How Do I Allow Webex Meetings Traffic on My Network?
Feedback?
This article is intended for Network Administrators who want to support the Webex Meetings Client and Video Collaboration Devices for use on their company's network. The guide covers ports, IP ranges, and domains required by the meeting client, video collaboration devices, and Webex Edge audio.
If you're joining Webex Meetings from any of the following applications or devices, please use this article:
- Webex App (Desktop, Mobile, and Web Based)
- Cloud Registered Webex Devices (including Webex Boards)
Webex website, Webex Desktop App/Productivity Tools, Webex Meetings for Android/iOS, Webex Web App | ||||
Protocol | Port Number(s) | Direction | Access Type | Comments |
TCP | 80 / 443 | Outbound | Webex Client Access port and Webex Events (Audio Streaming) | Webex client signaling port is used to exchange initial meeting setup information. Fall-back port for media connectivity when UDP ports are not open in the firewall. Webex Events Audio Broadcast transmission. |
TCP/UDP | 53 | Outbound | DNS | Used for DNS lookups to discover the IP addresses of Webex servers in the cloud. Even though typical DNS lookups are done over UDP, some may require TCP, if the query responses cannot fit it in UDP packets. |
UDP | 9000 | Outbound to Webex | Primary Webex Client Media (VoIP & Video RTP) | Webex client media port is used to exchange computer audio, webcam video, and content sharing streams. Opening this port is required to ensure the best possible media experience |
TCP | 5004, 443, 80 | Outbound to Webex | Alternate Webex Client Media (VoIP & Video RTP) | Fall-back ports for media connectivity when UDP port 9000 is not open in the firewall |
TCP/UDP | Operating System Specific Ephemeral Ports | Inbound | Return traffic from Webex | Webex will communicate to the destination port received when the client makes its connection. A firewall should be configured to allow these return connections through. |
TCP | 443 | Inbound | Proximity | The connecting device must have an IPv4 route-able path between itself and the device using HTTPS. |
UDP | 5004 | Outbound | Webex Client Media | The UDP port 5004 is used for out-of-meeting sharing to Cisco Video Collaboration Devices. |
These ports are provided as a reference only. Please refer to the deployment guide/manufacturer recommendation for full details.
Protocol | Port Number(s) | Direction | Access Type | Comments |
TCP | 5060-5070 | Outbound | SIP signaling | The Webex media edge listens on 5060 - 5070. For more information, please see the configuration guide on the specific service being used: Cisco Webex Meeting Center Video Conferencing Enterprise Deployment Guide.pdf |
TCP | 5060, 5061 and 5065 | Inbound | SIP signaling | Inbound SIP signaling traffic from the Webex cloud |
TCP / UDP | 1719, 1720 and port 15000-19999 | Inbound and Outbound | H.323 LS | If your endpoint requires gatekeeper communication, also open port 1719, which includes Lifesize. |
TCP/UDP | Ephemeral Ports 36000-59999 | Inbound and Outbound | Media ports | If you're using a Cisco Expressway, the media ranges need to be set to 36000-59999. If you are using a third party endpoint or call control, they need to be configured to use this range. |
For on-premise Video Device network configuration, refer to Cisco Expressway IP Port Usage - Configuration Guide.
For Video Integration with Microsoft Teams (VIMT) deployment guidance, refer to Deploy the Webex Video Integration for Microsoft Teams.
