Ports and services to configure on your company firewall


Effective date: November 04, 2020

The Effective date indicates the last time this article was updated. For details, see the Revision history at the bottom of this article.

On this page you’ll find detailed information on the ports and services that you’ll need to configure on your company firewall based on your product/source(client). Just locate the header pertaining to your product and expand the appropriate section. Then, where applicable, select the tab matching the service you are using. On each tab, you’ll find a table that provides the following information:

  • Transport/Port (Application)

The transport protocol is a description of the type of network traffic used for the application. Most applications use either TCP or UDP as a transport, and sometimes both, which depends on how the application operates. Most applications’ protocols have standard ports selected, which are commonly used for that service on the public Internet. Genesys Cloud typically uses the standard port for each application protocol.

  • Destination

The destination device is the server which is listening for “inbound” requests to the application port. Inbound requests are received from the client from its transmission port.

  • Description

The description contains additional information about the connectivity requirement.

Note: The WAN network interface port must connect to a network that supports external DNS resolution to ensure cloud connectivity.

For more information, see Firewall FAQs.


General

Transport/Port (Application) Destination Description
udp/53 (DNS) *

tcp/53 (DNS) *

  † DNS provides name resolution for network connections. DNS is used by most applications, it converts names like “mypurecloud.com” to IP addresses required for connectivity.

These settings apply to:

  • Workstations / Genesys Cloud client (browser or desktop app)
  • Mobile / Genesys Cloud mobile app (iOS and Android)
  • VoIP phones
  • Edge devices
  • Bridge Servers

* Typical. If your network is configured for private or internal DNS, then port 53 is not required.

† Third-party service; not hosted by Genesys Cloud.


NTP provides time synchronization. Devices that use NTP will automatically set their clock from the network source and occasionally update their time for accuracy.

Transport/Port (Application) Destination Description
udp/123 (NTP) time.nist.gov*

Provides time synchronization for Edge devices and Bridge Servers.

us.pool.ntp.org* Provides time synchronization for Polycom phones.

* Third-party service; not hosted by Genesys Cloud.


Genesys Cloud agent desktop/browser


Transport/Port (Application) Destination Description
tcp/443 (HTTPS) Genesys Cloud, Amazon AWS The secure connection from your client (desktop, web, mobile) to the Genesys Cloud Services on the public Internet.

Transport/Port (Application) Destination Description

tcp/3478 (STUN)

udp/3478 (STUN)

tcp/19302 (STUN)

udp/19302 (STUN)

Genesys Cloud, Amazon AWS

Google*

Session Traversal Utilities for NAT (STUN) is an egress connection that informs a host of its public IP address used for media-based communications.
udp/49152–65535 (SRTP) Genesys Cloud, Amazon AWS The secured transmission of streaming media (audio and video).

* Third-party service; not hosted by Genesys Cloud.



Transport/Port (Application) Destination Description
tcp/443 (HTTPS) Genesys Cloud, Amazon AWS The secure connection from your client (desktop, web, mobile) to the Genesys Cloud Services on the public Internet.

Transport/Port (Application) Destination Description
tcp/5222 (XMPP) Genesys Cloud, Amazon AWS The secure connection from your client (desktop, web, mobile) to the Genesys Cloud Services on the public Internet.



Bridge Server



Transport/Port (Application) Destination Description
tcp/443 (HTTPS) Genesys Cloud, Amazon AWS The secure connection from your premises Bridge Server to the Genesys Cloud Services on the public Internet.

Transport/Port (Application) Destination Description

tcp/389 (LDAP)*

tcp/636 (LDAPS)*

Corporate Active Directory environment The connection from your Bridge server to the corporate Active Directory environment.

* LDAP Ports are only required if your solution uses the Genesys Cloud Bridge Server for Active Directory integration. 



Genesys Cloud Edge


Transport/Port (Application) Destination Description
tcp/443 (HTTPS) Genesys Cloud, Amazon AWS The secure connection from your premise Edge devices (LDM) to the Genesys Cloud Services on the public Internet.

Transport/Port (Application) Destination Description

tls/8063

udp/16384-32768 (SRTP)

Edge devices in the same Edge Group The connection for Edges to communicate with each other. The connection can optionally be secured.

