A correctly configured firewall and proxy are essential for a successful Calling deployment. Webex Calling uses SIP and HTTPS for call signaling and the associated addresses and ports for media, network connection, and gateway connectivity as Webex Calling is a global service.

Not all firewall configurations require ports to be open. However, if you're running inside-to-outside rules, you must open ports for the required protocols to let out services.

Network Address Translation (NAT)

Network Address Translation (NAT) and Port Address Translation (PAT) functionality are applied at the border between two networks to translate address spaces or to prevent the collision of IP address spaces.

Organizations use gateway technologies like firewalls and proxies that provide NAT or PAT services to provide internet access to Webex App applications or Webex devices that are on a private IP address space. These gateways make traffic from internal Apps or Devices to the internet appear to be coming from one or more publicly routable IP addresses.

  • If deploying NAT, it’s not mandatory to open an inbound port on the firewall.

  • Validate the NAT pool size required for App or Devices connectivity when multiple app users and devices access Webex Calling & Webex aware services using NAT or PAT. Ensure that adequate public IP addresses are assigned to the NAT pools to prevent port exhaustion. Port exhaustion contributes to internal users and devices being unable to connect to the Webex Calling and Webex Aware services.

  • Define reasonable binding periods and avoid manipulating SIP on the NAT device.

  • Configure a minimum NAT timeout to ensure proper operation of devices. 예: Cisco phones send a follow-up REGISTER refresh message every 1-2 minutes.

  • If your network implements NAT or SPI, then set a larger timeout (of at least 30 minutes) for the connections. This timeout allows reliable connectivity while reducing the battery consumption of the users' mobile devices.

SIP Application Layer Gateway

If a router or firewall is SIP Aware, that is the SIP Application Layer Gateway (ALG) or similar is enabled, we recommend that you turn off this functionality to maintain correct operation of service.

Check the relevant manufacturer's documentation for steps to disable SIP ALG on specific devices.

Proxy support for Webex Calling

Organizations deploy an internet firewall or internet proxy and firewall, to inspect, restrict, and control the HTTP traffic that leaves and enters their network. Thus protecting their network from various forms of cyberattacks.

Proxies perform several security functions such as:

  • Allow or block access to specific URLs.

  • 사용자 인증

  • IP address/domain/hostname/URI reputation lookup

  • Traffic decryption and inspection

On configuring the proxy feature, it applies to all the applications that use the HTTP's protocol.

The Webex App and Webex device applications include the following:

  • Webex 서비스

  • Customer device activation (CDA) procedures using Cisco Cloud provisioning platform such as GDS, EDOS device activation, provisioning & onboarding to Webex cloud.

  • Certificate Authentication

  • Firmware Upgrades

  • Status Reports

  • PRT Uploads

  • XSI Services


 

If a proxy server address is configured, then only the Signaling traffic (HTTP/HTTPS) is sent to the proxy server. Clients that use SIP to register to the Webex Calling service and the associated media aren’t sent to the proxy. Therefore, allow these clients to go through the firewall directly.

Supported Proxy Options, configuration & Authentication types

The supported proxy types are:

  • Explicit Proxy (inspecting or noninspecting)—Configure the clients either App or Device with explicit proxy to specify the server to use.

  • Transparent Proxy (noninspecting)—The Clients aren’t configured to use a specific proxy server address and don’t require any changes to work with a noninspecting proxy.

  • Transparent Proxy (inspecting)—The Clients aren’t configured to use a specific proxy server address. No HTTP's configuration changes are necessary; however, your clients either App or Devices need a root certificate so that they trust the proxy. The IT team uses the inspecting proxies to enforce policies on the websites to visit and the types of content that aren’t permitted.

Configure the proxy addresses manually for the Cisco devices and the Webex App using:

While configuring your preferred product types, choose from the following Proxy configurations & authentication types in the table:

제품

프록시 구성

인증 유형

Mac용 Webex

수동, WPAD, PAC

No Auth, Basic, NTLM,

Windows용 Webex

수동, WPAD, PAC, GPO

No Auth, Basic, NTLM, , Negotiate

iOS용 Webex

수동, WPAD, PAC

인증 없음, 기본, 다이제스트, NTLM

Webex Android용

수동, PAC

인증 없음, 기본, 다이제스트, NTLM

Webex 웹 앱

Supported through OS

No Auth, Basic, Digest, NTLM, Negotiate

Webex 장치

WPAD, PAC 또는 수동

인증 없음, 기본, 다이제스트

Cisco IP 전화기

수동, WPAD, PAC

인증 없음, 기본, 다이제스트

Webex 비디오 메시 노드

수동

인증 없음, 기본, 다이제스트, NTLM

For legends in the table:

  1. Mac NTLM Auth - Machine need not be logged on to the domain, user prompted for a password

  2. Windows NTLM Auth - Supported only if a machine is logged onto the domain

  3. Negotiate - Kerberos with NTLM fallback auth.

  4. To connect a Cisco Webex Board, Desk, or Room Series device to a proxy server, see Connect your Board, Desk, or Room Series device to a proxy server.

