Water Mark

How Do I Allow Webex Meetings Traffic on My Network?

view(s) people thought this was helpful

Allow domains access through your Firewall, Web Proxy, or any other filtering device, List of IP addresses by region, Ports used by the Webex client for communication for both inbound and outbound traffic, Default Ports used by Video Collaboration Devices

How do I allow Webex Meetings traffic on my network?

Network Requirements

Network Requirements for Cisco Webex

How do I optimize firewall and proxy settings for use with Webex services?

What ports need to be opened to use Webex services?

What exceptions should I add to my firewall for Webex?

What IP range is assigned to Webex?

What settings does Webex recommend for proxy servers?

Note:

Special note: UDP is recommended vs. TCP when configuring your media ports. The client will perform a test to attempt connection on UDP 9000. If this port is closed, the connection will fail back to TCP. Please ensure that UDP 9000 is open outbound and return traffic is allowed back inbound. The connection is always initiated outbound from the Webex client to the Webex Server.

Using TCP in a near congested network will cause retransmissions, which in turn can create a choppy video or low bandwidth error experience. UDP does not retransmit, and will provide a better video experience

For more info on the low bandwidth error, see: WBX84420 - I Get a Low-Bandwidth Error when I Try to View Video from TelePresence Users

Audio/Video packets use the standard RTP protocol. Depending on your existing firewall rules, an adjustment may be necessary to allow the standard RTP protocol.

Solution:

Ports used by Webex Meeting Clients:  

Depending on the services you are using in your particular deployment of Webex, you may connect to our services over a variety of different ports.

The chart below is provided to help you identify what ports you might need to open on your firewall.  Some services like video collaboration, have on-premise components that can be configured to use non-standard port ranges.  For those devices, please see the specific deployment guide for that device or technology in order to determine the exact ports to open. 

If you are also leveraging Webex Teams (formerly Cisco Spark) in your environment, implement the settings from this article and the Webex Teams Network Requirements article.

Ports used by the Webex client for communication (both inbound and outbound traffic):

In order to connect to Webex, you must have a working DNS server. Most DNS queries are made over UDP; however, DNS queries may use TCP as well.

 
Webex website, Webex Desktop App/Productivity Tools, Webex Meetings for Android/iOS, Webex Web App
ProtocolPort Number(s)DirectionAccess TypeComments
TCP80 / 443OutboundWebex Client Access port and Wevex Events (Audio Streaming)The Webex Client makes the majority of its data transfers and loading using HTTPS over port 443.  In some cases, port 80 will also be used before being redirected to a secure connection.
Webex Events Audio Broadcast is only available on TCP port 443.
TCP/UDP53OutboundDNSIn order to connect to Webex you must have a working DNS server.  Most DNS queries are made over UDP; however, DNS queries may use TCP as well.
UDP9000OutboundWebex Client Media (VoIP and Video RTP)The Webex client will try to connect to a Multimedia server over UDP port 9000. If unable to establish a connection over UDP 9000, it will use TCP port 443 and 80.  Due to the nature of TCP and how lost delayed packets are retransmitted, it is not recommended to use TCP.  We recommend allowing UDP port 9000 whenever possible.  (This media is sent over standard RTP.  Firewalls should not manipulate the RTP being sent or received.)
TCP5004OutboundAlternate Webex Client Media (VoIP and Video RTP)The Webex Desktop App will attempt to connect to a Multimedia server over TCP port 5004 if it cannot establish a connection over UDP port 9000. If both of those ports are closed the connection will be established via TCP port 443. Due to the nature of TCP and how lost delayed packets are retransmitted, it is not recommended to use TCP. We recommend allowing UDP port 9000 whenever possible. (This media is sent over standard RTP. Firewalls should not manipulate the RTP being sent or received.)
TCP/UDPOperating System Specific Ephemeral PortsInboundReturn traffic from WebexWebex will communicate to the destination port received when the client makes its connection.  A firewall should be configured to allow these return connections through. 
Default Ports used by Video Collaboration Devices:

These ports are provided as a reference only.  Please refer to the deployment guide/manufacturer recommendation for full details.
ProtocolPort Number(s)DirectionAccess TypeComments
TCP5060-5070OutboundSIP signalingThe Webex media edge listens on 5060 - 5070.

For more information, please see the configuration guide on the specific service being used: Cisco Webex Meeting Center Video Conferencing Enterprise Deployment Guide.pdf
TCP5060, 5061 and 5065InboundSIP signalingInbound SIP signaling traffic from the Webex cloud
TCP / UDP1719, 1720 and port 15000-19999Inbound and OutboundH.323 LSIf your endpoint requires gatekeeper communication, also open port 1719 which includes Lifesize.
TCP/UDPEphemeral Ports
36000-59999
Inbound and OutboundMedia portsIf you're using a Cisco Expressway, the media ranges need to be set to 36000-59999. If you are using a third party endpoint or call control, they need to be configured to use this range.
Ports used by Webex Edge Audio:
ProtocolPort Number(s)DirectionAccess TypeComments
TCP5061, 5062InboundSIP SignalingInbound SIP signaling for Webex Edge Audio
TCP5061, 5065OutboundSIP SignalingOutbound SIP signaling for Webex Edge Audio
TCP/UDPEphemeral Ports
8000 - 59999
InboundMedia PortsOn an enterprise firewall, pinholes need to be opened up for incoming traffic to Expressway with port range from 8000 - 59999

`
List of IP address ranges used by Cisco Webex Meeting services:
 

  • 64.68.96.0/19 (CIDR) or 64.68.96.0 - 64.68.127.255 (net range)
  • 66.114.160.0/20 (CIDR) or 66.114.160.0 - 66.114.175.255 (net range)
  • 66.163.32.0/19 (CIDR) or 66.163.32.0 - 66.163.63.255 (net range)
  • 170.133.128.0/18 (CIDR) or 170.133.128.0 - 170.133.191.255 (net range)
  • 173.39.224.0/19 (CIDR) or 173.39.224.0 - 173.39.255.255 (net range)
  • 173.243.0.0/20 (CIDR) or 173.243.0.0 - 173.243.15.255 (net range)
  • 207.182.160.0/19 (CIDR) or 207.182.160.0 - 207.182.191.255 (net range)
  • 209.197.192.0/19 (CIDR) or 209.197.192.0 - 209.197.223.255 (net range)
  • 216.151.128.0/19 (CIDR) or 216.151.128.0 - 216.151.159.255 (net range)
  • 114.29.192.0/19 (CIDR) or 114.29.192.0 - 114.29.223.255 (net range)
  • 210.4.192.0/20 (CIDR) or 210.4.192.0 - 210.4.207.255 (net range)
  • 69.26.176.0/20 (CIDR) or 69.26.176.0 - 69.26.191.255 (net range)
  • 62.109.192.0/18 (CIDR) or 62.109.192.0 - 62.109.255.255 (net range)
  • 69.26.160.0/20 (CIDR) or 69.26.160.0 - 69.26.175.255 (net range)

 

Webex does not support or recommend filtering IP addresses for a particular region.  Filtering by region can cause serious degradation to the in meeting experience up to and including the inability to join meetings entirely.  

Webex leverages the Akamai content delivery network (CDN). The addresses akamaicdn.webex.com and lp.webex.com serve static content and are hosted by Akamai, which has IP ranges outside of the Webex IP ranges and these are subject to change at anytime.

Domains that need to be whitelisted

Webex recommends that content should not be cached at any time. The following domain(s) will be used by meeting clients that connect to Webex Meetings:

Client TypeDomain(s) 
Webex Desktop Clients (Mac/PC, including WebApp the browser based thin client) connecting to Webex Meetings*.webex.com
On-prem SIP/H323 devices calling into (or being called back from) a Webex Meeting*.webex.com (note IP dialing also available)
Webex Mobile Clients (iOS, Android) connecting to Webex Meetings*.webex.com
Teams Desktop Clients, Cloud Registered Devices (including Webex Boards), connecting to Webex MeetingsSee Article: Network Requirements for Webex Teams Services
If leveraging the People Insights feature the domain *.accompany.com also needs to be whitelisted.

We also require certificate validation through a certificate revocation list.  This Certificate Revocation List is hosted by Quovadis, and will require the following domain to be reachable:
  • *.quovadisglobal.com


If your firewall or web filtering system does not allow wildcard filtering, you can open your firewall by IP address (this is not recommended).  Due to the expanding nature of the Cisco Webex business, we maintain the right to add IP addresses at any time without notice.

All Webex hosted services are advertised under AS13445.  All traffic from AS13445 should be allowed.  Services hosted by other service providers are not included here.  This includes TSP partner systems or our content delivery partners.  If you are connecting to partner-hosted systems such as a Partner VoIP system, please contact the partner for the appropriate IP addresses and ports or refer to the peering policy.

Information for China Clusters


Additional Resource: 

Receive email updates to this article!

Was this article helpful?

Related Articles

Recently Viewed

Didn’t find an answer to your question?

Didn’t find an answer to your question?

Contact us
Didn’t find an answer to your question?
Didn’t find an answer to your question?