Transport/Port (Application) Destination Description
tcp/5061 Genesys Cloud, Amazon AWS The connection for Edges to connect to the Genesys Cloud services for WebRTC softphones.

Transport/Port (Application) Destination Description

tcp/3478 (STUN)

udp/3478 (STUN)

tcp/19302 (STUN)

udp/19302 (STUN)

Genesys Cloud, Amazon AWS

Google*

Session Traversal Utilities for NAT (STUN) is an egress connection that informs a host of its public IP address used for media-based communications.

* Third-party service; not hosted by Genesys Cloud.

Transport/Port (Application) Destination Description

udp/16384-32768 (SRTP/TURN)

Genesys Cloud Edge devices (premise), Genesys Cloud, and Amazon AWS

The transmission of secured streaming media (audio).

For more information, see Ports and services for WebRTC.

Transport/Port (Application) Destination Description

udp/5060 (SIP)*

tcp/5060 (SIP)*

tcp/5061 (SIPS) [without FENT]*

VoIP phones The connection for VoIP signaling (dialing, ringing, etc. for inbound and outbound calls). The connection can optionally be secured.
vendor specified (SIP)* Telephony SIP Provider (PSTN) † The connection for VoIP signaling (dialing, ringing, etc. for inbound and outbound calls). The connection can optionally be secured.

* Default ranges; ports can be changed in the Genesys Cloud configuration.

† Third-party service; not hosted by Genesys Cloud.

Transport/Port (Application) Destination Description
udp/4000+ (RTP/SRTP)* VoIP phones The transmission of streaming media (audio). The connection can optionally be secured.
vendor specified (RTP/SRTP)* Telephony SIP Provider (PSTN) † The connection for VoIP signaling (dialing, ringing, etc. for inbound and outbound calls). The connection can optionally be secured.

* Default ranges; ports can be changed in the Genesys Cloud configuration.

† Third-party service; not hosted by Genesys Cloud.



Genesys Cloud Voice

Transport/Port (Application) Destination Description
tcp/443 (HTTPS) Polycom ZTP The secure connection an unconfigured Polycom device will make to discover its initial configuration.

† Third-party service; not hosted by Genesys Cloud.

Transport/Port (Application) Destination Description

tcp/80 (HTTP)

tcp/443 (HTTPS)

Genesys Cloud Global Phone Provisioning (AWS) The connection a phone makes for organization level configuration. The connection can optionally be secured.

tcp/80(HTTP)*

tcp/443 (HTTPS)*

Genesys Cloud Edge devices The connection a phone makes for VoIP configuration. The connection can optionally be secured.

* Default ranges; ports can be changed in the Genesys Cloud configuration.

Transport/Port (Application) Destination Description

tcp/8061 (SIPS)*

Genesys Cloud Edge devices The connection for VoIP signaling (dialing, ringing, etc. for inbound and outbound calls). The connection can optionally be secured.

* Default ranges; ports can be changed in the Genesys Cloud configuration.

Transport/Port (Application) Destination Description
udp/16384-32768 (RTP/SRTP) Genesys Cloud Edge devices The transmission of streaming media (audio). The connection can optionally be secured.

Transport/Port (Application) Destination Description
tcp/443 (HTTPS) Genesys Cloud, Amazon AWS The secure connection for VoIP signaling (dialing, ringing, etc. for inbound and outbound calls).

tcp/3478 (STUN)

udp/3478 (STUN)

tcp/19302 (STUN) †

udp/19302 (STUN) †

Genesys Cloud, Amazon AWS

Google*

These ports must be opened for both the client and Edges. These are used for the srflx and relay candidates. If they are closed, calls will have a high rate of failure.

† Optional

* Third-party service; not hosted by Genesys Cloud.

Transport/Port (Application) Destination Description

udp/16384-32768 (SRTP/TURN)

Genesys Cloud Edge devices, Genesys Cloud, Amazon AWS

The transmission of secured streaming media (audio).

For more information, see Ports and services for WebRTC.

BYOC Premises

Transport/Port (Application) Destination Description
tcp/443 (HTTPS) Polycom ZTP The secure connection an unconfigured Polycom device will make to discover its initial configuration.

† Third-party service; not hosted by Genesys Cloud.

Transport/Port (Application) Destination Description

tcp/80 (HTTP)

tcp/443 (HTTPS)

Genesys Cloud Global Phone Provisioning (AWS) The connection a phone makes for organization level configuration. The connection can optionally be secured.

tcp/8088 (HTTP)* [legacy]

tcp/8089 (HTTPS)*[legacy]

tcp/80 (HTTP)*

tcp/443 (HTTPS)*

Genesys Cloud Edge devices The connection a phone makes for VoIP configuration. The connection can optionally be secured.

* Default ranges; ports can be changed in the Genesys Cloud configuration.

Transport/Port (Application) Destination Description

udp/8060 (SIP)*

tcp/8060 (SIP)*

tcp/8061 (SIPS)*

Genesys Cloud Edge devices The connection for VoIP signaling (dialing, ringing, etc. for inbound and outbound calls). The connection can optionally be secured.

* Default ranges; ports can be changed in the Genesys Cloud configuration.

Transport/Port (Application) Destination Description
udp/16384-32768 (RTP/SRTP) Genesys Cloud Edge devices The transmission of streaming media (audio). The connection can optionally be secured.

Transport/Port (Application) Destination Description
tcp/443 (HTTPS) Genesys Cloud, Amazon AWS The secure connection for VoIP signaling (dialing, ringing, etc. for inbound and outbound calls).

tcp/3478 (STUN)

udp/3478 (STUN)

tcp/19302 (STUN) †

udp/19302 (STUN) †

Genesys Cloud, Amazon AWS

Google*

These ports must be opened for both the client and Edges. These are used for the srflx and relay candidates. If they are closed, calls will have a high rate of failure.

† Optional

* Third-party service; not hosted by Genesys Cloud.

Transport/Port (Application) Destination Description

udp/16384-32768 (SRTP/TURN)

Genesys Cloud Edge devices, Genesys Cloud, and Amazon AWS

The transmission of secured streaming media (audio).

For more information, see Ports and services for WebRTC.


Transport/Port (Application) Destination Description

udp/5060*

tcp/5060*

tcp/5061*

Edge devices (LDM/premise) The connection for VoIP signaling (dialing, ringing, and so on for inbound and outbound calls). The connection can optionally be secured.

* Default ranges; ports can be changed in the Genesys Cloud configuration.

Transport/Port (Application) Destination Description
udp/16384-32768 (RTP/SRTP) Edge devices (LDM/premise) The transmission of streaming media (audio). The connection can optionally be secured.


BYOC Cloud


You will need to make sure that your carrier allows traffic from these addresses. 

If you are using a 3rd-party premises-based carrier or PBX device/service, then you need to make sure that connectivity to these addresses is allowed.

Note: Also see the Amazon AWS IP address information in the Domains and IP Addresses section of this article.

us-east-1

Domain DNS SRV and SIP FQDN Server DNS (If SRV not supported)
byoc.mypurecloud.com <customer prefix>.byoc.mypurecloud.com

lb01.byoc.us-east-1.mypurecloud.com

lb02.byoc.us-east-1.mypurecloud.com

lb03.byoc.us-east-1.mypurecloud.com

lb04.byoc.us-east-1.mypurecloud.com

us-west-2

Domain DNS SRV and SIP FQDN Server DNS (If SRV not supported)
pc-voice.pure.cloud <customer prefix>.byoc.usw2.pure.cloud

lb01.pc-voice.usw2.pure.cloud

lb02.pc-voice.usw2.pure.cloud

lb03.pc-voice.usw2.pure.cloud

lb04.pc-voice.usw2.pure.cloud

ca-central-1

Domain DNS SRV and SIP FQDN Server DNS (If SRV not supported)
byoc.cac1.pure.cloud <customer prefix>.byoc.cac1.pure.cloud

lb01.byoc.cac1.pure.cloud

lb02.byoc.cac1.pure.cloud

lb03.byoc.cac1.pure.cloud

lb04.byoc.cac1.pure.cloud

eu-west-1

Domain DNS SRV and SIP FQDN Server DNS (If SRV not supported)
byoc.mypurecloud.ie <customer prefix>.byoc.mypurecloud.ie

