IP addresses for the firewall allowlist
Genesys Cloud is deployed in a public cloud environment where IP addresses are expected to change. The IP addresses used by Genesys Cloud are provided by our vendor from their public IP pool, which contains many IP addresses used by many other organizations. All client connections (including BYOC Premises Edges, WebRTC Clients, and hard phones for BYOC Cloud and PCV customers) to Genesys Cloud are initiated as outbound connections to Genesys Cloud cloud services. When network access restrictions are used, such as a firewall, Genesys Cloud recommends allowing client outbound access on the specified ports to any IP destination.
For more information on IP addresses and ports, see the following FAQs:
- Why do we need to allow so many Amazon/AWS IP addresses?
- Why does Genesys Cloud require that I have so many open ports on my firewall?
Genesys Cloud also uses certain IP addresses for outbound data action traffic,outbound Open Messaging traffic, and outbound SMTP traffic to customer endpoints. You can add these IP addresses to your allowlist to prevent unauthorized access to your API resources. To retrieve a list of these IP addresses, call GET /api/v2/ipranges.
The table below lists each vendor and, where available, provides a list of potential IP addresses its services use. For more information on other ports and services for your firewall, see About ports and services for your firewall.
|Amazon AWS||Genesys Cloud
Amazon AWS (CloudFront, S3, and others)
See the Amazon AWS IP address JSON file.
Amazon AWS utilizes a large set of IP address ranges.
Amazon AWS utilizes a large set of IP address ranges. Services deployed in AWS can use any of these addresses, and addresses are subject to change frequently. Amazon provides and maintains a list of available IP addresses, which is subject to change.
To ensure that you are aware of the most recent changes in the Amazon AWS IP address JSON file, Genesys recommends that customers subscribe to AWS IP address range notifications. For more information on the JSON file and the notification system, see AWS IP address ranges.
You can limit the range of IP addresses from AWS that you place in your allowlist by limiting the AWS range to only the regional subsets that correspond to your deployed Genesys Cloud region.
|Genesys Cloud Media||
Genesys-owned /20 CIDR IP address range for public facing media services.
Genesys Cloud uses the CIDR IP address range in all regions except for Asia Pacific (Seoul). For more information, see Cloud media services CIDR IP address range.
|Google publishes a complete list of the IP ranges that it makes available to users in goog.json.|
|New Relic||See the NewRelic IP and domain details.|
|Polycom||Polycom does not provide a list of potential IP addresses its services use.|
Note: Although Genesys Cloud owns the /20 CIDR IP address range for public facing media services, Genesys Cloud does not own any of the other IP addresses it uses. These other IP addresses come from third-party service provider IP pools. The availability of potential IP address lists depends on each provider providing those IP addresses. IP lists that are provided do not only list IP in use by Genesys Cloud, but will include IP addresses used by other non-Genesys Cloud services.
|June 30, 2021||Google now publishes their IP ranges – added a link to the JSON file that contains Google’s complete list of IP ranges.|
|April 7, 2021||Added a new row for the Genesys Cloud Media services 20 CIDR IP address range.|
|December 14, 2020||Broke out the main sections of the larger Ports and services for your firewall article into smaller articles. Created this article to cover the IP addresses for the firewall allowlist.|