Water Mark
Aug 3, 2020 | view(s) | people thought this was helpful

How Do I Allow Webex Meetings Traffic on My Network?

Allow domains access through your Firewall, Web Proxy, or any other filtering device, List of IP addresses by region, Ports used by the Webex client for communication for both inbound and outbound traffic, Default Ports used by Video Collaboration Devices

How do I allow Webex Meetings traffic on my network?

Network Requirements

Network Requirements for Cisco Webex

How do I optimize firewall and proxy settings for use with Webex services?

What ports need to be opened to use Webex services?

What exceptions should I add to my firewall for Webex?

What IP range is assigned to Webex?

What settings does Webex recommend for proxy servers?

Click on the Subscribe To This Article button if you would like to be notified of changes to this article. 
 

Webex website, Webex Desktop App/Productivity Tools, Webex Meetings for Android/iOS, Webex Web App
ProtocolPort Number(s)DirectionAccess TypeComments
TCP80 / 443OutboundWebex Client Access port and Webex Events (Audio Streaming)Webex client signaling port is used to exchange initial meeting setup information. Fall-back port for media connectivity when UDP ports are not open in the firewall. Webex Events Audio Broadcast transmission.
TCP/UDP53OutboundDNSUsed for DNS lookups to discover the IP addresses of Webex servers in the cloud. Even though typical DNS lookups are done over UDP, some may require TCP, if the query responses cannot fit it in UDP packets.
UDP9000OutboundWebex Client Media (VoIP and Video RTP)Webex client media port is used to exchange audio, video and content sharing streams. We strongly recommend opening this port for the highest quality media experience.
TCP/UDPOperating System Specific Ephemeral PortsInboundReturn traffic from WebexWebex will communicate to the destination port received when the client makes its connection.  A firewall should be configured to allow these return connections through. 
 
TCP443InboundProximityThe connecting device must have an IPv4 route-able path between itself and the device using HTTPS.

These ports are provided as a reference only.  Please refer to the deployment guide/manufacturer recommendation for full details.

ProtocolPort Number(s)DirectionAccess TypeComments
TCP5060-5070OutboundSIP signalingThe Webex media edge listens on 5060 - 5070.

For more information, please see the configuration guide on the specific service being used: Cisco Webex Meeting Center Video Conferencing Enterprise Deployment Guide.pdf
TCP5060, 5061 and 5065InboundSIP signalingInbound SIP signaling traffic from the Webex cloud
TCP / UDP1719, 1720 and port 15000-19999Inbound and OutboundH.323 LSIf your endpoint requires gatekeeper communication, also open port 1719 which includes Lifesize.
TCP/UDPEphemeral Ports
36000-59999
Inbound and OutboundMedia portsIf you're using a Cisco Expressway, the media ranges need to be set to 36000-59999. If you are using a third party endpoint or call control, they need to be configured to use this range.

For on-premise Video Device network configuration refer to the following guide: Cisco Expressway IP Port Usage - Configuration Guide
 

ProtocolPort Number(s)DirectionAccess TypeComments
TCP5061, 5062InboundSIP SignalingInbound SIP signaling for Webex Edge Audio
TCP5061, 5065OutboundSIP SignalingOutbound SIP signaling for Webex Edge Audio
TCP/UDPEphemeral Ports
8000 - 59999
InboundMedia PortsOn an enterprise firewall, pinholes need to be opened up for incoming traffic to Expressway with port range from 8000 - 59999
  • 62.109.192.0/18 (CIDR) or 62.109.192.0 - 62.109.255.255 (net range)
  • 64.68.96.0/19 (CIDR) or 64.68.96.0 - 64.68.127.255 (net range)
  • 66.114.160.0/20 (CIDR) or 66.114.160.0 - 66.114.175.255 (net range)
  • 66.163.32.0/19 (CIDR) or 66.163.32.0 - 66.163.63.255 (net range)
  • 69.26.160.0/19 (CIDR) or 69.26.160.0 - 69.26.191.255 (net range)
  • 114.29.192.0/19 (CIDR) or 114.29.192.0 - 114.29.223.255 (net range)
  • 150.253.128.0/17 (CIDR) or 150.253.128.0 - 150.253.255.255 (net range)
  • 170.72.0.0/16 (CIDR) or 170.72.0.0 - 170.72.255.255 (net range)
  • 170.133.128.0/18 (CIDR) or 170.133.128.0 - 170.133.191.255 (net range)
  • 173.39.224.0/19 (CIDR) or 173.39.224.0 - 173.39.255.255 (net range)
  • 173.243.0.0/20 (CIDR) or 173.243.0.0 - 173.243.15.255 (net range)
  • 207.182.160.0/19 (CIDR) or 207.182.160.0 - 207.182.191.255 (net range)
  • 209.197.192.0/19 (CIDR) or 209.197.192.0 - 209.197.223.255 (net range)
  • 210.4.192.0/20 (CIDR) or 210.4.192.0 - 210.4.207.255 (net range)
  • 216.151.128.0/19 (CIDR) or 216.151.128.0 - 216.151.159.255 (net range)

