You may notice some articles displaying content inconsistently. Pardon our dust as we update our site.
cross icon
How Do I Allow Webex Meetings Traffic on My Network?
list-menuFeedback?
This article is intended for Network Administrators who want to support the Webex Meetings Client and Video Collaboration Devices for use on their company's network. The guide covers ports, IP ranges, and domains required by the meeting client, video collaboration devices, and Webex Edge audio.

If you're joining Webex Meetings from any of the following applications or devices, please use this article:

  • Webex App (Desktop, Mobile, and Web Based)
  • Cloud Registered Webex Devices (including Webex Boards)
Webex website, Webex Desktop App/Productivity Tools, Webex Meetings for Android/iOS, Webex Web App
ProtocolPort Number(s)DirectionAccess TypeComments
TCP80 / 443OutboundWebex Client Access port and Webex Events (Audio Streaming)Webex client signaling port is used to exchange initial meeting setup information. Fall-back port for media connectivity when UDP ports are not open in the firewall. Webex Events Audio Broadcast transmission.
TCP/UDP53OutboundDNSUsed for DNS lookups to discover the IP addresses of Webex servers in the cloud. Even though typical DNS lookups are done over UDP, some may require TCP, if the query responses cannot fit it in UDP packets.
UDP9000Outbound to WebexPrimary Webex Client Media (VoIP & Video RTP)Webex client media port is used to exchange computer audio, webcam video, and content sharing streams. Opening this port is required to ensure the best possible media experience
TCP5004, 443, 80Outbound to WebexAlternate Webex Client Media (VoIP & Video RTP)Fall-back ports for media connectivity when UDP port 9000 is not open in the firewall
TCP/UDPOperating System Specific Ephemeral PortsInboundReturn traffic from WebexWebex will communicate to the destination port received when the client makes its connection.  A firewall should be configured to allow these return connections through. 
 
TCP443InboundProximityThe connecting device must have an IPv4 route-able path between itself and the device using HTTPS.
UDP5004OutboundWebex Client MediaThe UDP port  5004 is used for out-of-meeting sharing to Cisco Video Collaboration Devices.
 

These ports are provided as a reference only.  Please refer to the deployment guide/manufacturer recommendation for full details.

ProtocolPort Number(s)DirectionAccess TypeComments
TCP5060-5070OutboundSIP signalingThe Webex media edge listens on 5060 - 5070.

For more information, please see the configuration guide on the specific service being used: Cisco Webex Meeting Center Video Conferencing Enterprise Deployment Guide.pdf
TCP5060, 5061 and 5065InboundSIP signalingInbound SIP signaling traffic from the Webex cloud
TCP / UDP1719, 1720 and port 15000-19999Inbound and OutboundH.323 LSIf your endpoint requires gatekeeper communication, also open port 1719, which includes Lifesize.
TCP/UDPEphemeral Ports
36000-59999
Inbound and OutboundMedia portsIf you're using a Cisco Expressway, the media ranges need to be set to 36000-59999. If you are using a third party endpoint or call control, they need to be configured to use this range.

For on-premise Video Device network configuration, refer to Cisco Expressway IP Port Usage - Configuration Guide.

For Video Integration with Microsoft Teams (VIMT) deployment guidance, refer to Deploy the Webex Video Integration for Microsoft Teams.

