Ports and services for Edge devices under BYOC Premises
This reference article lists the ports required for access to specific services for Edge devices under BYOC Premises. For more information on other ports and services you may need to configure on your firewall, see About ports and services for your firewall.
| Services | Transport/Port (Application) | Destination | Description |
|---|---|---|---|
| Cloud | tcp/443 (HTTPS/WSS) | Genesys Cloud, Amazon AWS | The secure connection from your premise Edge devices to the Genesys Cloud Services on the public Internet. |
| Intra-Edge Group Communications |
tls/8063 udp/16384-65535 (SRTP) |
BYOC Premises Edge devices in the same Edge Group | The connection for Edges to communicate with each other. |
| WebRTC Cloud | tcp/5061 | Genesys Cloud, Amazon AWS | The connection for Edges to connect to the Genesys Cloud services for WebRTC phones. |
| WebRTC Station Trunk |
tcp/3478 (STUN) udp/3478 (STUN) tcp/19302 (STUN) udp/19302 (STUN) |
Genesys Cloud, Amazon AWS Google* |
Session Traversal Utilities for NAT (STUN) is an egress connection that informs a host of its public IP address used for media-based communications. |
| WebRTC Media | udp/16384-65535 (SRTP/TURN) | BYOC Premises Edge devices Genesys Cloud, Amazon AWS, and WebRTC Client. | The transmission of secured streaming media (audio). |
| Signaling |
udp/5060 (SIP)** tcp/5060 (SIP)** tcp/5061 (SIPS) [without FENT]** |
VoIP phones BYOC Premises Edge device |
The connection for VoIP signaling (dialing, ringing, etc. for inbound and outbound calls). The connection can optionally be secured. |
| vendor specified (SIP)** | Telephony SIP Provider (PSTN)† | The connection for VoIP signaling (dialing, ringing, etc. for inbound and outbound calls). The connection can optionally be secured. | |
| Media | udp/16384-65535 (RTP/SRTP)** | VoIP phones | The transmission of streaming media (audio). The connection can optionally be secured |
| vendor specified (RTP/SRTP)** | Telephony SIP Provider (PSTN)† | The connection for VoIP signaling (dialing, ringing, etc. for inbound and outbound calls). The connection can optionally be secured. | |
| udp/16384-65535 (RTP/SRTP) | BYOC Premises Edge device | The transmission of streaming media (audio). The connection can optionally be secured. |
* Third-party service; not hosted by Genesys Cloud.
** Default ranges; ports can be changed in the Genesys Cloud configuration.
† Third-party service; not hosted by Genesys Cloud.
Ports for encryption certificates
When pairing an Edge with the Genesys Cloud, you can choose a private Genesys Cloud encryption certificate or a publicly signed encryption certificate. The pairing process also supports China-specific encryption. The public and China specific pairing options require separate ports be open. For more information, see Pair the Edge using a USB flash drive or Pair an Edge using a USB flash drive and an LCD.
| Modified date (YYYY-MM-DD) |
Revision |
|---|---|
| 2025-05-19 | Media RTP port range expansion from udp/16384-32768 to udp/16384-65535. |
| 2022-07-27 | Added the Ports for encryption certificates section. |
| 2020-12-14 | Broke out the main sections of the larger Ports and services for your firewall article into smaller articles. Created this article to cover the ports and services for Edge devices under BYOC Premises. |
