About ports and services for your firewall


Effective date: December 30, 2020

The Effective date indicates the last time the content in any of the articles listed on this page was updated. For details, see the Revision history at the bottom of this page.

On this page you’ll find detailed information on the ports and services that you’ll need to configure on your company firewall to effectively use Genesys Cloud.


General

General information related to the firewall ports and services topic. Be sure to check out the FAQs for all sorts of useful information.


Common

Firewall configuration information that applies to all of the telephony connection options.


Genesys Cloud Voice

Firewall configuration details for the Genesys Cloud Voice telephony connection option. Genesys Cloud Voice is a 100% cloud-based solution that uses Genesys Telecom for phone service.


BYOC Cloud

Firewall configuration details for the BYOC Cloud telephony connection option. BYOC Cloud is a 100% cloud-based solution where customers terminate SIP trunks from either a Cloud carrier or on premise carrier equipment into Genesys Cloud Media Tier resources in AWS.


BYOC Premises

Firewall configuration details for the BYOC Premises telephony connection option. Using BYOC Premises customers terminate SIP trunks into on premise Genesys Cloud Edge devices.


Domains and IP Addresses

Information on specific domains and IP addresses that must be allowed to pass through your firewall.



Date

Revision

December 30, 2020

In November we changed the Amazon S3 domain name format from *.s3.{region} to *.s3-{region}. We have since discovered that both formats are valid and that some services reference it with a “-“and others with a “.” after the s3. In an effort to be complete, we have decided to list both formats in the Domains for the firewall allowlist article.

December 16, 2020

Converted the Ports and services to configure on your company firewall article into a landing page titled About ports and services for your firewall. The content from each section in the previous format is now represented by an individual article.

  • Breaking the content out into separate articles provides a more efficient way to modify and expand the content.
  • Having a landing page with individual articles gives the content more exposure and enhances search results.
  •  The landing page format provide a centralized location to present other related articles.
November 4, 2020

Fixed a typo in the Amazon AWS row of the Domains table in the Domains and IP Addresses section. Domain was incorrectly entered as *.s3.{region}.amazonaws.com when it should be *.s3-{region}.amazonaws.com. Replaced the “.” after s3 with a “-” to correctly identify the domain.

August 12, 2020

Added information about retrieving IP addresses for outbound SMTP traffic to the Domains and IP Addresses > IP addresses section.

August 5, 2020

Replaced non-inclusive terms/terminology.

Added information about limiting the range of IP addresses from AWS using an allowlist to the Amazon AWS Description column in the Domains and IP Addresses > IP addresses section.

July 8, 2020

Changed the port requirement from tcp/5060-5061 to tcp/5061 in the table that appears in the Genesys Cloud Edge > Edge Devices > WebRTC > WebRTC Cloud Services section.

June 24, 2020

To provide more detailed information on the reasons for allowing access to so many IP addresses and ports on the firewall, added links to pertinent FAQs in the Domains and IP Addresses > IP addresses section.

Added information and links pertaining to Amazon’s IP address JSON file and AWS IP address ranges notification system to the vendor table in the Domains and IP Addresses > IP addresses section.

June 3, 2020

 

Added details about the new AWS regions (Canada, London, and Seoul) to the Domains table in the Domains and IP Addresses section

Added details about the new AWS regions (Canada, London, and Seoul) to the Premises-based device/service table in the BYOC Cloud section. 

May 15, 2020

Added the following domains to the Domains table in the Domains and IP Addresses section:

  • help.mypurecloud.com
  • announcement.mypurecloud.com
  • sdk-cdn.mypurecloud.com
  • appfoundry.genesys.com

These domains are not new, but haven’t been previously listed in the Domains table. These domains are optional. Having access to these domains may help customers access documentation, announcements, software development kits, or AppFoundry solutions but they aren’t required. You can block these domains without affecting the overall functioning of Genesys Cloud.

April 7, 2020

Under the Genesys Cloud Edge section (Genesys Cloud Edge > Edge devices > WebRTC > WebRTC Station Trunk) the following transport/ports were incorrectly identified as being optional:

  • tcp/19302 (STUN)
  • udp/19302 (STUN)

It is NOT optional for Edges using WebRTC to use tcp/udp 19302 to access Google’s STUN servers to get external IP addresses

It IS optional for WebRTC clients to use tcp/udp 19302 to access Google’s STUN servers to get external IP addresses.

March 18, 2020

Added dns.google to the Domains and IP Addresses > Domains table 

February 20, 2020

Added udp/16384-32768 (SRTP) to the Genesys Cloud Edge > Edge devices > Intra-Edge Group Communications table.

February 3, 2020

Added the VoIP Phones and WebRTC Phones (browser or desktop app) sections to the BYOC Cloud section. (These two sections previously only existed in the Genesys Cloud Voice and BYOC Premises sections. This update consisted strictly of copying those sections – no changes were made to the content.)

October 16, 2019

Added information about retrieving IP addresses for outbound data action traffic to the Domains and IP Addresses > IP addresses section.

April 26, 2019

Identified the WebRTC STUN ports as optional for WebRTC clients:

  • tcp/19302 (STUN)
  • udp/19302 (STUN)

March 22, 2019

Removed reference to Google Analytics from the Domains and IP Addresses section.. Genesys Cloud no longer uses Google Analytics.

February 27, 2019

Starting May 31, 2019, Genesys Cloud’s TURN servers will stop allowing connections outside of the 16834–32768 port range. For more information, see Deprecation: TURN port range.

November 21, 2018

Removed Pendo references from the Domains and IP Addresses section. Genesys Cloud no longer supports Pendo.

October 31, 2018

Added links to the Ports and services for WebRTC article to the following sections:

Genesys Cloud Edge>Edge Devices>WebRTC

Genesys Cloud Voice>WebRTC Phones

BYOC Premises>WebRTC Phones

August 24, 2018

Added region directive to the Domains and IP Addresses>Domains section in the Amazon AWS row to specify that regional domain names are now needed to provide the S3 download links. 

*.s3.{region}.amazonaws.com

where {region} is the domain for your particular region.

July 12, 2018

Added *.mypurecloud.de to the Domains and IP Addresses>Domains section to reflect that we have a new region in Europe: eu-central-1.

June 26, 2018

Reworded the Description of *.cloudfront.net under the Domains and IP Addresses>Domains section to indicate that this domain covers a host of Genesys Cloud applications. For example, in addition to the Genesys Cloud user interface, it covers client integrations, such as Genesys Cloud for Salesforce, and plugins, such as co-browse.

June 25, 2018

Added Transport/Port/Application information to the Genesys Cloud Voice>WebRTC Phones>WebRTC Signaling and
BYOC Premises>WebRTC Phones>WebRTC Signaling sections. (This information was already in the article under the Genesys Cloud Edge>Edge devices>WebRTC>WebRTC Station Trunk section.)

April 2, 2018

Reorganized the layout of the article using new headings and expandable sections containing information broken out in tabs to make is easier to find the configuration details required for particular configuration. The reorganization also allowed the incorporation of new content from the addition of BYOC. See About BYOC.

January 8, 2018

Added Co-browse to the table in the Chat and Video section.

May 30, 2017

In the Destination column, changed Genesys Cloud (AWS) to Genesys Cloud, Amazon AWS to illustrate we connect to Genesys Cloud and Amazon AWS owned domains and Amazon AWS owned IP addresses.

May 3, 2017

Added firewall firewalls firewall firewalls firewall port port port for search results

March 9, 2017

Added NIST server address info to Core Services and Domain and IP Addresses sections.

January 31, 2017

Complete redo of page based on feedback from development.

December 21, 2016

Deleted tables that listed the exact IP addresses.

December 16, 2016

The port for Network Time Protocol (NTP) changed to time.nist.gov.

December 19, 2016

Edge group communication port 8062 and 8063 added to Telephony table.

November 30, 2016

Added note to Domains and IP Addresses section.

November 21, 2016

Added ztp.polycom.com to Domains and IP addresses table.

November 17, 2016

Added specific IP addresses to WebRTC services table.

November 16, 2016

Added specific IP addresses to Collaboration services table.

November 15, 2016

Added Note about ports open for both Edge and agent networks to WebRTC table.

Added WebSocket info to Collaboration services table.

November 10, 2016

Added Specific IP addresses used by Telephony services table to Telephony services section.

October 31, 2016

Added New Relics info to Domains and IP addresses table

October 25, 2016

Added port 123 for NTP server to the Telephony services table

October 24, 2016

Added IP address 8.8.8.8 to Domains and IP addresses table

October 20, 2016

Added DNS port 53 to multiple tables

October 19, 2016

Added Revision history table