+ Start a Discussion
David Zhu 8David Zhu 8 

salesforce ip ranges whitelisting

Hi there,
If  salesforce ip ranges are  whitelisted on my company's network, does it mean it opens the door for all Salesforce applications to access to my company's network?
If yes, how to limit only my salesforce org's application to access?

Daniel BallingerDaniel Ballinger
It means that the Salesforce servers with the trusted IPs can send traffic to the servers in your company that have been exposed. I'm not a network engineer, but my understanding is you typically just expose the web servers that host the web services to those IP addresses. It shouldn't be possible for the Salesforce servers to send requests to any IP address on your companies network.

It terms of the web services that you expose to those IP addresses, you can check that the expected Salesforce client certificate is being used. I'll also often include the OrgId and session details in the request. I can then call back to Salesforce to verify that the session is valid and that the OrgId is from an allowed company. A Connected Canvas App can also use a Signed Request to verify it's identity to the web service.

See also: