At SugarChimp, we completely understand the importance of network security.  Read below for solutions to address both inbound and outbound needs.

Inbound

Data from Mailchimp needs to be able to hit your CRM.  To keep your network inaccessible from the outside, you have a few options for your integration:

• Create a proxy script for Mailchimp
  We recommend using a reverse proxy script to retain the full functionality of your integration with the highest security possible. We've created a script as well as instructions on how to use it to ensure your network stays locked down. To get more details on that, go here.
• Whitelist Mailchimp's Webhook IP addresses
  It is worth noting that Mailchimp frequently changes the IP addresses they use without notice.  For this reason, we typically recommend option 1, above.  However, if you'd like to get a list of the Mailchimp webhook IP addresses they're currently using in order to whitelist them, you can reach out Mailchimp directly.
• Turn off Mailchimp to Sugar syncing
  If your situation is more extreme and will not allow for proxy scripts, then you can definitely choose to turn off your Mailchimp to Sugar syncing. Just make sure that you are aware of the inherent consequences of doing so! 
• Whitelist the IPs below to be able to reach the authentication server for license validation:
  • 3.135.136.57
  • 3.149.61.67
  • 3.20.110.34
  • 18.220.252.20
  • 3.140.62.214
  • 3.139.253.68

Outbound

If you use a firewall for outbound traffic, it is worth noting that in order to use the SugarChimp integration, you'll need to access both Mailchimp and the SugarOutfitters/SuiteCRM server (which is responsible for validating your license.) Options for this are below:

• Whitelist the Fanatical Labs IPs below:
  • 3.135.136.57
  • 3.149.61.67
  • 3.20.110.34
  • 18.220.252.20
  • 3.140.62.214
  • 3.139.253.68
• Setup a forward proxy to access Mailchimp.