lb01.byoc.eu-west-1.mypurecloud.ie

lb02.byoc.eu-west-1.mypurecloud.ie

lb03.byoc.eu-west-1.mypurecloud.ie

lb04.byoc.eu-west-1.mypurecloud.ie

eu-west-2

Domain DNS SRV and SIP FQDN Server DNS (If SRV not supported)
byoc.euw2.pure.cloud <customer prefix>.byoc.euw2.pure.cloud

lb01.byoc.euw2.pure.cloud

lb02.byoc.euw2.pure.cloud

lb03.byoc.euw2.pure.cloud

lb04.byoc.euw2.pure.cloud

eu-central-1

Domain DNS SRV and SIP FQDN Server DNS (If SRV not supported)
byoc.mypurecloud.de <customer prefix>.byoc.mypurecloud.de

lb01.byoc.eu-central-1.mypurecloud.de

lb02.byoc.eu-central-1.mypurecloud.de

lb03.byoc.eu-central-1.mypurecloud.de

lb04.byoc.eu-central-1.mypurecloud.de

ap-northeast-1

Domain DNS SRV and SIP FQDN Server DNS (If SRV not supported)
byoc.mypurecloud.jp <customer prefix>.byoc.mypurecloud.jp

lb01.byoc.ap-northeast-1.mypurecloud.jp

lb02.byoc.ap-northeast-1.mypurecloud.jp

lb03.byoc.ap-northeast-1.mypurecloud.jp

lb04.byoc.ap-northeast-1.mypurecloud.jp

ap-northeast-2

Domain DNS SRV and SIP FQDN Server DNS (If SRV not supported)
byoc.apne2.pure.cloud <customer prefix>.byoc.apne2.pure.cloud

lb01.byoc.apne2.pure.cloud

lb02.byoc.apne2.pure.cloud

lb03.byoc.apne2.pure.cloud

lb04.byoc.apne2.pure.cloud

ap-southeast-2

Domain DNS SRV and SIP FQDN Server DNS (If SRV not supported)
byoc.mypurecloud.au <customer prefix>.byoc.mypurecloud.au

lb01.byoc.ap-southeast-2.mypurecloud.com.au

lb02.byoc.ap-southeast-2.mypurecloud.com.au

lb03.byoc.ap-southeast-2.mypurecloud.com.au

lb04.byoc.ap-southeast-2.mypurecloud.com.au

Transport/Port (Application) Destination Description
tcp/443 (HTTPS) Polycom ZTP The secure connection an unconfigured Polycom device will make to discover its initial configuration.

† Third-party service; not hosted by Genesys Cloud.

Transport/Port (Application) Destination Description

tcp/80 (HTTP)

tcp/443 (HTTPS)

Genesys Cloud Global Phone Provisioning (AWS) The connection a phone makes for organization level configuration. The connection can optionally be secured.

tcp/80(HTTP)*

tcp/443 (HTTPS)*

Genesys Cloud Edge devices The connection a phone makes for VoIP configuration. The connection can optionally be secured.

* Default ranges; ports can be changed in the Genesys Cloud configuration.

Transport/Port (Application) Destination Description

tcp/8061 (SIPS)*

Genesys Cloud Edge devices The connection for VoIP signaling (dialing, ringing, etc. for inbound and outbound calls). The connection can optionally be secured.

* Default ranges; ports can be changed in the Genesys Cloud configuration.

Transport/Port (Application) Destination Description
udp/16384-32768 (RTP/SRTP) Genesys Cloud Edge devices The transmission of streaming media (audio). The connection can optionally be secured.

Transport/Port (Application) Destination Description
tcp/443 (HTTPS) Genesys Cloud, Amazon AWS The secure connection for VoIP signaling (dialing, ringing, etc. for inbound and outbound calls).

tcp/3478 (STUN)

udp/3478 (STUN)

tcp/19302 (STUN) †

udp/19302 (STUN) †

Genesys Cloud, Amazon AWS

Google*

These ports must be opened for both the client and Edges. These are used for the srflx and relay candidates. If they are closed, calls will have a high rate of failure.

† Optional

* Third-party service; not hosted by Genesys Cloud.

Transport/Port (Application) Destination Description

udp/16384-32768 (SRTP/TURN)

Genesys Cloud Edge devices, Genesys Cloud, Amazon AWS

The transmission of secured streaming media (audio).

For more information, see Ports and services for WebRTC.

