Ports and services for Edge devices under BYOC Premises

IMMEDIATE ACTION REQUIRED: To ensure the business continuity of your Genesys Cloud organization, read the entire 2024 Genesys CIDR expansion and firewall requirements notification article and then run all applicable tests to confirm your organization’s readiness for the new CIDR IP address range and the RTP port expansion.

 

This reference article lists the ports required for access to specific services for Edge devices under BYOC Premises. For more information on other ports and services you may need to configure on your firewall, see About ports and services for your firewall

Services Transport/Port (Application) Destination Description
Cloud tcp/443 (HTTPS/WSS) Genesys Cloud, Amazon AWS The secure connection from your premise Edge devices to the Genesys Cloud Services on the public Internet.
Intra-Edge Group Communications

tls/8063

udp/16384-32768 (SRTP)

BYOC Premises Edge devices in the same Edge Group The connection for Edges to communicate with each other. 
WebRTC Cloud tcp/5061 Genesys Cloud, Amazon AWS The connection for Edges to connect to the Genesys Cloud services for WebRTC phones.
WebRTC Station Trunk

tcp/3478 (STUN)

udp/3478 (STUN)

tcp/19302 (STUN)

udp/19302 (STUN)

Genesys Cloud, Amazon AWS

Google*

Session Traversal Utilities for NAT (STUN) is an egress connection that informs a host of its public IP address used for media-based communications.
WebRTC Media udp/16384-32768 (SRTP/TURN) BYOC Premises Edge devices  Genesys Cloud, Amazon AWS, and WebRTC Client. The transmission of secured streaming media (audio).
Signaling

udp/5060 (SIP)**

tcp/5060 (SIP)**

tcp/5061 (SIPS) [without FENT]**

VoIP phones

BYOC Premises Edge device

The connection for VoIP signaling (dialing, ringing, etc. for inbound and outbound calls). The connection can optionally be secured.
vendor specified (SIP)** Telephony SIP Provider (PSTN) The connection for VoIP signaling (dialing, ringing, etc. for inbound and outbound calls). The connection can optionally be secured.
Media udp/16384-32768 (RTP/SRTP)** VoIP phones The transmission of streaming media (audio). The connection can optionally be secured
vendor specified (RTP/SRTP)** Telephony SIP Provider (PSTN) The connection for VoIP signaling (dialing, ringing, etc. for inbound and outbound calls). The connection can optionally be secured.
udp/16384-32768 (RTP/SRTP) BYOC Premises Edge device The transmission of streaming media (audio). The connection can optionally be secured.

* Third-party service; not hosted by Genesys Cloud.

** Default ranges; ports can be changed in the Genesys Cloud configuration.

† Third-party service; not hosted by Genesys Cloud.

Ports for encryption certificates

When pairing an Edge with the Genesys Cloud, you can choose a private Genesys Cloud encryption certificate or a publicly signed encryption certificate. The pairing process also supports China-specific encryption. The public and China specific pairing options require separate ports be open. For more information, see Pair the Edge using a USB flash drive or Pair an Edge using a USB flash drive and an LCD.

Modified date
(YYYY-MM-DD)
Revision
2022-07-27

Added the Ports for encryption certificates section.

2020-12-14

Broke out the main sections of the larger Ports and services for your firewall article into smaller articles. Created this article to cover the ports and services for Edge devices under BYOC Premises.