  5. For Cisco IP phones, see Set Up a Proxy Server as an example for configuring the proxy server and settings.


 

For No Authentication, configure the client with a proxy address that doesn’t support authentication. When using Proxy Authentication, configure with valid credentials. 웹 트래픽을 검사하는 프록시는 웹 소켓 연결을 방해할 수도 있습니다. If this problem occurs, bypassing the not inspecting traffic to *.Webex.com might solve the problem. If you already see other entries, add a semicolon after the last entry, and then enter the Webex exception.

Proxy settings for Windows OS

Microsoft Windows support two network libraries for HTTP traffic (WinINet and WinHTTP) that allow Proxy configuration.WinINet is a superset of WinHTTP.

  1. WinInet is designed for single-user, desktop client applications

  2. WinHTTP is designed primarily for multiuser, server-based applications

When selecting between the two, choose WinINet for your proxy configuration settings. For details, see wininet-vs-winhttp.

Refer to Configure a list of allowed domains to access Webex while on your corporate network for details on the following:

  • To ensure that people only sign in to applications using accounts from a predefined list of domains.

  • 프록시 서버를 사용하여 요청을 인터셉트하고 허용되는 도메인으로 제한합니다.

프록시 검사 및 인증서 핀 고정하기

The Webex App and Devices validate the certificates of the servers when they establish the TLS sessions. Certificate checks that such as the certificate issuer and digital signature rely on verifying the chain of certificates up to the root certificate. To perform the validation checks, the Webex App and Devices use a set of trusted root CA certificates installed in the operating system trust store.

If you have deployed a TLS-inspecting Proxy to intercept, decrypt and inspect Webex Calling traffic. Ensure that the certificate the Proxy presents (instead of the Webex service certificate) is signed by a certificate authority, and the root certificate is installed in the trust store of your Webex App or Webex device.

  • For Webex App - Install the CA certificate that is used to sign the certificate by the proxy in the operating system of the device.

  • For Webex Room devices and Cisco multiplatform IP Phones - Open a service request with the TAC team to install the CA certificate.

This table shows the Webex App and Webex Devices that support TLS inspection by Proxy servers

제품

TLS 검사에 대해 사용자 정의 신뢰할 수 있는 CA를 지원함

Webex 앱(Windows, Mac, iOS, Android, 웹)

Webex Room 장치

Cisco IP Multiplatform (MPP) Phones

Firewall configuration

Cisco supports Webex Calling and Webex Aware services in secure Cisco and Amazon Web Services (AWS) data centers. Amazon has reserved its IP subnets for Cisco’s sole use, and secured the services located in these subnets within the AWS virtual private cloud.

Configure your firewall to allow communication from your devices, App's applications, and internet-facing services to perform their functions properly. This configuration allows access to all the supported Webex Calling and Webex Aware cloud services, domain names, IP addresses, Ports, and protocols.

Whitelist or open access to the following so that the Webex Calling and Webex Aware services function correctly.

  • The URLs/Domains mentioned under the section Domains and URLs for Webex Calling Services

  • IP subnets, Ports, and Protocols mentioned under the section IP Subnets for Webex Calling Services

  • If you're using the Webex Suite of cloud collaboration services within their organization, Webex Meetings, Messaging, Webex attendant console and other services then ensure you have the IP subnets, Domains/URLs mentioned in these articles are open Network Requirements for Webex Services and Network requirements for Attendant console

If you’re using only a firewall, then filtering Webex Calling traffic using IP addresses alone isn’t supported as some of the IP address pools are dynamic and may change at any time. Update your rules regularly, failing to update your firewall rules list could impact your users' experience. Cisco doesn’t endorse filtering a subset of IP addresses based on a particular geographic region or cloud service provider. Filtering by region can cause severe degradation to your calling experience.


 

참고: Cisco doesn't maintain dynamically changing IP address pools hence it isn’t listed in this article.

If your firewall doesn’t support Domain/URL filtering, then use an Enterprise Proxy server option. This option filters/allows by URL/domain the HTTPs signaling traffic to Webex Calling and Webex Aware services in your Proxy server, before forwarding to your firewall.

You can configure traffic using port and IP subnet filtering for call media. Since the media traffic requires direct access to the internet, choose the URL filtering option for signaling traffic.

For Webex Calling, UDP is Cisco’s preferred transport protocol for media, and it recommends using only SRTP over UDP. TCP and TLS as transport protocols for media aren’t supported for Webex Calling in production environments. The connection-orientated nature of these protocols affects media quality over lossy networks. If you have queries regarding the transport protocol, raise a support ticket.

Domains and URLs for Webex Calling services

A * shown at the beginning of a URL (for example, *.webex.com) indicates that services in the top-level domain and all subdomains are accessible.

도메인 / URL

설명

해당 도메인 / URL을 사용하는 Webex 앱 및 장치

Cisco Webex 서비스

*.broadcloudpbx.com

Control Hub에서 통화 관리 포털로의 크로스 런칭을 위한 Webex 인증 마이크로 서비스.

Control Hub

*.broadcloud.com.au

호주의 Webex Calling 서비스.

모두

*.broadcloud.eu

유럽의 Webex Calling 서비스.

모두

*.broadcloudpbx.net

Calling 클라이언트 구성 및 관리 서비스.

Webex 앱

*.webex.com

*.cisco.com

Core Webex Calling & Webex Aware services

  1. Identity provisioning

  2. Identity storage

  3. 인증

  4. OAuth services

  5. 장치 등록

  6. Cloud Connected UC

When a phone connects to a network for the first time or after a factory reset with no DHCP options set, it contacts a device activation server for zero touch provisioning. New phones use activate.cisco.com and phones with firmware release earlier than 11.2(1), continue to use webapps.cisco.com for provisioning.

Download the device firmware and locale updates from binaries.webex.com.

Allow Cisco Multiplatform phones (MPPs) older than 12.0.3 version to access sudirenewal.cisco.com through port 80 to renew Manufacturer Installed Certificate (MIC) and have a Secure Unique Device Identifier (SUDI). For details, see Field notice.

모두

*.ucmgmt.cisco.com

Webex Calling 서비스

Control Hub

*.wbx2.com 및 *.ciscospark.com

Used for cloud awareness to reach out to Webex Calling & Webex Aware services during and after onboarding.

These services are necessary for

  • Apps and Devices management

  • Apps Application notification mechanism service management

모두

*.webexapis.com

Webex microservices that manage your Webex App applications and Webex devices.

  1. Profile picture service

  2. Whiteboarding service

  3. Proximity service

  4. Presence service

  5. Registration service

  6. Calendaring service

  7. Search service

모두

*.webexcontent.com

Webex Messaging services related to general file storage including:

  1. User files

  2. Transcoded files

  3. 이미지

  4. Screenshots

  5. Whiteboard content

  6. Client & device logs

  7. 프로필 사진

  8. Branding logos

  9. 로그 파일

  10. Bulk CSV export files & import files (Control Hub)

Webex Apps Messaging services.


 

File storage using webexcontent.com replaced by clouddrive.com in October 2019

*.accompany.com

People insights integration

Webex 앱

Additional Webex-Related Services (Third-Party Domains)

*.appdynamics.com

*.eum-appdynamics.com

성능 추적, 오류 및 충돌 캡처, 세션 메트릭스.

Control Hub

*.sipflash.com

Device management services. Firmware upgrades and secure onboarding purposes.

Webex 앱

*.walkme.com *.walkmeusercontent.com

Webex 앱 사용자 안내 클라이언트. 새로운 사용자에게 등록 및 사용 투어를 제공합니다.

WalkMe에 대한 자세한 정보는 여기를 클릭하십시오.

Webex 앱

*.google.com

*.googleapis.com

Notifications to Webex apps on mobile devices (Example: new message, when call is answered)

For IP Subnets, refer to these links

Google Firebase Cloud Messaging (FCM) service

Apple Push Notification Service (APNS)


 

For APNS, Apple lists the IP subnets for this service.

Webex 앱

IP Subnets for Webex Calling services

IP Subnets for Webex Calling Services*

23.89.0.0/16

85.119.56.0/23

128.177.14.0/24

128.177.36.0/24

135.84.168.0/21

139.177.64.0/21

139.177.72.0/23

144.196.0.0/16

150.253.128.0/17

163.129.0.0/17

170.72.0.0/16

170.133.128.0/18

185.115.196.0/22

199.19.196.0/23

199.19.199.0/24

199.59.64.0/21

연결 목적

소스 주소소스 포트프로토콜대상 주소대상 포트메모
Webex Calling에 대한 통화 시그널링 (SIP TLS)로컬 게이트웨이 외부 (NIC)8000-65535TCPWebex Calling 서비스용 IP 서브넷을 참조하십시오.5062, 8934

These IPs/ports are needed for outbound SIP-TLS call signaling from Local Gateways, Devices, and Webex App Applications (Source) to Webex Calling Cloud (Destination).

Port 5062 (required for Certificate-based trunk). And port 8934 (required for Registration-based trunk

장치5060-50808934
Webex 앱 임시 (OS 종속)
Call signaling from Webex Calling (SIP TLS) to Local Gateway

Webex Calling address range.

Refer to IP Subnets for Webex Calling Services

8934TCPIP or IP range chosen by customer for their Local GatewayPort or port range chosen by customer for their Local Gateway

Applies to certificate-based local gateways. It is required to establish a connection from Webex Calling to a Local Gateway.

A Registration-based local gateway works on reusing a connection created from the local gateway.

Destination port is customer chosen Configure trunks

Call media to Webex Calling (STUN, SRTP/SRTCP, T38)로컬 게이트웨이 외부 NIC8000-48199*UDPWebex Calling 서비스용 IP 서브넷을 참조하십시오.

5004, 9000 (STUN Ports)

오디오: 8500-8599

비디오: 8600-8699

19560-65535 (SRTP over UDP)

  • These IPs/ports are used for outbound SRTP call media from Local Gateways, Devices, and Webex App Applications (Source) to Webex Calling Cloud (Destination).

  • For Calls within the organization where STUN, ICE negotiation is successful, the media relay in the cloud is removed as the communication path. In such cases the media flow is directly between the user's Apps/devices.

    예: If media optimization is successful, Webex App sends media directly between one another on port ranges 8500–8699 and devices send media directly to one another on ports ranges 19560–19661.

  • For certain network topologies where firewalls are used within a customer premise, allow access for the mentioned source and destination port ranges inside your network for the media to flow through.

    예: For webex App, allow the source and destination port range

    Audio:8500-8599 Video:8600-8699

Devices*19560-19661
Webex App*

오디오: 8500-8599

비디오: 8600-8699

Call media from Webex Calling (SRTP/SRTCP, T38)

Webex Calling address range.

Refer to IP Subnets for Webex Calling Services

19560-65535 (SRTP over UDP) UDPIP or IP range chosen by customer for their Local Gateway Media port range chosen by customer for their Local Gateway
PSTN 게이트웨이에 대한 통화 시그널링 (SIP TLS)로컬 게이트웨이 내부 NIC8000-65535TCP귀하의 ITSP PSTN GW 또는 Unified CMPSTN 옵션에 따라 달라짐 (예: 일반적으로 Unified CM의 5060 또는 5061)
Call media to PSTN gateway (SRTP/SRTCP)로컬 게이트웨이 내부 NIC8000-48199*UDP귀하의 ITSP PSTN GW 또는 Unified CMDepends on the PSTN option (for example, typically 5060 or 5061 for Unified CM)
장치 구성 및 펌웨어 관리 (Cisco 장치)Webex Calling 장치임시TCP

3.20.185.219

3.130.87.169

3.134.166.179

52.26.82.54

72.163.10.96/27

72.163.15.64/26

72.163.15.128/26

72.163.24.0/23

72.163.10.128/25

173.37.146.128/25

173.36.127.0/26

173.36.127.128/26

173.37.26.0/23

173.37.149.96/27

192.133.220.0/26

192.133.220.64/26

443, 6970, 80

Required for the following reasons:

  1. Migrating from Enterprise phones (Cisco Unified CM) to Webex Calling. See upgrade.cisco.com for more information. The cloudupgrader.webex.com uses ports: 6970,443 for the firmware migration process.

  2. Firmware upgrades and secure onboarding of devices (MPP and Room or Desk phones) using the 16-digit activation code (GDS)

  3. For CDA / EDOS - MAC address-based provisioning. 최신 펌웨어를 사용하는 장치(MPP 전화, ATAS 및 SPA ATAS)에서 사용됩니다.

  4. For Cisco ATAs ensure that the devices are on the minimum firmware of 11.1.0MSR3-9.

  5. When a phone connects to a network for the first time or after a factory reset, without the DHCP options set, it contacts a device activation server for zero touch provisioning. New phones are use activate.cisco.com instead of webapps.cisco.com for provisioning. Phones with firmware released earlier than 11.2(1) continue to use webapps.cisco.com. It’s recommended to allow all these IP subnets.

  6. Allow Cisco Multiplatform phones (MPPs) older than 12.0.3 version to access sudirenewal.cisco.com through port 80 for renewing the Manufacturer Installed Certificate (MIC) and having a Secure Unique Device Identifier (SUDI). For details, see Field Notice

Webex App configurationWebex App applications임시TCP

62.109.192.0/18

64.68.96.0/19

150.253.128.0/17

207.182.160.0/19

443, 8443Used for Id broker Authentication, Webex App configuration services for clients, Browser based web access for self-care AND Administrative interface access.

 
The TCP port 8443 is used by Webex App on Cisco Unified CM setup for downloading configuration. Only customers who use the setup to connect to Webex Calling must open the port.
장치 시간 동기화 (NTP)Webex Calling 장치51494UDPWebex Calling 서비스용 IP 서브넷을 참조하십시오.123이 IP 주소는 장치(MPP 전화, ATAS 및 SPA ATAS)의 시간 동기화에 필요합니다.

Domain Name System (DNS) resolution

Webex Calling devices, Webex App, and Webex Devices임시UDP 및 TCP호스트가 정의함53Used for DNS lookups to discover the IP addresses of Webex Calling services in the cloud. Even though typical DNS lookups are done over UDP, some may require TCP, if the query responses can’t fit it in UDP packets.
네트워크 시간 프로토콜(NTP)Webex App and Webex Devices123UDP호스트가 정의함123시간 동기화
CScanWeb based Network readiness Pre-qualification tool for Webex Calling임시TCPWebex Calling 서비스용 IP 서브넷을 참조하십시오.8934 and 443Web based Network readiness Prequalification tool for Webex Calling. 자세한 정보는 cscan.webex.com을 참조하십시오.
UDP19569-19760
Additional Webex Calling & Webex Aware Services (Third-Party)
Push notifications APNS and FCM services Webex Calling Applications 임시TCP

Refer to IP Subnets mentioned under the links

Apple Push Notification Service(APNS)

Google-Firebase Cloud Messaging (FCM)

443, 2197, 5228, 5229, 5230, 5223Notifications to Webex Apps on mobile devices (Example: When you receive a new message or when a call is answered)

 

  • *CUBE media port range is configurable with rtp-port range.

  • *Media ports for devices and applications that are dynamically assigned in the SRTP port rages. SRTP ports are even numbered ports, and the corresponding SRTCP port is allocated with the consecutive odd numbered port.

  • If a proxy server address is configured for your Apps and Devices, the signaling traffic is sent to the proxy. Media transported SRTP over UDP flows directly to your firewall instead of the proxy server.

  • If you’re using NTP and DNS services within your enterprise network, then open the ports 53 and 123 through your firewall.

Quality of Service (QoS)

Allows you to enable tagging of packets from the local device or client to the Webex Calling cloud platform. QoS enables you to prioritize real-time traffic over other data traffic. Enabling this setting modifies the QoS markings for Apps and devices that use SIP signaling and media.

Source Addresses Traffic type Destination Addresses 소스 포트 대상 포트 DSCP Class and value
Webex 앱 오디오

Refer IP subnets, Domains, and URLs for Webex Calling services

8500-8599 8500-8599, 19560-65535 Expedited Forwarding (46)
Webex 앱 비디오 8600-8699 8600-8699, 19560-65535 Assured Forwarding 41 (34)
Webex 앱 시그널링 임시 (OS 종속) 8934 CS0 (0)
Webex Devices (MPPs and Room)오디오 및 비디오 19560-19661 19560-65535

Expedited Forwarding (46) &

Assured Forwarding 41 (34)

Webex 장치 시그널링 5060-5080 8934 Class Selector 3 (24)

 

  • Create a separate QoS profile for Audio and Video/Share since they have different source port range to mark traffic differently.

  • For Windows Clients: To enable UDP Source Port Differentiation for your organization, contact your local account team. Without enabling, you cannot differentiate between the Audio and Video/Share using the Windows QoS Policies (GPO) because the source ports are the same for audio/video/share. For details, see Enable media source port ranges for Webex App

  • For Webex Devices, configure the QoS setting changes from the Control Hub device settings. For details, see Configure & modify device settings in Webex-Calling

Webex Meetings/Messaging - 네트워크 요구 사항

For customers who’re using Webex Suite of cloud collaboration services, Webex cloud registered products, onboard the MPP devices to the Webex Cloud for services like Call History, Directory Search, Meetings, and Messaging. Ensure that the Domains/URLs/IP Addresses/Ports mentioned in this article are open Network Requirements for Webex Services.

Webex for Government의 네트워크 요구 사항 (FedRAMP)

For customers who require the list of Domains, URLs, IP address ranges and ports for Webex for Government services (FedRAMP), information can be found here: Webex for Government의 네트워크 요구 사항

Network Requirements for Webex Attendant Console

For customers who are using attendant console - receptionists, attendants, and operators feature, ensure Domains/URLs/IP Addresses/Ports/Protocols are open Network requirements for attendant console

Getting started with Webex Calling Local Gateway

For customers using the Local Gateway solution with Webex Calling for premises-based PSTN and third-party SBCs interoperability, read through the article Get Started with Local Gateway

참조

To know What's new in Webex Calling, see What's new in Webex Calling

For Security requirements for Webex Calling, see Article

Webex Calling Media Optimization with Interactive Connectivity Establishment (ICE) Article

문서 개정 내역

날짜

이 문서에 다음 변경 사항을 적용했습니다.

July 25, 2024

Added back the 52.26.82.54 IP subnet as it’s required for the Cisco ATA device configuration and firmware management.

July 18, 2024

Updated with the following details:

  • QoS (TOS/DSCP) values supported for Webex Calling (Apps, Devices)

  • Updated the Network diagram

  • Including the link for network requirements related to Webex Attendant Console.

June 28, 2024

Updated the usage of both SRTP/ SRTCP port ranges for the Webex Calling Media specification.

June 11, 2024

Removed the "huton-dev.com" domain as it’s not used.

May 06, 2024

Updated the usage of both SRTP/ SRTCP port ranges for the Webex Calling Media specification.

April 03, 2024

Updated the IP Subnets for Webex Calling services with 163.129.0.0/17 to accommodate Webex Calling market expansion for the India region.

December 18, 2023

Included the sudirenewal.cisco.com URL and port 80 requirement for device configuration and firmware management of the Cisco MPP phone's MIC renewal.

December 11, 2023

Updated the IP Subnets for Webex Calling services to include a larger set of IP addresses.

150.253.209.128/25 – changed to 150.253.128.0/17

November 29, 2023

Updated the IP Subnets for Webex Calling services to include a larger set of IP addresses to accommodate Webex Calling region expansion for future growth.

144.196.33.0/25 – changed to 144.196.0.0/16

The IP Subnets for Webex Calling services sections under Webex Calling (SIP TLS) and Call media to Webex Calling (STUN, SRTP) is updated for clarity on certificate-based trunking and the firewall requirements for Local Gateway.

2023년 8월 14일

We’ve added the following IP addresses 144.196.33.0/25 and 150.253.156.128/25 to support increased capacity requirements for Edge and Webex Calling Services.


 

This IP range is supported only in the U.S. region.

July 5, 2023

Added the link https://binaries.webex.com to install the Cisco MPP Firmware.

2023년 3월 7일

We've overhauled the entire article to include:

  1. Included options for Proxy support.

  2. Modified Calling flow diagram

  3. Simplified Domains/URLs/IP subnet portions for Webex Calling and Webex Aware services

  4. Added 170.72.0.0/16 IP subnet range for Webex Calling & Webex Aware services.

    Removed the following ranges 170.72.231.0, 170.72.231.10, 170.72.231.161 and 170.72.242.0/24

2023년 3월 5일

Updating the article to include the following:

  • Added the UDP-SRTP port range (8500-8700) used by applications.

  • Added the ports for the Push notifications APNS and FCM services.

  • Split the CScan port range for UDP & TCP.

  • Added the references section.

2022년 11월 15일

We’ve added the following IP addresses for device configuration and firmware management (Cisco devices):

  • 170.72.231.0

  • 170.72.231.10

  • 170.72.231.161

We’ve removed the following IP addresses from device configuration and firmware management (Cisco devices):

  • 3.20.118.133

  • 3.20.228.133

  • 3.23.144.213

  • 3.130.125.44

  • 3.132.162.62

  • 3.140.117.199

  • 18.232.241.58

  • 35.168.211.203

  • 50.16.236.139

  • 52.45.157.48

  • 54.145.130.71

  • 54.156.13.25

  • 52.26.82.54

  • 54.68.1.225

November 14, 2022

Added the IP subnet 170.72.242.0/24 for the Webex Calling service.

2022년 9월 8일

The Cisco MPP Firmware transitions to use https://binaries.webex.com as the host URL for MPP firmware upgrades in all regions. 이 변경은 펌웨어 업그레이드 성능을 향상합니다.

2022년 8월 30일

Removed reference to Port 80 from Device configuration and firmware management (Cisco devices), Application configuration and CScan rows in the Port table as there’s no dependency.

2022년 8월 18일

솔루션에 변경된 바는 없습니다. 통화 시그널링에 대해 대상 포트 5062(인증서 기반 트렁크에 필요), 8934(등록 기반 트렁크에 필요)를 Webex Calling 업데이트했습니다.

2022년 7월 26일

54.68.1.225 IP 주소를 추가했습니다. 이는 Cisco 840/860 장치의 펌웨어 업그레이드에 대해 필요합니다.

2022년 7월 21일

통화 시그널링에 대해 대상 포트 5062, 8934를 Webex Calling(SIP TLS)를 업데이트했습니다.

2022년 7월 14일

Added the URLs that support a complete function of Webex Aware services.

Added the IP subnet 23.89.154.0/25 for the Webex Calling service.

2022년 6월 27일

다음 서비스에 대한 도메인 및 Webex Calling 업데이트했습니다.

*.broadcloudpbx.com

*.broadcloud.com.au

*.broadcloud.eu

*.broadcloudpbx.net

2022년 6월 15일

보안 서비스에 대한 IP 주소 및 포트 아래에 Webex Calling 프로토콜을 추가했습니다.

  • 연결 목적: Webex 기능

  • 소스 주소: Webex Calling 장치

  • 소스 포트: 임시

  • 프로토콜: TCP

  • 대상 주소: Refer to IP Subnets and Domains defined in Webex Meetings/Messaging - Network Requirements.

  • 대상 포트: 443

    참고: The Webex Calling Devices use these IP addresses and domains to interface with Webex Cloud Services such as Directory, Call History and Meetings.

업데이트된 정보 Webex Meetings/메시징 - 네트워크 요구 사항 섹션

2022년 5월 24일

내 서비스용 IP 서브넷 52.26.82.54/24에 52.26.82.54/32를 Webex Calling 추가했습니다.

2022년 5월 6일

내 서비스용 IP 서브넷 52.26.82.54/24를 Webex Calling 추가했습니다.

2022년 4월 7일

Updated the Local Gateway internal and external UDP port range to 8000-48198

2022년 4월 5일

Webex Calling 다음 IP 서브넷을 추가했습니다. 다음:

  • 23.89.40.0/25

  • 23.89.1.128/25

2022년 3월 29일

Webex Calling 다음 IP 서브넷을 추가했습니다. 다음:

  • 23.89.33.0/24

  • 150.253.209.128/25

2021년 09월 20일

Webex Calling 서비스에 대해 4 새로운 IP 서브넷을 추가함:

  • 23.89.76.128/25

  • 170.72.29.0/24

  • 170.72.17.128/25

  • 170.72.0.128/25

2021년 4월 2일

Added *.ciscospark.com under Domains and URLs for Webex Calling Services to support Webex Calling use cases in the Webex app.

2021년 3월 25일

activate.cisco.com에 대해 6개의 새로운 IP 범위를 추가했으며, 2021년 5월 8일부터 적용됩니다.

  • 72.163.15.64/26

  • 72.163.15.128/26

  • 173.36.127.0/26

  • 173.36.127.128/26

  • 192.133.220.0/26

  • 192.133.220.64/26

2021년 3월 4일

방화벽 구성을 쉽게 이해할 수 있도록 별도의 표에서 Webex Calling 개별 IP와 작은 IP 범위를 간소화된 범위로 대체했습니다.

2021년 2월 26일

2021년 4월에 2021년 4월에 출시될 예정인 대화형 연결 지대(Webex Calling ICE)를 지원하기 위해 통화 미디어에 대해 5004를 Webex Calling(STUN, SRTP)에 대한 대상 포트로 추가했습니다.

2021년 2월 22일

이제 도메인 및 URL은 개별 표에 나열됩니다.

IP Addresses and Ports table are adjusted to group IP addresses for the same services.

Adding the Notes column to the IP Addresses and Ports table that aids in understanding the requirements.

Moving the following IP addresses to simplified ranges for device configuration and firmware management (Cisco devices):

activate.cisco.com

  • 72.163.10.125 -> 72.163.10.96/27

  • 173.37.149.125 -> 173.37.149.96/27

webapps.cisco.com

  • 173.37.146.134 -> 173.37.146.128/25

  • 72.163.10.134 -> 72.163.10.128/25

Adding the following IP addresses for Application Configuration because Cisco Webex client points to a newer DNS SRV in Australia in March 2021.

  • 199.59.64.237

  • 199.59.67.237

2021년 1월 21일

We’ve added the following IP addresses to device configuration and firmware management (Cisco devices):

  • 3.134.166.179

  • 50.16.236.139

  • 54.145.130.71

  • 72.163.10.125

  • 72.163.24.0/23

  • 173.37.26.0/23

  • 173.37.146.134

We’ve removed the following IP addresses from device configuration and firmware management (Cisco devices):

  • 35.172.26.181

  • 52.86.172.220

  • 52.203.31.41

We’ve added the following IP addresses to the application configuration:

  • 62.109.192.0/19

  • 64.68.96.0/19

  • 207.182.160.0/19

  • 150.253.128.0/17

We’ve removed the following IP addresses from the application configuration:

  • 64.68.99.6

  • 64.68.100.6

We’ve removed the following port numbers from the application configuration:

  • 1081, 2208, 5222, 5280-5281, 52644-52645

We’ve added the following domains to the application configuration:

  • idbroker-b-us.webex.com

  • idbroker-eu.webex.com

  • ty6-wxt-jp.bcld.webex.com

  • os1-wxt-jp.bcld.webex.com

2020년 12월 23일

포트 참조 이미지에 새로운 응용프로그램 구성 IP 주소를 추가했습니다.

2020년 12월 22일

다음 IP 주소를 포함하도록 표에서 응용프로그램 구성 행을 업데이트했습니다. 135.84.171.154 및 135.84.172.154.

Hid the network diagrams until these IP addresses are added.

2020년 12월 11일

지원되는 캐나다 도메인에 대해 장치 구성 및 펌웨어 관리(Cisco 장치) 및 응용프로그램 구성 행을 업데이트했습니다.

2020년 10월 16일

다음 IP 주소로 통화 시그널링 및 미디어 항목을 업데이트했습니다.

  • 139.177.64.0/24

  • 139.177.65.0/24

  • 139.177.66.0/24

  • 139.177.67.0/24

  • 139.177.68.0/24

  • 139.177.69.0/24

  • 139.177.70.0/24

  • 139.177.71.0/24

  • 139.177.72.0/24

  • 139.177.73.0/24

2020년 9월 23일

CScan 아래에서 199.59.64.156을 199.59.64.197로 바꿨습니다.

2020년 8월 14일

캐나다에서 데이터 센터의 소개를 지원하기 위해 다른 IP 주소를 추가했습니다.

Webex Calling에 대한 통화 시그널링 (SIP TLS)—135.84.173.0/25,135.84.174.0/25, 199.19.197.0/24, 199.19.199.0/24

2020년 8월 12일

캐나다에서 데이터 센터의 소개를 지원하기 위해 다른 IP 주소를 추가했습니다.

  • Webex Calling에 대한 통화 미디어 (SRTP)—135.84.173.0/25,135.84.174.0/25, 199.19.197.0/24, 199.19.199.0/24

  • Call signaling to publicly addressed endpoints (SIP TLS)—135.84.173.0/25,135.84.174.0/25, 199.19.197.0/24, 199.19.199.0/24.

  • 장치 구성 및 펌웨어 관리 (Cisco 장치)—135.84.173.155,135.84.174.155

  • 장치 시간 동기화—135.84.173.152, 135.84.174.152

  • 응용프로그램 구성—135.84.173.154,135.84.174.154

2020년 7월 22일 수요일

캐나다에서 데이터 센터의 소개를 지원하기 위해 다음 IP 주소를 추가했습니다. 135.84.173.146

2020년 6월 9일

CScan 항목에 다음 변경 사항을 적용했습니다.

  • IP 주소 중 하나를 수정했습니다. 199.59.67.156에서 199.59.64.156으로 변경했습니다.

  • New features require new ports and UDP—19560-19760.

2020년 3월 11일

We added the following domain and IP addresses to the application configuration:

  • jp.bcld.webex.com—135.84.169.150

  • client-jp.bcld.webex.com

  • idbroker.webex.com—64.68.99.6, 64.68.100.6

추가 IP 주소를 포함하여 다음 도메인을 장치 구성 및 펌웨어 관리에 대해 업데이트했습니다.

  • cisco.webexcalling.eu—85.119.56.198, 85.119.57.198

  • webapps.cisco.com—72.163.10.134

  • activation.webex.com—35.172.26.181, 52.86.172.220

  • cloudupgrader.webex.com—3.130.87.169, 3.20.185.219

2020년 2월 27일 목요일

다음 도메인 및 포트를 장치 구성 및 펌웨어 관리에 추가했습니다.

cloudupgrader.webex.com—443, 6970