Webex recommends that content should not be cached at any time. The following domain(s) will be used by meeting clients that connect to Webex Meetings:

Client TypeDomain(s) 
Webex Meetings Desktop Application*.wbx2.com
Webex Meetings Desktop Application*.ciscospark.com
Webex Desktop Clients (Mac/PC, including WebApp the browser based thin client) connecting to Webex Meetings*.webex.com
On-prem SIP/H323 devices calling into (or being called back from) a Webex Meeting*.webex.com (note IP dialing also available)
Webex Mobile Clients (iOS, Android) connecting to Webex Meetings*.webex.com
Certificate Validation*.quovadisglobal.com
Certificate Validation*.digicert.com
People Insights Integration*.accompany.com
Webex Meetings user guidance flows. Provides onboarding and usage tours for new users*.walkme.com
Teams Desktop Clients, Cloud Registered Devices (including Webex Boards), connecting to Webex MeetingsSee Article: Network Requirements for Webex Teams Services
All Webex hosted services are advertised under AS13445, refer to the Webex Peering Policy. Services hosted by other service providers are not included here.  This includes TSP partner systems or our content delivery partners.  If you are connecting to partner-hosted systems such as a Partner VoIP system, please contact the partner for the appropriate IP addresses and ports.

Guidance on IPS firewall:
  • Bypass firewall IPS or other types of DoS protection(whitelist) for Webex traffic (defined by Webex IP CIDR blocks), especially the media traffic.
  • If IPS can not be a bypass, proper sizing is required to be carried out to ensure IPS have sufficient capacity to handle the audio and video throughput for a large number of participants.
  • If IPS can not be a bypass, proper fine-tuning of the signature and threshold has to be achieved so that Webex traffic is not misclassified and subsequently dropped.
  • Monitor firewall IPS alerts to investigate any IPS alert against Webex traffic.
Revision DateNew and Changed Information
7/31/2020Added *.wbx2.com and *.ciscospark.com domains
7/27/2020Added 170.72.0.0/16 (CIDR) or 170.72.0.0 - 170.72.255.255 (net range)
7/24/2020Added Guidance on IPS firewall
6/1/20
  • Added whitelist for People Insights and WalkMe
  • Added TCP 443 Inbound Port
  • Added Configuration guide for on-premise Video Device network
4/29/20Added *.digicert.com for Cert Validation
4/22/20Added new IP range 150.253.128.0/17
3/27/20Opening Paragraph added to the Solution.  Updated the Comments for the "Webex website, Webex Desktop App/Productivity Tools, Webex Meetings for Android/iOS, Webex Web App" table
3/3/2020Provided an update for Port Exceptions
2/14/2020UDP 9000 for AB was removed and added Audio Broadcast is only available on TCP port 443.
1/29/2020Access Type Column: Alternate Webex Client Media (VoIP and Video RTP)
12/11/2019Added "port 80" in Table 1 - Row # 4.
10/30/19For Edge Audio - On an enterprise firewall, pinholes need to be opened up for incoming traffic to Expressway with port range from 8000 - 59999
07/25/2019Updated text for UDP 9000, and completely new row for TCP 5004.  Since TCP 5004 port is going to be deferred from the 39.7 release.
6/27/2019Added People Insights *.accompany.com domain requirement
5/23/2019Added 170.133.128.0/18 range
2/27/2019Added info for China Clusters link to new article WBX9000018173

Information for China Clusters:

Was this article helpful?

Receive email updates to this article!

Related Articles

Recently Viewed

×