Administration - Port Reference Information for Cisco Webex Calling


Date	We've Made the Following Changes to this Article

June 9, 2020	We made the following changes to the CScan entry: Corrected one of the IP addresses—changed 199.59.67.156 to 199.59.64.156 New features required new ports as well as UDP—19560-19760
March 11, 2020	We added the following domain and IP addresses to application configuration: jp.bcld.webex.com—135.84.169.150 client-jp.bcld.webex.com idbroker.webex.com—64.68.99.6, 64.68.100.6 We updated the following domains with additional IP addresses to device configuration and firmware management: cisco.broadcloud.eu—85.119.56.198, 85.119.57.198 webapps.cisco.com—72.163.10.134 activation.webex.com—35.172.26.181, 52.86.172.220 cloudupgrader.webex.com—3.130.87.169, 3.20.185.219
February 27, 2020	We added the following domain and ports to device configuration and firmware management: cloudupgrader.webex.com—443, 6970

A correctly configured firewall is essential for a successful calling deployment. Not all firewall configurations need ports to be open but if you're running inside-to-outside rules, you should open ports to allow the protocols required for service out.

As long as you deploy NAT, define reasonable binding periods, and avoid manipulating SIP on the NAT device, you shouldn't need to open ports inbound on the firewall.

If a router or firewall is SIP Aware, meaning it has SIP Application Layer Gateway (ALG) or something similar enabled, we recommend that you turn off this functionality to maintain correct operation of service. See the relevant manufacturer's documentation for information about how to disable SIP ALG on specific devices.

Service Provider
Value Added Reseller

Port Reference for Webex Calling (Production)

Table 1. Webex Calling (Production)
Connection purpose	Source addresses	Source ports	Protocol	Destination addresses	Destination ports
Call signaling to Webex Calling (SIP TLS)	Local Gateway external (NIC)	8000-65535	TCP	85.119.56.128/26 85.119.57.128/26 128.177.14.0/25 128.177.36.0/26 135.84.169.0/25 135.84.170.0/25 135.84.171.0/25 135.84.172.0/25 185.115.196.0/25 185.115.197.0/25 199.59.64.0/25 199.59.65.0/25 199.59.66.0/25 199.59.67.0/25 199.59.70.0/25 199.59.71.0/25	8934
	Devices	5060-5080
	Applications	Ephemeral (OS dependent)
Call media to Webex Calling (SRTP)	Local Gateway external NIC	8000-48000^†	UDP	85.119.56.128/26 85.119.57.128/26 128.177.14.0/25 128.177.36.0/26 135.84.169.0/25 135.84.170.0/25 135.84.171.0/25 135.84.172.0/25 185.115.196.0/25 185.115.197.0/25 199.59.64.0/25 199.59.65.0/25 199.59.66.0/25 199.59.67.0/25 199.59.70.0/25 199.59.71.0/25	19560-65535
	Devices	19560-19660
	Applications	Ephemeral
Call signaling to PSTN gateway (SIP TLS)	Local Gateway internal NIC	8000-65535	TCP	Your ITSP PSTN GW or Unified CM	Depends on PSTN option (for example, typically 5060 or 5061 for Unified CM)
Call media to PSTN gateway (SRTP)	Local Gateway internal NIC	8000-48000^†	UDP	Your ITSP PSTN GW or Unified CM	Depends on PSTN option (for example, typically 5060 or 5061 for Unified CM)
Call signaling to publicly addressed endpoints (SIP TLS)	85.119.56.128/26 85.119.57.128/26 128.177.14.0/25 128.177.36.0/26 135.84.169.0/25 135.84.170.0/25 135.84.171.0/25 135.84.172.0/25 185.115.196.0/25 185.115.197.0/25 199.59.64.0/25 199.59.65.0/25 199.59.66.0/25 199.59.67.0/25 199.59.70.0/25 199.59.71.0/25	Ephemeral	TCP	Endpoint IP	8934
Device configuration and firmware management (Cisco devices)	Webex Calling devices	Ephemeral	TCP	3.20.185.219 3.130.87.169 35.172.26.181 52.86.172.220 72.163.10.134 85.119.56.128/26 85.119.56.198 85.119.57.128/26 85.119.57.198 135.84.169.186 135.84.170.186 173.37.149.125 199.59.64.143 199.59.65.228 199.59.66.228 199.59.67.143 *Domains: cisco-jp.bcld.webex.com cisco.broadcloud.com.au cisco.broadcloud.eu cisco.broadcloud.eu webapps.cisco.com activate.cisco.com activation.webex.com cisco.sipflash.com	80, 443
	Webex Calling devices	Ephemeral	TCP	**cloudupgrader.webex.com	**443, 6970
Device time synchronization (NTP)	Webex Calling devices	51494	UDP	85.119.56.128/26 85.119.57.128/26 135.84.169.154 135.84.170.154 199.59.64.152 199.59.65.181 199.59.66.181 199.59.67.152	123
Device name resolution	Webex Calling devices	Ephemeral	UDP and TCP	Host-defined	53
Application configuration	Webex Calling applications	Ephemeral	TCP	64.68.99.6 64.68.100.6 85.119.56.128/26 85.119.57.128/26 128.177.36.138 128.177.14.181 135.84.169.150 135.84.169.185 135.84.170.185 199.59.64.140 199.59.67.140 Domains: client-jp.bcld.webex.com jp.bcld.webex.com idbroker.webex.com	80, 443, 1081, 2208, 8443, 5222, 5280-5281, 52644-52645
Application time synchronization	Webex Calling applications	123	UDP	Host-defined	123
Application name resolution	Webex Calling applications	Ephemeral	UDP and TCP	Host-defined	53
CScan	Webex Calling devices	Ephemeral	UDP and TCP	135.84.169.183 185.115.196.0/25 199.59.65.243 199.59.64.156	8934 and 80, 443, 19569-19760

† CUBE media port range is configurable with rtp-port range

*When a phone connects to a network for the first time or after a factory reset, if there are no DHCP options set up, it contacts a device activation server for zero touch provisioning. New phones use activate.cisco.com instead of webapps.cisco.com for provisioning. Phones with firmware release prior to 11.2(1), continue to use webapps.cisco.com. We recommend that you allow both domains through your firewall.

**You need to enable cloudupgrader.webex.com and the 443, 6970 ports only when migrating from Enterprise phones (Cisco Unified CM) to Webex Calling. Go to upgrade.cisco.com for more information.

Port Reference for Webex Calling (Beta)

Table 2. Webex Calling (Beta)
Connection purpose	Source addresses	Source ports	Protocol	Destination addresses	Destination ports
Call signaling to Webex Calling (SIP/SIP TLS)	Local Gateway external NIC	8000-65535	TCP	135.84.171.0/25 135.84.172.0/25 199.59.65.0/25 199.59.66.0/25 199.59.70.0/25 199.59.71.0/25	8934
	Devices	5060-5080
	Applications	Ephemeral range (OS dependent)
Call media to Webex Calling (RTP/SRTP)	Local Gateway external NIC	8000-48000^†	UDP	135.84.171.0/25 135.84.172.0/25 199.59.65.0/25 199.59.66.0/25 199.59.70.0/25 199.59.71.0/25	19560-65535
	Devices	19560-19660
	Applications	Ephemeral
Call signaling to PSTN gateway (SIP TLS)	Local Gateway internal NIC	8000-65535	TCP	Your ITSP, PSTN GW, or Unified CM	Depends on PSTN option, eg. Unified CM typically 5060 or 5061
Call media to PSTN gateway (SRTP)	Local Gateway internal NIC	8000-48000^†	UDP	Your ITSP, PSTN GW, or Unified CM	Depends on PSTN option
Call signaling to publicly addressed endpoints (SIP/SIP TLS)	199.59.65.0/25 199.59.66.0/25 199.59.70.0/25 199.59.71.0/25	Ephemeral	TCP	Endpoint IP	8934
Device configuration and firmware management (Cisco devices)	Webex Calling devices	Ephemeral	TCP	173.37.149.125 199.59.66.227 199.59.65.227 *Domains: betacisco.sipflash.com webapps.cisco.com activate.cisco.com activation.webex.com	80, 443
	Webex Calling devices	Ephemeral	TCP	**cloudupgrader.webex.com	**443, 6970
Device time synchronization (NTP)	Webex Calling devices	51494	UDP	199.59.65.181 199.59.66.181	123
Device name resolution	Webex Calling devices	Ephemeral	UDP and TCP	Host-defined	53
Application configuration	Webex Calling applications	Ephemeral	TCP	128.177.36.137 128.177.14.182	80, 443
Application time synchronization	Webex Calling applications	123	UDP	Host-defined	123
Application name resolution	Webex Calling applications	Ephemeral	UDP and TCP	Host-defined	53

† CUBE media port range is configurable with rtp-port range

*When a phone connects to a network for the first time or after a factory reset, if there are no DHCP options set up, it contacts a device activation server for zero touch provisioning. New phones activate.cisco.com instead of webapps.cisco.com for provisioning. Phones with firmware release prior to 11.2(1), continue to use webapps.cisco.com. We recommend that you allow both domains through your firewall.

**You need to enable cloudupgrader.webex.com and the 443, 6970 ports only when migrating from Enterprise phones (Cisco Unified CM) to Webex Calling. Go to upgrade.cisco.com for more information.

Port Reference for Webex Calling (Production)

Table 3. Webex Calling (Production)
Connection purpose	Source addresses	Source ports	Protocol	Destination addresses	Destination ports
Call signaling to Webex Calling (SIP TLS)	Local Gateway external NIC	8000-65535	TCP	85.119.56.128/26 85.119.57.128/26 135.84.169.0/25 135.84.170.0/25 135.84.171.0/25 135.84.172.0/25 185.115.196.0/25 185.115.197.0/25 199.59.64.0/25 199.59.65.0/25 199.59.66.0/25 199.59.67.0/25 199.59.70.0/25 199.59.71.0/25 128.177.14.0/25 128.177.36.0/26	8934
	Devices	5060-5080
	Applications	Ephemeral (OS dependent)
Call media to Webex Calling (SRTP)	Local Gateway external NIC	8000-48000^†	UDP	85.119.56.128/26 85.119.57.128/26 135.84.169.0/25 135.84.170.0/25 135.84.171.0/25 135.84.172.0/25 185.115.196.0/25 185.115.197.0/25 199.59.64.0/25 199.59.65.0/25 199.59.66.0/25 199.59.67.0/25 199.59.70.0/25 199.59.71.0/25 128.177.14.0/25 128.177.36.0/26	19560-65535
	Devices	19560-19660
	Applications	Ephemeral
Call signaling to PSTN gateway (SIP TLS)	Local Gateway internal NIC	8000-65535	TCP	Your ITSP, PSTN GW, or Unified CM	Depends on PSTN option, eg. Unified CM typically 5060 or 5061
Call media to PSTN gateway (SRTP)	Local Gateway internal NIC	8000-48000^†	UDP	Your ITSP, PSTN GW, or Unified CM	Depends on PSTN option
Call signaling to publicly addressed endpoints (SIP TLS)	85.119.56.128/26 85.119.57.128/26 135.84.169.0/25 135.84.170.0/25 135.84.171.0/25 135.84.172.0/25 185.115.196.0/25 185.115.197.0/25 199.59.64.0/25 199.59.65.0/25 199.59.66.0/25 199.59.67.0/25 199.59.70.0/25 199.59.71.0/25	Ephemeral	TCP	Endpoint IP	8934
Device configuration and firmware management (Cisco devices)	Webex Calling devices	Ephemeral	TCP	3.130.87.169, 3.20.185.219 35.172.26.181, 52.86.172.220 72.163.10.134 85.119.56.198 85.119.57.198 135.84.169.186 135.84.170.186 173.37.149.125 199.59.64.143 199.59.65.228 199.59.66.228 199.59.67.143 *Domains: cisco-jp.bcld.webex.com cisco.broadcloud.eu cisco. broadcloud.com.au cisco.sipflash.com webapps.cisco.com activate.cisco.com activation.webex.com	80, 443
	Webex Calling devices	Ephemeral	TCP	**cloudupgrader.webex.com	**443, 6970
Device time synchronization (NTP)	Webex Calling devices	51494	UDP	85.119.56.218 85.119.57.218 135.84.169.154 135.84.170.154 199.59.64.152 199.59.65.181 199.59.66.181 199.59.67.152	123
Device name resolution	Webex Calling devices	Ephemeral	UDP and TCP	Host-defined	53
Application configuration	Webex Calling applications	Ephemeral	TCP	64.68.99.6 64.68.100.6 85.119.56.197 85.119.57.197 128.177.36.138 128.177.14.181 135.84.169.150 135.84.169.185 135.84.170.185 199.59.64.140 199.59.67.140 Domains: client-jp.bcld.webex.com jp.bcld.webex.com idbroker.webex.com	80, 443
Application time synchronization	Webex Calling applications	123	UDP	Host-defined	123
Application name resolution	Webex Calling applications	Ephemeral	UDP and TCP	Host-defined	53
CScan	Devices	Ephemeral	UDP and TCP	135.84.169.183 185.115.196.129 199.59.65.243 199.59.64.156	8934 and 80, 443, 19560-19760

† CUBE media port range is configurable with rtp-port range

*When a phone connects to a network for the first time or after a factory reset, if there are no DHCP options set up, it contacts a device activation server for zero touch provisioning. New phones activate.cisco.com instead of webapps.cisco.com for provisioning. Phones with firmware release prior to 11.2(1), continue to use webapps.cisco.com. We recommend that you allow both domains through your firewall.

