BYOC Premises Edge network communications

A BYOC Premises Edge provides the following security features regarding networking:

  • An Edge communicates with only a single proxy service in AWS. This proxy service is the secure front end to Genesys Cloud.

  •  MTLS HTTPS to provide client authentication.

  • All connections to Genesys Cloud are initiated by an Edge device, which eliminates the need to modify your firewall to add static routes or expose an Edge device directly on the Internet.

  • An Edge trusts only the Genesys Cloud Root CA certificate. For any command and control, and event channels, an Edge trusts only Genesys Cloud. Communications to third-party entities, such as SIP carriers, custom VoiceXML documents, and other Genesys Cloud services are not classified as command and control, and event channels, and do not have the same equivalent restrictions.

For more information, see About ports and services for your firewall.

An Edge uses the following network protocols:

Protocol Purpose
MTLS Communications with Genesys Cloud services (control channel)

SIP/TLS with digest authentication


Interaction signaling

Note: The selection of signaling protocol used depends on devices and carrier support/configuration.
SRTP Encryption of media streams