About ports and services for your firewall
The Effective date indicates the last time the content in any of the articles listed on this page was updated. For details, see the Revision history at the bottom of this page.
On this page you’ll find detailed information on the ports and services that you’ll need to configure on your company firewall to effectively use Genesys Cloud.
General
General information related to the firewall ports and services topic. Be sure to check out the FAQs for all sorts of useful information.
Common
Firewall configuration information that applies to all of the telephony connection options.
Genesys Cloud Voice
Firewall configuration details for the Genesys Cloud Voice telephony connection option. Genesys Cloud Voice is a 100% cloud-based solution that uses Genesys Telecom for phone service.
BYOC Cloud
Firewall configuration details for the BYOC Cloud telephony connection option. BYOC Cloud is a 100% cloud-based solution where customers terminate SIP trunks from either a Cloud carrier or on premise carrier equipment into Genesys Cloud Media Tier resources in AWS.
BYOC Premises
Firewall configuration details for the BYOC Premises telephony connection option. Using BYOC Premises customers terminate SIP trunks into on premise Genesys Cloud Edge devices.
Domains and IP Addresses
Information on specific domains and IP addresses that must be allowed to pass through your firewall.
Date |
Revision |
---|---|
December 30, 2020 |
In November we changed the Amazon S3 domain name format from *.s3.{region} to *.s3-{region}. We have since discovered that both formats are valid and that some services reference it with a “-“and others with a “.” after the s3. In an effort to be complete, we have decided to list both formats in the Domains for the firewall allowlist article. |
December 16, 2020 |
Converted the Ports and services to configure on your company firewall article into a landing page titled About ports and services for your firewall. The content from each section in the previous format is now represented by an individual article.
|
November 4, 2020 |
Fixed a typo in the Amazon AWS row of the Domains table in the Domains and IP Addresses section. Domain was incorrectly entered as *.s3.{region}.amazonaws.com when it should be *.s3-{region}.amazonaws.com. Replaced the “.” after s3 with a “-” to correctly identify the domain. |
August 12, 2020 |
Added information about retrieving IP addresses for outbound SMTP traffic to the Domains and IP Addresses > IP addresses section. |
August 5, 2020 |
Replaced non-inclusive terms/terminology. Added information about limiting the range of IP addresses from AWS using an allowlist to the Amazon AWS Description column in the Domains and IP Addresses > IP addresses section. |
July 8, 2020 |
Changed the port requirement from tcp/5060-5061 to tcp/5061 in the table that appears in the Genesys Cloud Edge > Edge Devices > WebRTC > WebRTC Cloud Services section. |
June 24, 2020 |
To provide more detailed information on the reasons for allowing access to so many IP addresses and ports on the firewall, added links to pertinent FAQs in the Domains and IP Addresses > IP addresses section. Added information and links pertaining to Amazon’s IP address JSON file and AWS IP address ranges notification system to the vendor table in the Domains and IP Addresses > IP addresses section. |
June 3, 2020
|
Added details about the new AWS regions (Canada, London, and Seoul) to the Domains table in the Domains and IP Addresses section Added details about the new AWS regions (Canada, London, and Seoul) to the Premises-based device/service table in the BYOC Cloud section. |
May 15, 2020 |
Added the following domains to the Domains table in the Domains and IP Addresses section:
These domains are not new, but haven’t been previously listed in the Domains table. These domains are optional. Having access to these domains may help customers access documentation, announcements, software development kits, or AppFoundry solutions but they aren’t required. You can block these domains without affecting the overall functioning of Genesys Cloud. |
April 7, 2020 |
Under the Genesys Cloud Edge section (Genesys Cloud Edge > Edge devices > WebRTC > WebRTC Station Trunk) the following transport/ports were incorrectly identified as being optional:
It is NOT optional for Edges using WebRTC to use tcp/udp 19302 to access Google’s STUN servers to get external IP addresses It IS optional for WebRTC clients to use tcp/udp 19302 to access Google’s STUN servers to get external IP addresses. |
