+ Start a Discussion
Sunny_SlpSunny_Slp 

Narrower SFDC IP range

Hi Folks,

 

We're trying to intergrate SFDC with an external system via outbound message, as a security measure I have asked the external system team to lock down their client to only receive message from:

 

 204.14.232.0/21

 96.43.144.0/20

 

the security team on the external system requested a narrower range, as they don't normally open accesses to such broad range of IP addresses.

 

Is there a way to know the exact(or narrower range) IP address of my organization (both for sandbox and production)?  and secondly is there a risk that this IP range (if there is even a way to find that out in the first place) changes over time?

 

Thanks,

Sunny_Slp



Pat McQueenPat McQueen

Salesforce.com owns the whole netblock so they should have less concerns.  Salesforce wants all of those open so they can re-arrange servers without sending customer emails.  You should concider using layers of defence, IP address is only a basic layer.  Are you validating salesforce.com is calling with Certificates?  Validating the SSL session is important as IP addresses are easy to spoof.  And of course you can use a shard secret or token in the post to validate the calling application as well.