Foreword

This guide is designed to provide firewall recommendations for settings and port openings. Evolve strides to provide the most ideal settings for the most common firewalls. However, knowing the exact settings for customer firewalls, IT vendors, and ISP carriers is the responsibility of the customer and their contracted IT vendors

Port Openings

A Customer

Named Server List for ACLs

Ports

Purpose

Status

voip.evolveip.net
  • 5061/UDP&TCP
  • 10000-65000/UDP
  • 10000-65000/UDP
  • SIP - TLS
  • Audio SRTP
  • Video SRTP
Active

webex-adp-a.voip.evolveip.net

  • 443
    444
    8012
HTTP(S)Active
dms-adp-a.voip.evolveip.net443mTLS DMSActive

B Customer

Named Server List for ACLs

Ports

Purpose

Status

voip-b.evolveip.net
  • 5061/UDP&TCP
  • 10000-65000/UDP
  • 10000-65000/UDP
  • SIP - TLS
  • Audio SRTP
  • Video SRTP
Active

webex-adp-b.voip.evolveip.net

  • 443
    444
    8012
HTTP(S)Active
dms-adp-b.voip.evolveip.net443mTLS DMSActive


C Customer

Named Server List for ACLs

Ports

Purpose

Status

voip-c.evolveip.net
  • 5061/UDP&TCP
  • 10000-65000/UDP
  • 10000-65000/UDP
  • SIP - TLS
  • Audio SRTP
  • Video SRTP
Active

webex-adp-b.voip.evolveip.net

  • 443
    444
    8012
HTTP(S)Active
dms-adp-b.voip.evolveip.net443mTLS DMSActive


D Customer

Named Server List for ACLs

Ports

Purpose

Status

Named Server List for ACLs

Ports

Purpose

Status

voip-d.evolveip.net
  • 5061/UDP&TCP
  • 10000-65000/UDP
  • 10000-65000/UDP
  • SIP - TLS
  • Audio SRTP
  • Video SRTP
Active

webex-adp-b.voip.evolveip.net

  • 443
    444
    8012
HTTP(S)Active
dms-adp-b.voip.evolveip.net443mTLS DMSActive

F Customer

Named Server List for ACLs

Ports

Purpose

Status

voip-f.evolveip.net
  • 5061/UDP&TCP
  • 10000-65000/UDP
  • 10000-65000/UDP
  • SIP - TLS
  • Audio SRTP
  • Video SRTP
Active

webex-adp-b.voip.evolveip.net

  • 443
    444
    8012
HTTP(S)Active
dms-adp-b.voip.evolveip.net443mTLS DMSActive


G Customer

Named Server List for ACLs

Ports

Purpose

Status

voip-g.evolveip.net
  • 5061/UDP&TCP
  • 10000-65000/UDP
  • 10000-65000/UDP
  • SIP - TLS
  • Audio SRTP
  • Video SRTP
Active

webex-adp-b.voip.evolveip.net

  • 443
    444
    8012
HTTP(S)Active
dms-adp-b.voip.evolveip.net443mTLS DMSActive


MN/AiTech Customer

Named Server List for ACLs

Ports

Purpose

Status

bwsip.net
  • 5061/UDP&TCP
  • 10000-65000/UDP
  • 10000-65000/UDP
  • SIP - TLS
  • Audio SRTP
  • Video SRTP
Active

webex-adp.bwsip.net

  • 443
    444
    8012
HTTP(S)Active
bwsip.com443mTLS DMSActive

________________________________________________________________________________________________________________________________________________________________________________________________________________________________


Network Requirements for Webex Services

https://help.webex.com/en-us/article/WBX000028782/Network-Requirements-for-Webex-Services#id_134894  


Document Revision History
 
This article is intended for network administrators, particularly firewall and proxy security administrators who want to use Webex messaging and meetings services within their organization. It will help you configure your network to support the Webex Services used by HTTPS based Webex app and Webex Room devices, as well as Cisco IP Phones, Cisco video devices, and third-party devices that use SIP to connect to the Webex Meetings service.
This document primarily focuses on the network requirements of Webex cloud registered products that use HTTPS signaling to Webex cloud services, but also separately describes the network requirements of products that use SIP signaling to join Webex Meetings. These differences are summarized below:

Summary of device types and protocols supported by Webex

Transport protocols and encryption ciphers for cloud registered Webex apps and devices


Webex traffic through Proxies and Firewalls

Most customers deploy an internet firewall, or internet proxy and firewall, to restrict and control the HTTP based traffic that leaves and enters their network. Follow the firewall and proxy guidance below to enable access to Webex services from your network. If you are using a firewall only, note that filtering Webex signaling traffic using IP addresses is not supported, as the IP addresses used by Webex signaling services are dynamic and may change at any time. If your firewall supports URL filtering, configure the firewall to allow the Webex destination URLs listed in the section "Domains and URLs that need to be accessed for Webex Services".