March 18, 2020 |
Added dns.google to the Domains and IP Addresses > Domains table |
February 20, 2020 |
Added udp/16384-32768 (SRTP) to the Genesys Cloud Edge > Edge devices > Intra-Edge Group Communications table. |
February 3, 2020 |
Added the VoIP Phones and WebRTC Phones (browser or desktop app) sections to the BYOC Cloud section. (These two sections previously only existed in the Genesys Cloud Voice and BYOC Premises sections. This update consisted strictly of copying those sections – no changes were made to the content.) |
October 16, 2019 |
Added information about retrieving IP addresses for outbound data action traffic to the Domains and IP Addresses > IP addresses section. |
April 26, 2019 |
Identified the WebRTC STUN ports as optional for WebRTC clients:
|
March 22, 2019 |
Removed reference to Google Analytics from the Domains and IP Addresses section.. Genesys Cloud no longer uses Google Analytics. |
February 27, 2019 |
Starting May 31, 2019, Genesys Cloud’s TURN servers will stop allowing connections outside of the 16834–32768 port range. For more information, see Deprecation: TURN port range. |
November 21, 2018 |
Removed Pendo references from the Domains and IP Addresses section. Genesys Cloud no longer supports Pendo. |
October 31, 2018 |
Added links to the Ports and services for WebRTC article to the following sections: Genesys Cloud Edge>Edge Devices>WebRTC Genesys Cloud Voice>WebRTC Phones BYOC Premises>WebRTC Phones |
August 24, 2018 |
Added region directive to the Domains and IP Addresses>Domains section in the Amazon AWS row to specify that regional domain names are now needed to provide the S3 download links. *.s3.{region}.amazonaws.com where {region} is the domain for your particular region. |
July 12, 2018 |
Added *.mypurecloud.de to the Domains and IP Addresses>Domains section to reflect that we have a new region in Europe: eu-central-1. |
June 26, 2018 |
Reworded the Description of *.cloudfront.net under the Domains and IP Addresses>Domains section to indicate that this domain covers a host of Genesys Cloud applications. For example, in addition to the Genesys Cloud user interface, it covers client integrations, such as Genesys Cloud for Salesforce, and plugins, such as co-browse. |
June 25, 2018 |
Added Transport/Port/Application information to the Genesys Cloud Voice>WebRTC Phones>WebRTC Signaling and |
April 2, 2018 |
Reorganized the layout of the article using new headings and expandable sections containing information broken out in tabs to make is easier to find the configuration details required for particular configuration. The reorganization also allowed the incorporation of new content from the addition of BYOC. See About BYOC. |
January 8, 2018 |
Added Co-browse to the table in the Chat and Video section. |
May 30, 2017 |
In the Destination column, changed Genesys Cloud (AWS) to Genesys Cloud, Amazon AWS to illustrate we connect to Genesys Cloud and Amazon AWS owned domains and Amazon AWS owned IP addresses. |
May 3, 2017 |
Added firewall firewalls firewall firewalls firewall port port port for search results |
March 9, 2017 |
Added NIST server address info to Core Services and Domain and IP Addresses sections. |
January 31, 2017 |
Complete redo of page based on feedback from development. |
December 21, 2016 |
Deleted tables that listed the exact IP addresses. |
December 16, 2016 |
The port for Network Time Protocol (NTP) changed to time.nist.gov. |
December 19, 2016 |
Edge group communication port 8062 and 8063 added to Telephony table. |
November 30, 2016 |
Added note to Domains and IP Addresses section. |
November 21, 2016 |
Added ztp.polycom.com to Domains and IP addresses table. |
November 17, 2016 |
Added specific IP addresses to WebRTC services table. |
November 16, 2016 |
Added specific IP addresses to Collaboration services table. |
November 15, 2016 |
Added Note about ports open for both Edge and agent networks to WebRTC table. Added WebSocket info to Collaboration services table. |
November 10, 2016 |
Added Specific IP addresses used by Telephony services table to Telephony services section. |
October 31, 2016 |
Added New Relics info to Domains and IP addresses table |
October 25, 2016 |
Added port 123 for NTP server to the Telephony services table |
October 24, 2016 |
Added IP address 8.8.8.8 to Domains and IP addresses table |
October 20, 2016 |
Added DNS port 53 to multiple tables |
October 19, 2016 |
Added Revision history table |