Protocol | Port Number(s) | Direction | Access Type | Comments |
TCP | 5061, 5062 | Inbound | SIP Signaling | Inbound SIP signaling for Webex Edge Audio |
TCP | 5061, 5065 | Outbound | SIP Signaling | Outbound SIP signaling for Webex Edge Audio |
TCP/UDP | Ephemeral Ports 8000 - 59999 | Inbound and Outbound | Media Ports | On an enterprise firewall, pinholes need to be opened up for incoming traffic to Expressway with a port range from 8000 - 59999 |
- 23.89.0.0/16 (CIDR) or 23.89.0.0 - 23.89.255.255 (net range)
- 62.109.192.0/18 (CIDR) or 62.109.192.0 - 62.109.255.255 (net range)
- 64.68.96.0/19 (CIDR) or 64.68.96.0 - 64.68.127.255 (net range)
- 66.114.160.0/20 (CIDR) or 66.114.160.0 - 66.114.175.255 (net range)
- 66.163.32.0/19 (CIDR) or 66.163.32.0 - 66.163.63.255 (net range)
- 69.26.160.0/19 (CIDR) or 69.26.160.0 - 69.26.191.255 (net range)
- 114.29.192.0/19 (CIDR) or 114.29.192.0 - 114.29.223.255 (net range)
- 150.253.128.0/17 (CIDR) or 150.253.128.0 - 150.253.255.255 (net range)
- 170.72.0.0/16 (CIDR) or 170.72.0.0 - 170.72.255.255 (net range)
- 170.133.128.0/18 (CIDR) or 170.133.128.0 - 170.133.191.255 (net range)
- 173.39.224.0/19 (CIDR) or 173.39.224.0 - 173.39.255.255 (net range)
- 173.243.0.0/20 (CIDR) or 173.243.0.0 - 173.243.15.255 (net range)
- 207.182.160.0/19 (CIDR) or 207.182.160.0 - 207.182.191.255 (net range)
- 209.197.192.0/19 (CIDR) or 209.197.192.0 - 209.197.223.255 (net range)
- 210.4.192.0/20 (CIDR) or 210.4.192.0 - 210.4.207.255 (net range)
- 216.151.128.0/19 (CIDR) or 216.151.128.0 - 216.151.159.255 (net range)
- 144.196.0.0/16 (CIDR) or 144.196.0.0 - 144.196.255.255 (net range)
- 163.129.0.0/16 (CIDR) or 163.129.0.0 - 163.129.255.255 (net range)
Webex recommends that content should not be cached at any time. The following domain(s) will be used by meeting clients that connect to Webex Meetings:
Client Type | Domain(s) |
Webex Meetings Desktop Application | *.wbx2.com *.ciscospark.com *.webexcontent.com |
Webex Desktop Clients (Mac/PC, including WebApp the browser based thin client) connecting to Webex Meetings | *.webex.com |
On-prem SIP/H323 devices calling into (or being called back from) a Webex Meeting | *.webex.com (note IP dialing also available) |
Webex Mobile Clients (iOS, Android) connecting to Webex Meetings | *.webex.com |
Certificate Validation | *.identrust.com *.quovadisglobal.com *.digicert.com *.godaddy.com *.lencr.org *.intel.com |
People Insights Integration | *.accompany.com |
Webex Meetings site performance analytics and Webex App | *.eum-appdynamics.com *.appdynamics.com |
Webex Events Webcasts (Attendees only) | *.vbrickrev.com |
Used for Slido PPT add-in and to allow Slido webpages to create polls/quizzes in pre-meeting | *.slido.com *.sli.do *.data.logentries.com |
If you have Webex app Desktop Clients, Cloud Registered Devices (including Webex Boards) connecting to Webex Meetings, you also need to allow the list of domains outlined in https://help.webex.com/WBX000028782/Network-Requirements-for-Webex-Teams-Services |
Guidance on IPS firewall:
- Bypass firewall IPS or other types of DoS protection(allowed) for Webex traffic (defined by Webex IP CIDR blocks), especially the media traffic.
- If IPS can not be a bypass, proper sizing is required to be carried out to ensure IPS have sufficient capacity to handle the audio and video throughput for a large number of participants.
- If IPS can not be a bypass, proper fine-tuning of the signature and threshold has to be achieved so that Webex traffic is not misclassified and subsequently dropped.
- Monitor firewall IPS alerts to investigate any IPS alert against Webex traffic.
- UserAgent=WebexInMeetingWin
- UserAgent=WebexInMeetingMac
- UserAgent=prefetchDocShow
- UserAgent=standby
Guidance on Proxy servers:
- The Webex meeting client does not support SNI extension for TLS media connections. Connection failure to the Webex audio and video services will occur if a proxy server requires the presence of SNI.
