How to Configure the Corporate Firewall to Get the Solution Running¶
To handle customers’ data enclosed in a secured corporate environment, Email Sidebar’s components RGES Add-In / Chrome Extension and RGES Sync Engine require two sets of allow-list rules to be configured by the local mail server and Salesforce Admins:
1. RGES infrastructure IPs allow-listed to access the corporate mail server and Salesforce
2. Firewall exceptions configured for end users’ work devices. All listed Revenue Grid and third-party resources are guaranteed to be secure, according to Revenue Grid privacy and security policies; all transferred data is encrypted with TLS 1.2
All Email Sidebar traffic is intended to go directly, not through a proxy connection.
Why do the IPs get changed in some updates?
- RGES server-side performance boosting (with up-to-date server equipment)
- Possible server-side disaster recovery scenarios improvement, by reducing users impact and functions recovery time (using the extra backup servers)
- Some of the reserved addresses are in resting state, they will be used in case of main servers downing, ensuring minimum users impact; they will be left unchanged in case of future server-side migrations
November 2021 Revenue Grid Resources’ IP Update¶
In November 2021 Revenue Grid Azure resources’ IPs got updated, ensuring: A. extra stability considering geographic proximity; B. even more security; C. allow-list config facilitation. During November 2021, all customers must add the four new ranges to their allow-lists and remove the old RGES IPs from the allow-lists.
Starting with December 2021, to access customers’ corporate mail servers and Salesforce Email Sidebar Sync Engine and Add-In / Chrome Extension will be using only four designated IP ranges in different geographic locations: US Central and US East, Europe West and Europe North; four main use and four standby IPs are allocated within every range.
1. RGES Resources Allow-Listed to Access the Mail Server and Salesforce¶
A mask - an IP ending with /28, /29, /30, /31, etc. on the lists represents a hidden range of several secure affiliated IPs allocated with Classless Inter-Domain Routing (CIDR). For customers’ convenience, we’ve expanded ranges of the updated masks list
All these are Inbound connections; MS Exchange / O365 and Salesforce servers get accessed by Revenue Grid components. Protocol: 443 / HTTPS
Dedicated IPs added in November 2021: 188.8.131.52/29 mask actual range 184.108.40.206 - 220.127.116.11 18.104.22.168/29 mask actual range 22.214.171.124 - 126.96.36.199 188.8.131.52/29 mask actual range 184.108.40.206 - 220.127.116.11 18.104.22.168/29 mask actual range 22.214.171.124 - 126.96.36.199
For EU-only Customers¶
If you need a EU-only Data Locality and you have got a confirmation from Revenue Grid team that your RGES tenant is provisioned with enabled Data Locality feature, you may allow-list only the dedicated EU ranges:
188.8.131.52/29 mask actual range 184.108.40.206 - 220.127.116.11 18.104.22.168/29 mask actual range 22.214.171.124 - 126.96.36.199
Handling Salesforce Access Restrictions¶
In addition, in some Orgs Salesforce logging in and data access are restricted for a pre-set IP addresses range. If you cannot log in to Salesforce via Email Sidebar, make sure that the above listed IP addresses are included in Login / Trusted IP ranges of your Salesforce account or Org. Please find more info on how to manage them in this official Salesforce blog or their official documentation regarding Login IP ranges and Trusted IP ranges.
2. Work Devices’ Firewall Exceptions for RGES Add-In / Chrome Extension¶
Contact your firewall software vendor for guidance how to configure allow-list rules
All these are Outbound connections from end users’ work devices. Protocol: 443 / HTTPS
Main Revenue Grid Resources¶
*.revenuegrid.com *.invisible.io *.invisiblesolutions.com *.smartcloudconnect.io
These are auxiliary CDN, API, Microsoft, Google, Cloudflare, Bootstrap, etc. resources used by the solution.
*.revenuegrid.commaxcdn.bootstrapcdn.com appsforoffice.microsoft.com fonts.googleapis.com cdnjs.cloudflare.com ajax.googleapis.com az416426.vo.msecnd.net
Extra Resources for Troubleshooting¶
Add these additional resources to firewall exceptions if issues occur on opening RGES Sidebar, Sync dashboard, Customization page, or RGES Admin panel. These are required Salesforce, Microsoft, wizards or guides rendering, and other relevant resources.
In addition, to be able to access Sync Engine settings make sure that your browser’s ad blocking plugins (e.g. AdBlock Plus or uBlock Origin) are disabled for RGES Sync dashboard web page.
*.smartcloudconnect.io *.salesforce.com dc.services.visualstudio.com logo.clearbit.com autocomplete.clearbit.com api.genderize.io api.ipify.org static.userguiding.com api.userguiding.com ust.userguiding.com
We would love to hear from you