FAQs: Firewall


Can I configure SSL inspection on a proxy server firewall that sits between client workstation and PureCloud?

No. PureCloud will not allow another device to intercept traffic. PureCloud determines [More]

Can I configure SSL inspection on a proxy server firewall that sits between an on-premises Edge and PureCloud?

No. The Edge will not allow another device to intercept traffic. The [More]

My firewall/security device is performing a reverse lookup of addresses already resolved by the Edge when making WebRTC calls, is this a supported configuration?

Yes. WebRTC can support this type of configuration, but it is not [More]

When troubleshooting firewall issues, why do I see names like 1e100.net when doing a reverse lookup on addresses resolved from *.l.google.com?

The name 1e100.net is a valid Google domain name and identifies its [More]

My firewall can’t do JSON updates or DNS lookups, what can I do?

You have two options. You can simply open the required ports, which [More]

Why does the port range 16384-32767 (RTP media) need to be opened up for PureCloud Voice/BYOC Cloud?

This port range only needs to be opened for outbound connections. PureCloud [More]

What happens if I don’t update my firewall with new entries in the AWS JSON file? Will we lose connectivity?

Yes, you could very well lose connectivity. The problem with not updating [More]

Why do we need to allow so many Amazon/AWS IP addresses?

Amazon/AWS sets aside a pool of public IP addresses for each region [More]

Why does PureCloud require that I have so many open ports on my firewall?

It is important to keep in mind that the majority of these [More]

Does port 19302 for Google’s STUN need to be open?

Yes and No. Yes, port 19302 needs to be open for Edges [More]

What happens if I only whitelist some of required public SIP IP addresses for BYOC Cloud?

The BYOC Cloud public SIP IP addresses article specifies that you must [More]

Why does PureCloud require port 80 to be open?

PureCloud requires port 80 to be left open to facilitate redirects to [More]

Why does the Session Description Protocol provide media IP addresses which are different from the signaling IP addresses?

Call signaling and media are handled by separate services for resiliency and [More]

Can we call a web service running on a port other than 443?

No. For PCI compliance, the service that executes web services data actions [More]

What ports does screen recording require?

PureCloud uses a range of ports for the secure transmission of streaming [More]