Revision Date | New and Changed Information |
1/09/2024 | Article expiration removed (no changes made to network requirements) |
11/20/2023 | Article text cleanup (no changes made to network requirements) |
10/09/2023 | A link to VIMT doc has been included |
06/01/2023 | China Cluster information Removed. |
04/11/2023 | Added New IP subnets for media added (144.196.0.0/16 (CIDR) or 144.196.0.0 - 144.196.255.255 (net range) 163.129.0.0/16 (CIDR) or 163.129.0.0 - 163.129.255.255 (net range). |
10/24/2022 | Updated for inclusive language |
12/21/2021 | Added the UDP port 5004 Outbound to Webex Media Client |
11/11/2021 | Added *.intel.com to the required Certificate Validation. |
11/04/2021 | Updated *.letcr.org to *.lencr.org cert |
10/27/2021 | Added *.godaddy.com and *.letcr.org Cert |
10/04/2021 | Removed *.walkme.com and s3.walkmeusercontent.com from domains table as they are no longer needed. |
08/25/2021 | Changed *.webexcontent.com (1) to *.webexcontent.com |
07/29/2021 | Added *.webexcontent.com (1) URL added for file storage |
07/08/2021 | Removed the range 20.68.154.0 - 20.68.154.255 |
06/25/2021 | Added *.appdynamics.com and s3.walkmeusercontent.com domains to the list |
05/11/2021 | The list of IP addresses was arranged in order. |
05/06/2021 | Added 20.68.154.0/24 (CIDR) or 20.68.154.0 - 20.68.154.255 (net range) for Cisco Webex Video Integration for Microsoft Teams (Microsoft CVI) media traffic only. |
04/28/2021 | Added domains for Slido PPT add-in and to allow Slido webpages to create polls/quizzes in pre-meeting |
04/27/2021 | Added 23.89.0.0/16 (CIDR) or 23.89.0.0 - 23.89.255.255 (net range) for Webex Edge Audio |
04/26/2021 | Added UserAgents in Webex during utiltp process. |
0415/2021 | Domain *.vbrickrev.com for Webex Events Webcasts was added. |
04/01/2021 | Domains that need to be allowed - Table was updated. |
3/15/2021 | Added IdenTrust certificates domain. |
3/10/2021 | Removed UDP 5004 Outbound to Webex |
2/23/2021 | Added: UDP Port: 9000, 5004 and TCP: 5004, 443, 80 Webex Client Media |
1/06/2021 | Added TCP/UDP Ephemeral Ports Outbound Port range. |
12/7/2020 | Added section: Guidance on Proxy servers |
10/23/2020 | Added *.eum-appdynamics.com to domains |
7/31/2020 | Added *.wbx2.com and *.ciscospark.com domains |
7/27/2020 | Added 170.72.0.0/16 (CIDR) or 170.72.0.0 - 170.72.255.255 (net range) |
7/24/2020 | Added Guidance on IPS firewall |
6/1/20 |
|
4/29/20 | Added *.digicert.com for Cert Validation |
4/22/20 | Added new IP range 150.253.128.0/17 |
3/27/20 | Opening Paragraph added to the Solution. Updated the Comments for the "Webex website, Webex Desktop App/Productivity Tools, Webex Meetings for Android/iOS, Webex Web App" table |
3/3/2020 | Provided an update for Port Exceptions |
2/14/2020 | UDP 9000 for AB was removed and added Audio Broadcast is only available on TCP port 443. |
1/29/2020 | Access Type Column: Alternate Webex Client Media (VoIP and Video RTP) |
12/11/2019 | Added "port 80" in Table 1 - Row # 4. |
10/30/19 | For Edge Audio - On an enterprise firewall, pinholes need to be opened up for incoming traffic to Expressway with port range from 8000 - 59999 |
07/25/2019 | Updated text for UDP 9000, and completely new row for TCP 5004. Since TCP 5004 port is going to be deferred from the 39.7 release. |
6/27/2019 | Added People Insights *.accompany.com domain requirement |
5/23/2019 | Added 170.133.128.0/18 range |
2/27/2019 | Added info for China Clusters link to new article WBX9000018173 |
Was this article helpful?