ProtocolPort Number(s)DirectionAccess TypeComments
TCP5061, 5062InboundSIP SignalingInbound SIP signaling for Webex Edge Audio
TCP5061, 5065OutboundSIP SignalingOutbound SIP signaling for Webex Edge Audio
TCP/UDPEphemeral Ports
8000 - 59999
Inbound and OutboundMedia PortsOn an enterprise firewall, pinholes need to be opened up for incoming traffic to Expressway with a port range from 8000 - 59999
  • 23.89.0.0/16 (CIDR) or 23.89.0.0 - 23.89.255.255 (net range)
  • 62.109.192.0/18 (CIDR) or 62.109.192.0 - 62.109.255.255 (net range)
  • 64.68.96.0/19 (CIDR) or 64.68.96.0 - 64.68.127.255 (net range)
  • 66.114.160.0/20 (CIDR) or 66.114.160.0 - 66.114.175.255 (net range)
  • 66.163.32.0/19 (CIDR) or 66.163.32.0 - 66.163.63.255 (net range)
  • 69.26.160.0/19 (CIDR) or 69.26.160.0 - 69.26.191.255 (net range)
  • 114.29.192.0/19 (CIDR) or 114.29.192.0 - 114.29.223.255 (net range)
  • 150.253.128.0/17 (CIDR) or 150.253.128.0 - 150.253.255.255 (net range)
  • 170.72.0.0/16 (CIDR) or 170.72.0.0 - 170.72.255.255 (net range)
  • 170.133.128.0/18 (CIDR) or 170.133.128.0 - 170.133.191.255 (net range)
  • 173.39.224.0/19 (CIDR) or 173.39.224.0 - 173.39.255.255 (net range)
  • 173.243.0.0/20 (CIDR) or 173.243.0.0 - 173.243.15.255 (net range)
  • 207.182.160.0/19 (CIDR) or 207.182.160.0 - 207.182.191.255 (net range)
  • 209.197.192.0/19 (CIDR) or 209.197.192.0 - 209.197.223.255 (net range)
  • 210.4.192.0/20 (CIDR) or 210.4.192.0 - 210.4.207.255 (net range)
  • 216.151.128.0/19 (CIDR) or 216.151.128.0 - 216.151.159.255 (net range)
  • 144.196.0.0/16  (CIDR) or 144.196.0.0 - 144.196.255.255 (net range)
  • 163.129.0.0/16  (CIDR) or 163.129.0.0 - 163.129.255.255 (net range)

Webex recommends that content should not be cached at any time. The following domain(s) will be used by meeting clients that connect to Webex Meetings:

Client TypeDomain(s) 
Webex Meetings Desktop Application*.wbx2.com
*.ciscospark.com
*.webexcontent.com

 
Webex Desktop Clients (Mac/PC, including WebApp the browser based thin client) connecting to Webex Meetings*.webex.com
On-prem SIP/H323 devices calling into (or being called back from) a Webex Meeting*.webex.com (note IP dialing also available)
Webex Mobile Clients (iOS, Android) connecting to Webex Meetings*.webex.com
Certificate Validation*.identrust.com
*.quovadisglobal.com
*.digicert.com
*.godaddy.com
*.lencr.org
*.intel.com
People Insights Integration*.accompany.com
Webex Meetings site performance analytics and Webex App*.eum-appdynamics.com
*.appdynamics.com
Webex Events Webcasts (Attendees only)*.vbrickrev.com
Used for Slido PPT add-in and to allow Slido webpages to create polls/quizzes in pre-meeting*.slido.com
*.sli.do
*.data.logentries.com
If you have Webex app Desktop Clients, Cloud Registered Devices (including Webex Boards) connecting to Webex Meetings, you also need to allow the list of domains outlined in https://help.webex.com/WBX000028782/Network-Requirements-for-Webex-Teams-Services 
All Webex hosted services are advertised under AS13445, refer to the Webex Peering Policy. Services hosted by other service providers are not included here.  This includes TSP partner systems or our content delivery partners.  If you are connecting to partner-hosted systems such as a Partner VoIP system, please contact the partner for the appropriate IP addresses and ports.

Guidance on IPS firewall:
  • Bypass firewall IPS or other types of DoS protection(allowed) for Webex traffic (defined by Webex IP CIDR blocks), especially the media traffic.
  • If IPS can not be a bypass, proper sizing is required to be carried out to ensure IPS have sufficient capacity to handle the audio and video throughput for a large number of participants.
  • If IPS can not be a bypass, proper fine-tuning of the signature and threshold has to be achieved so that Webex traffic is not misclassified and subsequently dropped.
  • Monitor firewall IPS alerts to investigate any IPS alert against Webex traffic.
Note: The following UserAgents will be passed by Webex by the utiltp process in Webex, and should be allowed through an agency's firewall:
  • UserAgent=WebexInMeetingWin
  • UserAgent=WebexInMeetingMac
  • UserAgent=prefetchDocShow
  • UserAgent=standby

Guidance on Proxy servers:
  • The Webex meeting client does not support SNI extension for TLS media connections. Connection failure to the Webex audio and video services will occur if a proxy server requires the presence of SNI.
Revision DateNew and Changed Information
1/09/2024Article expiration removed (no changes made to network requirements)
11/20/2023Article text cleanup (no changes made to network requirements)
10/09/2023A link to VIMT doc has been included
06/01/2023China Cluster information Removed.
04/11/2023Added New IP subnets for media added (144.196.0.0/16  (CIDR) or 144.196.0.0 - 144.196.255.255 (net range)
163.129.0.0/16  (CIDR) or 163.129.0.0 - 163.129.255.255 (net range).
10/24/2022Updated for inclusive language
12/21/2021Added the UDP port 5004 Outbound to Webex Media Client
11/11/2021Added *.intel.com to the required Certificate Validation.
11/04/2021Updated *.letcr.org to *.lencr.org cert
10/27/2021Added *.godaddy.com and *.letcr.org Cert 
10/04/2021Removed *.walkme.com and s3.walkmeusercontent.com from domains table as they are no longer needed.
08/25/2021Changed *.webexcontent.com (1) to *.webexcontent.com
07/29/2021Added *.webexcontent.com (1) URL added for file storage
07/08/2021Removed the range 20.68.154.0 - 20.68.154.255
06/25/2021Added *.appdynamics.com and s3.walkmeusercontent.com domains to the list
05/11/2021The list of IP addresses was arranged in order.
05/06/2021Added 20.68.154.0/24 (CIDR) or 20.68.154.0 - 20.68.154.255 (net range) for Cisco Webex Video Integration for Microsoft Teams (Microsoft CVI) media traffic only.
04/28/2021Added domains for Slido PPT add-in and to allow Slido webpages to create polls/quizzes in pre-meeting
04/27/2021Added 23.89.0.0/16 (CIDR) or 23.89.0.0 - 23.89.255.255 (net range) for Webex Edge Audio
04/26/2021Added UserAgents in Webex during utiltp process.
0415/2021Domain *.vbrickrev.com for Webex Events Webcasts was added.
04/01/2021Domains that need to be allowed - Table was updated.
3/15/2021Added IdenTrust certificates domain.
3/10/2021Removed UDP 5004 Outbound to Webex
2/23/2021Added: UDP Port: 9000, 5004 and TCP: 5004, 443, 80 Webex Client Media
1/06/2021Added TCP/UDP Ephemeral Ports Outbound Port range.
12/7/2020Added section: Guidance on Proxy servers
10/23/2020Added *.eum-appdynamics.com to domains
7/31/2020Added *.wbx2.com and *.ciscospark.com domains
7/27/2020Added 170.72.0.0/16 (CIDR) or 170.72.0.0 - 170.72.255.255 (net range)
7/24/2020Added Guidance on IPS firewall
6/1/20
  • Added allowed list for People Insights and WalkMe
  • Added TCP 443 Inbound Port
  • Added Configuration guide for on-premise Video Device network
4/29/20Added *.digicert.com for Cert Validation
4/22/20Added new IP range 150.253.128.0/17
3/27/20Opening Paragraph added to the Solution.  Updated the Comments for the "Webex website, Webex Desktop App/Productivity Tools, Webex Meetings for Android/iOS, Webex Web App" table
3/3/2020Provided an update for Port Exceptions
2/14/2020UDP 9000 for AB was removed and added Audio Broadcast is only available on TCP port 443.
1/29/2020Access Type Column: Alternate Webex Client Media (VoIP and Video RTP)
12/11/2019Added "port 80" in Table 1 - Row # 4.
10/30/19For Edge Audio - On an enterprise firewall, pinholes need to be opened up for incoming traffic to Expressway with port range from 8000 - 59999
07/25/2019Updated text for UDP 9000, and completely new row for TCP 5004.  Since TCP 5004 port is going to be deferred from the 39.7 release.
6/27/2019Added People Insights *.accompany.com domain requirement
5/23/2019Added 170.133.128.0/18 range
2/27/2019Added info for China Clusters link to new article WBX9000018173

Was this article helpful?
Was this article helpful?