Note: Firewall settings for BYOC Cloud will be provided by your carrier.

Domains and IP Addresses

Those domains in this list that specifically apply to your network configuration should be added to your allowlist or approved for authorized access. For more information, see the appropriate Description section in this table.

Owner Domain Region Description
Genesys Cloud 

 

*.mypurecloud.com

*.usw2.pure.cloud

*.cac1.pure.cloud

North America

United States

 

Canada

Provides the Genesys Cloud interface for users and admins; domains are region-specific and each Genesys Cloud organization exists within only one region. Entities with multiple organizations may be deployed in various regions.

 

*.mypurecloud.com.au

*.mypurecloud.jp

*.apne2.pure.cloud

Asia Pacific

Sydney

Tokyo

Seoul

 

*.mypurecloud.ie

*.mypurecloud.de

*.euw2.pure.cloud

EMEA

Ireland

Frankfort

London

*.ininpcv.com North America Provides voice and configuration services for Genesys Cloud Voice phones. (Genesys Cloud Voice customers only). This domain is legacy and not used for new customers.
help.mypurecloud.com All

Provides access to the Genesys Cloud  Resource Center for product documentation.

Optional

announcement.
mypurecloud.com

All

Provides access to in-app announcements about new features.

Optional

sdk-cdn.mypurecloud.com

All

Provides access to the Developer Center for software development kits.

Optional

appfoundry.genesys.com

All

Provides access to the AppFoundry for application and integration solutions.

Optional

Amazon AWS *.cloudfront.net All Provides static content for Genesys Cloud applications.

*.s3.amazonaws.com

*.s3-{region}.amazonaws.com

where {region} is the domain for your particular region.

All Provides S3 download links.
Google *.googleapis.com All Provides cascading style sheet (CSS) and font information.
*.gstatic.com All Provides static content, mainly images.
*.l.google.com All Provides STUN services for Edge devices, VoIP phones, WebRTC softphones, and Collaborate multimedia.
dns.google All The Edge tests for internet connectivity by pinging 8.8.8.8. (This is the IP address of dns.google.)
New Relic *.js-agent.newrelic.com All Requests made by client-side New Relic analytics browser applications.
*.bam.nr-data.net All Requests made by client-side New Relic analytics browser applications.
National Institute of Standards and Technology (NIST)

time.nist.gov

All (The global address time.nist.gov is resolved to all of the appropriate server addresses.) The NIST servers listen for an NTP request on port 123, and respond by sending a udp/ip data packet in the NTP format. The data packet includes a 64-bit timestamp.
Polycom *.ztp.polycom.com All Provides zero-touch phone provisioning for Polycom VoIP phones.

† Third-party service; not hosted by Genesys Cloud.

‡ These domains are optional. Having access to these domains may help customers access documentation, announcements, software development kits, or AppFoundry solutions but they aren’t required. You can block these domains without affecting the overall functioning of Genesys Cloud.

An asterisk (*) prefix indicates that services may exist in one or more subdomains of the defined domain.

Genesys Cloud is deployed in a public cloud environment where IP addresses are expected to change. The IP addresses used by Genesys Cloud are provided by our vendor from their public IP pool, which contains many IP addresses used by many other organizations. All client connections (including BYOC Premises Edges, WebRTC Clients, and hard phones for BYOC Cloud and PCV customers) to Genesys Cloud are initiated as outbound connections to Genesys Cloud cloud services. When network access restrictions are used, such as a firewall, Genesys Cloud recommends allowing client outbound access on the specified ports to any IP destination.

For more information on IP addresses and ports, see the following FAQs:

Genesys Cloud also uses certain IP addresses for outbound data action traffic and outbound SMTP traffic to customer endpoints. You can add these IP addresses to your allowlist to prevent unauthorized access to your API resources. To retrieve a list of these IP addresses, call GET /api/v2/ipranges.

Note: Whenever possible, Genesys will announce changes to the list of IP addresses for outbound data action traffic and SMTP traffic under Features coming soon for the Platform.

The table below lists each vendor and, where available, provides a list of potential IP addresses its services use.

Note: Vendors may update the lists at any time without notice.