Webex Services – Port Numbers and Protocols

The following table describes ports and protocols that need to be opened on your firewall to allows cloud registered Webex apps and devices to communicate with Webex cloud signaling and media services.

The Webex apps, devices, and services covered in this table include:
The Webex app, Webex Room devices, Video Mesh Node, Hybrid Data Security node, Directory Connector, Calendar Connector, Management Connector, Serviceability Connector.
For guidance on ports and protocols for devices and Webex services using SIP can be found in the section "Network requirements for SIP based Webex services".

Webex Services - Port Numbers and Protocols

Destination Port

Protocol

Description

Devices using this rule

443TLSWebex HTTPS signaling.
Session establishment to Webex services is based on defined URLs, rather than IP addresses.

If you are using a proxy server, or your firewall supports DNS resolution; refer to the section "Domains and URLs that need to be accessed for Webex Services" to allow signaling access to Webex services.
All
444TLSVideo Mesh Node secure signaling to establish cascade media connections to the Webex cloudVideo Mesh Node
123 (1)UDPNetwork Time Protocol (NTP)All
53 (1)UDP
TCP
Domain Name System (DNS)

Used for DNS lookups to discover the IP addresses of services in the Webex cloud.
Most DNS queries are made over UDP; however, DNS queries may use TCP as well.

 
All
5004 and 9000SRTP over UDPEncrypted audio, video, and content sharing on the Webex App and Webex Room devices

For a list of destination IP subnets refer to the section "IP subnets for Webex media services".
Webex App

Webex Room Devices

Video Mesh Nodes
50,000 – 53,000SRTP over UDPEncrypted audio, video, and content sharing – Video Mesh Node onlyVideo Mesh Node
5004SRTP over TCPUsed for encrypted content sharing on the Webex App and Webex Room devices

TCP also serves as a fallback transport protocol for encrypted audio and video if UDP cannot be used.

For a list of destination IP subnets refer to the section "IP subnets for Webex media services".
Webex App

Webex Room Devices

Video Mesh Nodes
443 (2)SRTP over TLSUsed as a fallback transport protocol for encrypted audio, video and content sharing if UDP and TCP cannot be used.

Media over TLS is not recommended in production environments

For a list of destination IP subnets refer to the section "IP subnets for Webex media services".
Webex App (2)

Webex Room Devices

(1)    If you are using NTP and DNS services within your enterprise network, then ports 53 and 123 do not need to be opened through your firewall.
(2)    The Webex Web-based app and Webex SDK do not support media over TLS.
 

IP subnets for Webex media services


Webex signaling traffic and Enterprise Proxy Configuration

Most organizations use proxy servers to inspect and control the HTTP traffic that leaves their network. Proxies can be used to perform several security functions such as allowing or blocking access to specific URLs, user authentication, IP address/domain/hostname/URI reputation lookup, and traffic decryption and inspection. Proxy servers are also commonly used as the only path that can forward HTTP based internet destined traffic to the enterprise firewall, allowing the firewall to limit outbound internet traffic to that originating from the Proxy server(s) only. Your Proxy server must be configured to allow Webex signaling traffic to access the domains/ URLs listed in the section below:

Domains and URLs that need to be accessed for Webex Services

Additional URLs for Webex Hybrid Services


Your Proxy server must be configured to allow Webex signaling traffic to access the domains/ URLs listed in the previous section.  Support for additional proxy features relevant to Webex services is discussed below:

follow this link for additional info below:

https://help.webex.com/en-us/article/WBX000028782/Network-Requirements-for-Webex-Services#id_134759 

Proxy Features:

802.1X – Port based Network Access control :

Network requirements for SIP based Webex services:

Network Requirements for Webex Edge Audio:

A summary of other Webex Hybrid Services and documentation:

Webex Services for FedRAMP customers:

Document Revision History - Network Requirements for Webex Services: