
We use three kinds of cookies on our websites: required, functional, and advertising. You can choose whether functional and advertising cookies apply. Click on the different cookie categories to find out more about each category and to change the default settings.
Privacy Statement
Required cookies are necessary for basic website functionality. Some examples include: session cookies needed to transmit the website, authentication cookies, and security cookies.
Functional cookies enhance functions, performance, and services on the website. Some examples include: cookies used to analyze site traffic, cookies used for market research, and cookies used to display advertising that is not directed to a particular individual.
Advertising cookies track activity across websites in order to understand a viewer’s interests, and direct them specific marketing. Some examples include: cookies used for remarketing, or interest-based advertising.
When making an Apex callout to a web service that is hosted behind a Virtual Private Network (VPN), the callout throws a System.CalloutException. Salesforce cannot establish a direct VPN tunnel to internal services. To resolve this, you must expose the service endpoint to the public internet and secure it using one of the methods described below.
Do not tunnel directly from an external IP into your VPN service (for example, through a DMZ or port forwarding). Instead, consider using a proxy server that requires authentication. The proxy sits between Salesforce and your internal service and authenticates incoming requests before routing them internally.
You can use two-way SSL (mutual TLS) and/or an authentication mechanism such as OAuth or token-based authentication. This approach hardens your service against unauthorized access. Salesforce supports client certificate authentication in Apex callouts using Named Credentials.
Salesforce publishes a list of IP addresses used for outbound callouts. You can configure your proxy or firewall to only allow transactions originating from these Salesforce IP addresses. This restricts access to known Salesforce infrastructure only.
Use a logging system and configure an Intrusion Detection System (IDS) to detect unusual traffic patterns. This helps identify and mitigate attacks in the event that other protection layers are bypassed. This is especially important for publicly exposed endpoints.
000387021