Owner Services IP addresses Description
Amazon AWS Genesys Cloud
Amazon AWS (CloudFront, S3, and others)
https://ip-ranges.amazonaws.com/ip-ranges.json

Amazon AWS utilizes a large set of IP address ranges. Services deployed in AWS can use any of these addresses, and addresses are subject to change frequently. Amazon provides and maintains a list of available IP addresses, which is subject to change. 

To ensure that you are aware of the most recent changes in the Amazon AWS IP address JSON file, Genesys recommends that customers subscribe to AWS IP address range notifications. For more information on the JSON file and the notification system, see AWS IP address ranges.

You can limit the range of IP addresses from AWS that you place in your allowlist by limiting the AWS range to only the regional subsets that correspond to your deployed Genesys Cloud region.

Google Google does not provide a list of potential IP addresses its services use.
New Relic NewRelic provides IP and domain details here: https://docs.newrelic.com/docs/apm/new-relic-apm/getting-started/networks
Polycom Polycom does not provide a list of potential IP addresses its services use.

Note: Genesys Cloud does not own any of the IP addresses it uses, rather all addresses come from third-party service provider IP pools. The availability of potential IP address lists depends on each provider providing those IP addresses. IP lists that are provided do not only list IP in use by Genesys Cloud, but will include IP addresses used by other non-Genesys Cloud services.

Genesys Cloud strongly recommends that the Edges sit behind a NAT that follows the Internet best current practice for UDP as defined in RFC4787. Genesys Cloud requires the NAT to provide “endpoint-independent mapping” behavior. If both peers of a WebRTC media session sit behind NATs that do not provide endpoint-independent mapping behavior, the media traffic often requires a relay through a TURN server. Relay through a TURN server results in increased latency and impairs the WebRTC user experience.

Revision history


Date

Revision

November 4, 2020

Fixed a typo in the Amazon AWS row of the Domains table in the Domains and IP Addresses section. Domain was incorrectly entered as *.s3.{region}.amazonaws.com when it should be *.s3-{region}.amazonaws.com. Replaced the “.” after s3 with a “-” to correctly identify the domain.

August 12, 2020

Added information about retrieving IP addresses for outbound SMTP traffic to the Domains and IP Addresses > IP addresses section.

August 5, 2020

Replaced non-inclusive terms/terminology.

Added information about limiting the range of IP addresses from AWS using an allowlist to the Amazon AWS Description column in the Domains and IP Addresses > IP addresses section.

July 8, 2020

Changed the port requirement from tcp/5060-5061 to tcp/5061 in the table that appears in the Genesys Cloud Edge > Edge Devices > WebRTC > WebRTC Cloud Services section.

June 24, 2020

To provide more detailed information on the reasons for allowing access to so many IP addresses and ports on the firewall, added links to pertinent FAQs in the Domains and IP Addresses > IP addresses section.

Added information and links pertaining to Amazon’s IP address JSON file and AWS IP address ranges notification system to the vendor table in the Domains and IP Addresses > IP addresses section.

June 3, 2020

 

Added details about the new AWS regions (Canada, London, and Seoul) to the Domains table in the Domains and IP Addresses section

Added details about the new AWS regions (Canada, London, and Seoul) to the Premises-based device/service table in the BYOC Cloud section. 

May 15, 2020

Added the following domains to the Domains table in the Domains and IP Addresses section:

  • help.mypurecloud.com
  • announcement.mypurecloud.com
  • sdk-cdn.mypurecloud.com
  • appfoundry.genesys.com

These domains are not new, but haven’t been previously listed in the Domains table. These domains are optional. Having access to these domains may help customers access documentation, announcements, software development kits, or AppFoundry solutions but they aren’t required. You can block these domains without affecting the overall functioning of Genesys Cloud.

April 7, 2020

Under the Genesys Cloud Edge section (Genesys Cloud Edge > Edge devices > WebRTC > WebRTC Station Trunk) the following transport/ports were incorrectly identified as being optional:

  • tcp/19302 (STUN)
  • udp/19302 (STUN)

It is NOT optional for Edges using WebRTC to use tcp/udp 19302 to access Google’s STUN servers to get external IP addresses

It IS optional for WebRTC clients to use tcp/udp 19302 to access Google’s STUN servers to get external IP addresses.

March 18, 2020

Added dns.google to the Domains and IP Addresses > Domains table 

February 20, 2020

Added udp/16384-32768 (SRTP) to the Genesys Cloud Edge > Edge devices > Intra-Edge Group Communications table.