**You need to enable cloudupgrader.webex.com and the 443, 6970 ports only when migrating from Enterprise phones (Cisco Unified CM) to Webex Calling. Go to upgrade.cisco.com for more information.

Port Reference for Webex Calling (Beta)

Table 4. Webex Calling (Beta)
Connection purpose	Source addresses	Source ports	Protocol	Destination addresses	Destination ports
Call signaling to Webex Calling (SIP TLS)	Local Gateway external NIC	8000-65535	TCP	135.84.171.0/25 135.84.172.0/25 199.59.65.0/25 199.59.66.0/25 199.59.70.0/25 199.59.71.0/25	8934
	Devices	5060-5080
	Applications	Ephemeral range (OS dependent)
Call media to Webex Calling (SRTP)	Local Gateway external NIC	8000-48000^†	UDP	135.84.171.0/25 135.84.172.0/25 199.59.65.0/25 199.59.66.0/25 199.59.70.0/25 199.59.71.0/25	19560-65535
	Devices	19560-19660
	Applications	Ephemeral
Call signaling to PSTN gateway (SIP TLS)	Local Gateway internal NIC	8000-65535	TCP	Your ITSP, PSTN GW, or Unified CM	Depends on PSTN option, eg. Unified CM typically 5060 or 5061
Call media to PSTN gateway (SRTP)	Local Gateway internal NIC	8000-48000^†	UDP	Your ITSP, PSTN GW, or Unified CM	Depends on PSTN option
Call signaling to publicly addressed endpoints (SIP TLS)	135.84.171.0/25 135.84.172.0/25 199.59.65.0/25 199.59.66.0/25 199.59.70.0/25 199.59.71.0/25	Ephemeral	TCP	Endpoint IP	8934
Device configuration and firmware management (Cisco devices)	Webex Calling devices	Ephemeral	TCP	173.37.149.125 199.59.66.227 199.59.65.227 *Domains: betacisco.sipflash.com webapps.cisco.com activate.cisco.com activation.webex.com	80, 443
	Webex Calling devices	Ephemeral	TCP	**cloudupgrader.webex.com	**80, 443, 6970
Device time synchronization (NTP)	Webex Calling devices	51494	UDP	199.59.65.181 199.59.66.181	123
Device name resolution	Webex Calling devices	Ephemeral	UDP and TCP	Host-defined	53
Application configuration	Webex Calling applications	Ephemeral	TCP	128.177.36.137 128.177.14.182	80, 443
Application time synchronization	Webex Calling applications	123	UDP	Host-defined	123
Application name resolution	Webex Calling applications	Ephemeral	UDP and TCP	Host-defined	53

† CUBE media port range is configurable with rtp-port range

*When a phone connects to a network for the first time or after a factory reset, if there are no DHCP options set up, it contacts a device activation server for zero touch provisioning. New phones activate.cisco.com instead of webapps.cisco.com for provisioning. Phones with firmware release prior to 11.2(1), continue to use webapps.cisco.com. We recommend that you allow both domains through your firewall.

**You need to enable cloudupgrader.webex.com and the 443, 6970 ports only when migrating from Enterprise phones (Cisco Unified CM) to Webex Calling. Go to upgrade.cisco.com for more information.

Port Reference Information for Cisco Webex Calling

Port Reference for Webex Calling (Production)

Port Reference for Webex Calling (Beta)

Port Reference for Webex Calling (Production)

Port Reference for Webex Calling (Beta)

Was this article helpful?

What was great?

Where did we go wrong?

Thanks for your feedback.

Recently Viewed

Port Reference Information for Cisco Webex Calling

Port Reference for Webex Calling (Production)

Port Reference for Webex Calling (Beta)

Port Reference for Webex Calling (Production)

Port Reference for Webex Calling (Beta)

Was this article helpful?

What was great?

Where did we go wrong?

Thanks for your feedback.

Related Articles

Recently Viewed