP ranges.


Get back to us
We would love to hear from you



Question or comment: