Here is a list of the addresses, ports, and protocols used for connecting your phones, the Webex App, and gateways to Webex for Cisco BroadWorks. This article is for network administrators, particularly firewall and proxy security administrators who use Webex for Cisco BroadWorks services within their organization.
Connection Map
The following diagram illustrates integration points. The point of the diagram is to show that you need to review IPs and Ports for connections into and out of your environment. The connections that are used by Webex for Cisco BroadWorks are described in the subsequent tables.
The firewall requirements for the normal functioning of the client application are listed as references since they are already documented on help.webex.com.
Firewall Configuration
The connection map and the following tables describe the connections and protocols required between the clients (on or off the customer’s network), your network, and the Webex platform.
(Into your network)
| Purpose | Source | Protocol | Destination | Destination Port |
|
WebexCloud CTI/Auth/XSI |
IP Range 23.89.0.0/16 44.234.52.192/26 62.109.192.0/18 64.68.96.0/19 66.114.160.0/20 66.163.32.0/19 69.26.160.0/19 114.29.192.0/19 144.196.0.0/16 150.253.128.0/17 163.129.0.0/16 170.72.0.0/16 170.133.128.0/18 173.39.224.0/19 173.243.0.0/20 207.182.160.0/19 209.197.192.0/19 210.4.192.0/20 216.151.128.0/19 |
HTTPS CTI |
Your XSP |
TCP/TLS 8012 443 |
|
Webex App Xsi/DMS |
Any |
HTTPS |
Your XSP |
443 |
|
Webex app VoIP endpoints SIP |
Any |
SIP |
Your SBC |
SP-defined protocol and port TCP/UDP |
 |
It is strongly advisable for the SIP port to be different from 5060 (for example, 5075) due to known issues with using the
standard SIP port (5060) with mobile devices.
|
|
These IP addresses/ranges are not owned by Cisco and are subject to change periodically. If you are using a firewall, we recommend
allowing the urls listed.
|
(Out of your network)
|
Purpose |
Source |
Protocol |
Destination |
Destination Port |
|
User Provisioning via APIs |
Your Application Server |
HTTPS |
webexapis.com |
443 |
|
Proxy Push Notifications (production service) |
Your NPS Server |
HTTPS |
https://nps.uc-one.broadsoft.com/ OR 34.64.0.0/10, 35.208.0.0/12, 35.224.0.0/12, 35.240.0.0/13 † |
443 |
|
Webex Common Identity |
Your NPS Server |
HTTPS |
https://idbroker.webex.com |
443 |
|
Webex Common Identity |
Auth Service XSP |
HTTPS |
https://idbroker-eu.webex.com/idb https://broadworks-idp-proxy-k.wbx2.com/broadworks-idp-proxy/api/v1/idp/authenticate |
443 |
|
APNS and FCM services |
Your NPS Server |
HTTPS |
Any IP address* |
443 |
|
User Provisioning via BroadWorks Provisioning Adapter |
Your BroadWorks AS |
HTTPS |
https://broadworks-provisioning-bridge-*.wbx2.com/ (where * could be any letter. Your exact provisioning URL is available in the template you create in Partner Hub) |
443 |
|
Cisco CI Token Validation |
Auth Service XSP |
HTTPS |
https://cifls.webex.com/federation |
443 |
|
BroadWorks Subscription and Webex with BroadWorks on Cisco paper |
Your BroadWorks AS |
HTTPS |
https://wholesale-billing-service-a.wbx2.com - US East https://wholesale-billing-service-r.wbx2.com - US West https://wholesale-billing-service-k.wbx2.com - Europe |
443 |
† These ranges contain the hosts for NPS proxy, but we cannot give the exact addresses. The ranges may also contain hosts that are not related to Webex for Cisco BroadWorks. We recommend that you configure your firewall to allow traffic to the NPS proxy FQDN instead, to ensure that your egress is only towards the hosts we expose for NPS proxy.
* APNS and FCM do not have a fixed set of IP addresses.
(Into your network)
|
Purpose |
Source |
Protocol |
Destination |
Destination Port |
|
WebexCloud CTI/Auth/XSI |
IP Range 23.89.0.0/16 44.234.52.192/26 62.109.192.0/18 64.68.96.0/19 66.114.160.0/20 66.163.32.0/19 69.26.160.0/19 114.29.192.0/19 144.196.0.0/16 150.253.128.0/17 163.129.0.0/16 170.72.0.0/16 170.133.128.0/18 173.39.224.0/19 173.243.0.0/20 207.182.160.0/19 209.197.192.0/19 210.4.192.0/20 216.151.128.0/19 |
HTTPS CTI |
Your XSP |
TCP/TLS 8012 TLS 443 |
|
Webex App Xsi/DMS |
Any |
HTTPS |
Your XSP |
443 |
|
Webex App VoIP endpoints SIP |
Any |
SIP |
Your SBC |
SP-defined protocol and port TCP/UDP |
|
It is strongly advisable for the SIP port to be different from 5060 (for example, 5075) due to known issues with using the
standard SIP port (5060) with mobile devices.
|
|
These IP addresses/ranges are not owned by Cisco and are subject to change periodically. If you are using a firewall, we recommend
allowing the urls listed.
|
(Out of your network)
|
Purpose |
Source |
Protocol |
Destination |
Destination Port |
|
User Provisioning via APIs |
Your Application Server |
HTTPS |
webexapis.com |
443 |
|
Proxy Push Notifications (production service) |
Your NPS Server |
HTTPS |
https://nps.uc-one.broadsoft.com/ OR 34.64.0.0/10, 35.208.0.0/12, 35.224.0.0/12, 35.240.0.0/13 † |
443 |
|
Webex Common Identity |
Your NPS Server |
HTTPS |
https://idbroker.webex.com https://idbroker-b-us.webex.com |
443 |
|
Webex Common Identity |
Auth Service XSP |
HTTPS |
https://idbroker.webex.com/idb https://idbroker-b-us.webex.com/idb https://broadworks-idp-proxy-a.wbx2.com/broadworks-idp-proxy/api/v1/idp/authenticate https://broadworks-idp-proxy-r.wbx2.com/broadworks-idp-proxy/api/v1/idp/authenticate |
443 |
|
APNS and FCM services |
Your NPS Server |
HTTPS |
Any IP address* |
443 |
|
User Provisioning via BWKS Provisioning Adapter |
Your BroadWorks AS |
HTTPS |
https://broadworks-provisioning-bridge-*.wbx2.com/ (where * could be any letter. Your exact provisioning URL is available in the template you create in Partner Hub) |
443 |
|
Cisco CI Token Validation |
Auth Service XSP |
HTTPS |
https://cifls.webex.com/federation |
443 |
|
BroadWorks Subscription and Webex with BroadWorks on Cisco paper |
Your BroadWorks AS |
HTTPS |
https://wholesale-billing-service-a.wbx2.com - US East https://wholesale-billing-service-r.wbx2.com - US West https://wholesale-billing-service-k.wbx2.com - Europe |
443 |
† These ranges contain the hosts for NPS proxy, but we cannot give the exact addresses. The ranges may also contain hosts that are not related to Webex for Cisco BroadWorks. We recommend that you configure your firewall to allow traffic to the NPS proxy FQDN instead, to ensure that your egress is only towards the hosts we expose for NPS proxy.
* APNS and FCM do not have a fixed set of IP addresses.
Domains and URLs for Webex for BroadWorks
|
Domain / URL |
Description |
Webex apps and devices using these domains / URLs |
|---|---|---|
|
*.webex.com |
Webex Core Services for Calling, Meeting, and Messaging like Authentication, etc. |
All |
|
*.wbx2.com and *.ciscospark.com |
Webex micro-services, like Software upgrade service. |
All |
If your network firewall supports domain allow lists for http(s) traffic, like *.webex.com, it is highly recommended to allow all of these domains.
Webex Meetings/Messaging - Network Requirements
The MPP devices now onboard to the Webex Cloud for services like Call History, Directory Search and Meetings. The network requirements for these Webex services can be found in Network Requirements for Webex Services. These requirements also apply when deploying Webex Video Devices.
Document Revision History
|
Date |
We've made the following changes to this article |
|---|---|
|
October 09, 2023 |
Added BroadWorks Subscription and Webex with BroadWorks on Cisco paper requirements in EMEA and USA Egress Rules. |
|
August 01, 2023 |
Updated EMEA Egress Rules and USA Egress Rules. |
|
July 20, 2023 |
Updated IP subnets for media services for EMEA Ingress Rules and USA Ingress Rules. |
|
October 12, 2022 |
Made formatting/editorial changes only. No changes made to the content. |
|
August 31, 2022 |
We added the following domain, IP, and ports to the Webex for BroadWorks network requirements. |
