IP addresses for the firewall allowlist

Genesys Cloud is deployed in a public cloud environment where IP addresses are expected to change. The IP addresses used by Genesys Cloud are provided by our vendor from their public IP pool, which contains many IP addresses used by many other organizations. All client connections (including BYOC Premises Edges, WebRTC Clients, and hard phones for BYOC Cloud and PCV customers) to Genesys Cloud are initiated as outbound connections to Genesys Cloud cloud services. When network access restrictions are used, such as a firewall, Genesys Cloud recommends allowing client outbound access on the specified ports to any IP destination.

For more information on IP addresses and ports, see the following FAQs:

Genesys Cloud also uses certain IP addresses for outbound data action traffic and outbound SMTP traffic to customer endpoints. You can add these IP addresses to your allowlist to prevent unauthorized access to your API resources. To retrieve a list of these IP addresses, call GET /api/v2/ipranges.

Note: Whenever possible, Genesys will announce changes to the list of IP addresses for outbound data action traffic and SMTP traffic under Features coming soon for the Platform.

The table below lists each vendor and, where available, provides a list of potential IP addresses its services use. For more information on other ports and services for your firewall, see About ports and services for your firewall

Note: Vendors may update the lists at any time without notice.
Owner Services IP addresses Description
Amazon AWS Genesys Cloud
Amazon AWS (CloudFront, S3, and others)

See the Amazon AWS IP address JSON file.

Amazon AWS utilizes a large set of IP address ranges.

Amazon AWS utilizes a large set of IP address ranges. Services deployed in AWS can use any of these addresses, and addresses are subject to change frequently. Amazon provides and maintains a list of available IP addresses, which is subject to change. 

To ensure that you are aware of the most recent changes in the Amazon AWS IP address JSON file, Genesys recommends that customers subscribe to AWS IP address range notifications. For more information on the JSON file and the notification system, see AWS IP address ranges.

You can limit the range of IP addresses from AWS that you place in your allowlist by limiting the AWS range to only the regional subsets that correspond to your deployed Genesys Cloud region.

Genesys Cloud Media
  • WebRTC stations
  • Polycom stations with Genesys Cloud Voice or BYOC Cloud.
  • BYOC Cloud
  • ACD screen recording
  • Video chat

52.129.96.0/20

Genesys-owned /20 CIDR IP address range for public facing media services.

Genesys Cloud uses the CIDR IP address range in all regions except for Asia Pacific (Seoul). For more information, see Cloud media services CIDR IP address range.

Google Google publishes a complete list of the IP ranges that it makes available to users in goog.json.
New Relic See the NewRelic IP and domain details.
Polycom Polycom does not provide a list of potential IP addresses its services use.

Note: Although Genesys Cloud owns the /20 CIDR IP address range for public facing media services, Genesys Cloud does not own any of the other IP addresses it uses. These other IP addresses come from third-party service provider IP pools. The availability of potential IP address lists depends on each provider providing those IP addresses. IP lists that are provided do not only list IP in use by Genesys Cloud, but will include IP addresses used by other non-Genesys Cloud services.

Date Revision
June 30, 2021 Google now publishes their IP ranges – added a link to the JSON file that contains Google’s complete list of IP ranges.
April 7, 2021 Added a new row for the Genesys Cloud Media services 20 CIDR IP address range.
December 14, 2020 Broke out the main sections of the larger Ports and services for your firewall article into smaller articles. Created this article to cover the IP addresses for the firewall allowlist.