Action Required: Update Your Allow-Listed Marketo Engage IP Addresses for Webhooks, CRM Integrations, and More

courtney_ward
Marketo Employee
Marketo Employee

Prior to March 22, 2022, the IP addresses used for outbound network traffic originating from the Marketo Engage infrastructure in the Ashburn and San Jose data centers were:

  • San Jose: 199.15.215.245
  • Ashburn: 199.15.213.245

To accommodate the increasing network traffic growth rate, we added the following IP CIDR (Classless Inter-Domain Routing) blocks for outbound network traffic originating from Marketo Engage infrastructure to your applications during the maintenance windows listed below. If you had explicitly allowed the IP addresses above to access your applications, we requested that you replace those IP addresses with the new IP CIDR blocks prior to the maintenance window. Please review the information about these applications and how to determine whether your subscription is affected below. Please note, the current IP addresses (199.15.215.245 and 199.15.213.245) are included in this CIDR range and do not need to be explicitly included in the allowed list during the transition period. Because SFDC does not use CIDR notations for their allow-lists, we recommend using a tool like https://www.ipaddressguide.com/cidr. This will convert the CIDR notation to an IP range with starting and ending IP addresses. 

 

Maintenance Window

  • San Jose Data Center: March 22, 2022, 3:00 AM MDT – 4:00 AM MDT
  • Ashburn Data Center: March 23, 2022, 3:00 AM MDT – 4:00 AM MDT

New IP CIDR Range

The IP CIDR range below applies to both the San Jose and Ashburn data centers. The IP addresses above should have been replaced with all three blocks in your allowed list. 

  • 192.28.144.0/20
  • 192.28.160.0/19
  • 199.15.212.0/22

The most common applications that you would have possibly explicitly allowed our IP address due to your IT security requirements are CRM integrations and Webhooks:

CRM Integration: CRM Integration requires Marketo Engage to access CRM API endpoints to retrieve data. Your company may have security requirements to allow only a set of IP addresses to access such endpoints. Please consult your CRM administrator to validate if you have explicitly allowed our current IP address to access CRM API and replace the current IP Address with the new IP CIDR blocks to the allowed list.

Webhooks: A Webhook is an integration feature that allows you to make outbound HTTP calls using GET or POST originating from Marketo Engage to your applications. These applications can either be internal applications or applications built by third-party vendors.

For each webhook listed under Admin->Webhook, please check the URL endpoint and determine the type of application. Consult with your respective IT or application team managing each endpoint to determine whether our current IP address has been explicitly allowed to access such application and replace the current IP Address with the new IP CIDR blocks to the allowed list.

10985
4
4 Comments
Steven13
Level 1

Where do I make this change in SFDC?

Kimberly_Galit1
Level 4 - Champion

@Todd_Sprinkel has been so kind to guide us to this in SFDC:

this lives under Session Settings and/or the profile: https://help.salesforce.com/s/articleView?id=000333031&type=1

 

And a few of us have been trying to crowdsource vendors we have gotten in touch with regarding the webhooks. To be clear, this does apply to GET and POST, so you will need to ensure that any webhooks you are using, the vendor does not have IP restrictions. If they do they will need to update their list. 

 

@Courtney_McAra4 has found the following are not using restricted IP lists thus far:

Sendoso

Integrate

Etumos Flowboost

Steven13
Level 1

@Kimberly_Galit1 thank you for your response. It seems that I do not have any Login IP Ranges set to my Marketo profile, so I should be set. Thank you for your help and additional details. 

David_Everly
Marketo Employee

Note that we have added the new IP CIDR Range to the Marketo Engage product documentation here.