February 3, 2020

Added the VoIP Phones and WebRTC Phones (browser or desktop app) sections to the BYOC Cloud section. (These two sections previously only existed in the Genesys Cloud Voice and BYOC Premises sections. This update consisted strictly of copying those sections – no changes were made to the content.)

October 16, 2019

Added information about retrieving IP addresses for outbound data action traffic to the Domains and IP Addresses > IP addresses section.

April 26, 2019

Identified the WebRTC STUN ports as optional for WebRTC clients:

  • tcp/19302 (STUN)
  • udp/19302 (STUN)

March 22, 2019

Removed reference to Google Analytics from the Domains and IP Addresses section.. Genesys Cloud no longer uses Google Analytics.

February 27, 2019

Starting May 31, 2019, Genesys Cloud’s TURN servers will stop allowing connections outside of the 16834–32768 port range. For more information, see Deprecation: TURN port range.

November 21, 2018

Removed Pendo references from the Domains and IP Addresses section. Genesys Cloud no longer supports Pendo.

October 31, 2018

Added links to the Ports and services for WebRTC article to the following sections:

Genesys Cloud Edge>Edge Devices>WebRTC

Genesys Cloud Voice>WebRTC Phones

BYOC Premises>WebRTC Phones

August 24, 2018

Added region directive to the Domains and IP Addresses>Domains section in the Amazon AWS row to specify that regional domain names are now needed to provide the S3 download links. 

*.s3.{region}.amazonaws.com

where {region} is the domain for your particular region.

July 12, 2018

Added *.mypurecloud.de to the Domains and IP Addresses>Domains section to reflect that we have a new region in Europe: eu-central-1.

June 26, 2018

Reworded the Description of *.cloudfront.net under the Domains and IP Addresses>Domains section to indicate that this domain covers a host of Genesys Cloud applications. For example, in addition to the Genesys Cloud user interface, it covers client integrations, such as Genesys Cloud for Salesforce, and plugins, such as co-browse.

June 25, 2018

Added Transport/Port/Application information to the Genesys Cloud Voice>WebRTC Phones>WebRTC Signaling and
BYOC Premises>WebRTC Phones>WebRTC Signaling sections. (This information was already in the article under the Genesys Cloud Edge>Edge devices>WebRTC>WebRTC Station Trunk section.)

April 2, 2018

Reorganized the layout of the article using new headings and expandable sections containing information broken out in tabs to make is easier to find the configuration details required for particular configuration. The reorganization also allowed the incorporation of new content from the addition of BYOC. See About BYOC.

January 8, 2018

Added Co-browse to the table in the Chat and Video section.

May 30, 2017

In the Destination column, changed Genesys Cloud (AWS) to Genesys Cloud, Amazon AWS to illustrate we connect to Genesys Cloud and Amazon AWS owned domains and Amazon AWS owned IP addresses.

May 3, 2017

Added firewall firewalls firewall firewalls firewall port port port for search results

March 9, 2017

Added NIST server address info to Core Services and Domain and IP Addresses sections.

January 31, 2017

Complete redo of page based on feedback from development.

December 21, 2016

Deleted tables that listed the exact IP addresses.

December 16, 2016

The port for Network Time Protocol (NTP) changed to time.nist.gov.

December 19, 2016

Edge group communication port 8062 and 8063 added to Telephony table.

November 30, 2016

Added note to Domains and IP Addresses section.

November 21, 2016

Added ztp.polycom.com to Domains and IP addresses table.

November 17, 2016

Added specific IP addresses to WebRTC services table.

November 16, 2016

Added specific IP addresses to Collaboration services table.

November 15, 2016

Added Note about ports open for both Edge and agent networks to WebRTC table.

Added WebSocket info to Collaboration services table.

November 10, 2016

Added Specific IP addresses used by Telephony services table to Telephony services section.

October 31, 2016

Added New Relics info to Domains and IP addresses table

October 25, 2016

Added port 123 for NTP server to the Telephony services table

October 24, 2016

Added IP address 8.8.8.8 to Domains and IP addresses table

October 20, 2016

Added DNS port 53 to multiple tables

October 19, 2016

Added Revision history table