Skip to content

How to Configure the Corporate Firewall to Get the Solution Running

For users of the Email Sidebar on:

 

4 min read

 

To handle customers’ data enclosed in a secured corporate environment, Revenue Grid’s components require two sets of allow-list rules to be configured by the local mail server and Salesforce Admins:

  1. RG infrastructure IPs allow-listed to access the corporate mail server and Salesforce
  2. Firewall exceptions configured for end users' work devices. All listed Revenue Grid and third-party resources are guaranteed to be secure, according to [Revenue Grid privacy and security policies](https://revenuegrid.com/privacy-and-security/#privacy_and_security); all transferred data is encrypted with [TLS 1.2](https://en.wikipedia.org/wiki/Transport_Layer_Security)

All Revenue Grid traffic is intended to go directly, not through a proxy connection.

 

Why do the IPs get changed in some updates?

  • RG server-side performance boosting (with up-to-date server equipment)
  • Possible server-side disaster recovery scenarios improvement, by reducing users impact and functions recovery time (using the extra backup servers)
  • Some of the reserved addresses are in resting state, they will be used in case of main servers downing, ensuring minimum users impact; they will be left unchanged in case of future server-side migrations

 


 

March 2024 Revenue Grid resources’ IP update

In March 2024 Revenue Grid Azure resources’ IPs got updated, ensuring:

  1. extra stability considering geographic proximity
  2. even more security
  3. allow-list config facilitation

All customers must add the four new ranges to their allow-lists and remove the old RG IPs from the allow-lists.

Starting with March 2024, to access customers’ corporate mail servers and Salesforce, Revenue Grid will be using only six designated IP ranges in different geographic locations: Central US and Eastern US, Western Europe and Northern Europe, Southeast Asia and East Asia.

RGES Chrome Extension for Google requires the same set of IPs, plus Chrome Web Store resource allow-listing is required.

 


 

1. RG resources allow-Listed to access the mail server and Salesforce

Tip

A mask is an IP ending with /28, /29, /30, /31, etc. on the lists represents a hidden range of several secure affiliated IPs allocated with Classless Inter-Domain Routing (CIDR). For customers’ convenience, we’ve expanded ranges of the updated masks list

  These IPs must be allow-listed in every organization that uses the full Revenue Grid package to enable its functioning.

All these are Inbound connections; MS Exchange/O365/Google and Salesforce servers getting accessed by Revenue Grid components. Protocol: 443 / HTTPS

For US customers

Dedicated IPs for Central US:

20.221.113.244/31 mask


Dedicated IPs for Eastern US:

20.10.227.12/31 mask

 

For EU customers

If you need a EU-only Data Locality and you have got a confirmation from Revenue Grid team that your RGES tenant is provisioned with enabled Data Locality feature, you may allow-list only the dedicated EU ranges:

Dedicated IPs for Western Europe:

4.175.104.56/31 mask


Dedicated IPs for Northern Europe:

20.54.104.14/31 mask

 

For Asia–Pacific customers

If you need a APAC-only Data Locality and you have got a confirmation from Revenue Grid team that your RGES tenant is provisioned with enabled Data Locality feature, you may allow-list only the dedicated APAC ranges:

Dedicated IPs for Southeast Asia:

20.197.72.52/31 mask


Dedicated IPs for East Asia:

20.239.104.20/31 mask



Auxiliary resources Revenue Grid Package IPs

These destinations must be allow-listed in every organization that uses the full Revenue Grid package to enable its functioning.

Destination Details
*revenuegrid.com Revenue Grid user interface. Should lead to Revenue Grid instance

API for sequenced emailing functionality of Revenue Grid Sales Engagement component. Should lead to Sales Engagement instance
Microsoft Exchange (OWA, ECP,EWS, etc.) Only if applicable
chrome.google.com for RGES Chrome Extension
login.salesforce.com and its dependencies.
Refer to Salesforce for details
Authorization with Salesforce account
dc.services.visualstudio.com AppInsights logging
fonts.gооoagleapis.com
fonts.gstаtic.com
Nunito Sans font for UI
logo.clearbit.com Organization logos by email domain for Contacts
api.ipify.org Detecting current user IP. Needed for proper work of email opens and link clicks analytics

 

 

Handling Salesforce Access Restrictions

In addition, in some Orgs Salesforce logging in and data access are restricted for a pre-set IP addresses range. If you cannot log in to Salesforce via RG Email Sidebar, make sure that the above listed IP addresses are included in Login / Trusted IP ranges of your Salesforce account or Org. Please find more info on how to manage them in this official Salesforce blog or their official documentation regarding Login IP ranges and Trusted IP ranges.

 

 


 

2. Work devices’ firewall exceptions for RGES Add-In/Chrome Extension

Tip

Contact your firewall software vendor for guidance how to configure allow-list rules

 

All these are Outbound connections from end users’ work devices. Protocol: 443 / HTTPS

 

Main Revenue Grid resources

*.revenuegrid.com
*.invisible.io
*.invisiblesolutions.com
*.smartcloudconnect.io

 

Auxiliary resources

These are auxiliary CDN, API, Microsoft, Google, Cloudflare, Bootstrap, etc. resources used by the solution.

*.revenuegrid.commaxcdn.bootstrapcdn.com
appsforoffice.microsoft.com
fonts.googleapis.com
cdnjs.cloudflare.com
ajax.googleapis.com
az416426.vo.msecnd.net

 

Extra Resources for Troubleshooting

Add these additional resources to firewall exceptions if issues occur on opening RG Email Sidebar, Sync dashboard, Customization page, or RGES Admin panel. These are required Salesforce, Microsoft, wizards or guides rendering, and other relevant resources.
In addition, to be able to access Sync Engine settings make sure that your browser’s ad blocking plugins (e.g. AdBlock Plus or uBlock Origin) are disabled for RGES Sync dashboard web page.

*.smartcloudconnect.io
*.salesforce.com
dc.services.visualstudio.com
logo.clearbit.com
autocomplete.clearbit.com
api.genderize.io
api.ipify.org
static.userguiding.com
api.userguiding.com
ust.userguiding.com