newvoicemedia.atlassian.net
Open in
urlscan Pro
18.184.99.130
Public Scan
Submitted URL: https://ww3.business.vonage.com/e/7772/03377017-Firewallconfiguration/bqcgnn/1670022689?h=koRRtfMjLeXxhNmFVlKu5FbhyOYCkVcy40M9fu...
Effective URL: https://newvoicemedia.atlassian.net/wiki/spaces/DP/pages/2503377017/Firewall+configuration
Submission: On September 16 via manual from GB — Scanned from DE
Effective URL: https://newvoicemedia.atlassian.net/wiki/spaces/DP/pages/2503377017/Firewall+configuration
Submission: On September 16 via manual from GB — Scanned from DE
Form analysis 0 forms found in the DOM
Text Content
JUMP TO
1. Confluence navigation
2. Side navigation
3. Page
This page was in the background for too long and may not have fully loaded. Try
to refresh the page
Home
Spaces
Apps
Templates
Create
VONAGE CONTACT CENTER PRODUCT DOCUMENTATION
Overview
Space shortcuts
Technical prerequisites
Pages
Vonage Contact Center
Vonage Contact Center Admin Portal
Overview of Vonage Contact Center Admin Portal
•
Vonage Contact Center Admin Portal FAQs
Configuring Vonage Contact Center
Using the Vonage Contact Center Admin Portal
Vonage Contact Center reference
•
Account user role permissions
•
E.164 format
•
Guidelines for choosing headsets
•
Inbound call rates for 084x and 087x numbers
Technical prerequisites
•
Firewall configuration
•
Supported protocol versions and cipher suites
•
Time zones in the Vonage Contact Center Admin Portal
•
Tracked actions
ContactPad
ContactHub
Virtual Queues
Dashboards
Real Time
Interaction Architect
Interaction Plan Management
Stats and Reports
Data Retention
User Admin
API Admin
Interaction Content
Call Logging
Data Source Mappings
•
Customer Support Guide
Vonage Contact Center APIs
Vonage Contact Center products
Vonage Contact Center integrations
Product updates
Archived pages
1. Vonage Contact Center Product Documentation
2. …
3. Technical prerequisites
restrictions.empty
Jira links
FIREWALL CONFIGURATION
*
Created by Helen Griffith
Last updated: Apr 13, 2021
FIREWALL CONFIGURATION
In this section
* 1Ports
* 1.1Outbound
* 1.2Inbound
* 2Virtual private network (VPN)
* 3Using URL allowlisting (recommended)
* 3.1Inbound VCC traffic
* 3.2WebRTC
* 4Using IP allowlisting
* 4.1Outbound VCC traffic
* 4.2--Amazon Web Services (AWS)
* 4.3Inbound VCC traffic
* 4.4Amplitude
* 4.5Cloudfront
* 4.6NewRelic
* 4.7WebRTC
Version history
Expand | Collapse
Version
Date
Comment
Current Version (v. 9) Apr 13, 2021 12:48 Helen Griffith v. 8 Apr 13, 2021 12:47
Helen Griffith v. 7 Mar 15, 2021 08:52 Helen Griffith
Added *nexmo.com to list of URLs to allowlist v. 6 Dec 15, 2020 10:51 Helen
Griffith
Added version history section v. 5 Oct 28, 2020 14:35 Helen Griffith v. 4 Oct
19, 2020 13:23 Helen Griffith v. 3 Oct 15, 2020 06:46 Helen Griffith
Removed ambiguous and superfluous sentence from Cloudfront section v. 2 Oct 14,
2020 10:35 Helen Griffith
Fixing typo in Amplitude URL v. 1 Sep 28, 2020 13:11 Helen Griffith
You must read this entire section to ensure that you configure your firewall
correctly.
We recommend adding the appropriate URLs and IP addresses to any firewall rules
that restrict employee access, and we request that you treat Vonage Contact
Center as a business critical application. By this, we mean optimizing and
prioritizing IP traffic to Vonage Contact Center over other non-critical
traffic. This is to ensure real-time responses to agent requests (call steering
buttons, call transfers, hold requests, and so on).
You should also review any IP packet inspection or local caching policies to
optimize the user experience.
PORTS
OUTBOUND
All outbound traffic requires TCP port 443 (HTTPS). Responses are sent to a
range of ephemeral ports. This requirement applies to:
* VCC traffic, regardless of whether you use URL or IP allowlisting
* VCC APIs
* WebRTC traffic (see WebRTC sections later in this page for information about
other ports required for WebRTC traffic)
* All other third-party traffic (Amplitude, Cloudfront, and NewRelic)
SFTP access to call recordings requires TCP port 22.
INBOUND
All inbound traffic requires access to destination TCP port 443 (HTTPS) on our
servers to establish a connection. Responses are sent to a range of ephemeral
ports.
VIRTUAL PRIVATE NETWORK (VPN)
We recommend using a split tunnel configuration to ensure that
traffic—especially voice traffic—to Vonage services is routed directly from the
end user to our platform and not through a VPN. We do not recommend tunneling
voice connectivity through a VPN tunnel due to the potential adverse effect on
voice quality.
--------------------------------------------------------------------------------
USING URL ALLOWLISTING (RECOMMENDED)
Add the following URLs to your allowlist:
* *.newvoicemedia.com
* *.api.newvoicemedia.com
* *.contact-world.net
* api.amplitude.com
* bam.nr-data.net
* js-agent.newrelic.com
* *.nexmo.com
You must also add the IP addresses specified in the following sections to your
allowlist:
INBOUND VCC TRAFFIC
Inbound IP addresses are used when Vonage Contact Center interacts with an
external system where IP allowlisting is in place. Such systems
include Salesforce; a customer-owned, or managed, server or service; and other
cloud provider services.
VCC Region
IP addresses (inbound)
EMEA
194.140.251.0/24
194.140.252.0/24
54.72.166.15
54.72.144.185
3.10.100.255
35.177.29.140
3.126.229.159
18.184.245.197
USA
54.208.98.242
54.209.40.204
54.219.131.57
54.219.131.71
APAC
54.252.173.50
54.252.187.75
54.254.137.133
54.254.157.106
WEBRTC
Your firewalls should allow inbound and outbound traffic as specified in the
following list:
<br/>
Also you must add all the IP addresses listed in the following pages:
* https://www.twilio.com/docs/stun-turn/regions
* https://www.twilio.com/docs/voice/client/javascript/voice-client-js-and-mobile-sdks-network-connectivity-requirements
If your agents use VPN clients, you must also add *.nexmo.com to your allowlist;
failure to do so may result in agents not being able to use WebRTC.
Where relevant, you must also add *.nexmo.com to your VPN client's proxy bypass
list and then restart your agents' clients.
--------------------------------------------------------------------------------
USING IP ALLOWLISTING
If your firewall does not support URL or DNS allowlisting, add the following IP
addresses for your region to any existing firewall permissions.
OUTBOUND VCC TRAFFIC
Outbound IP addresses
Outbound IP addresses are used for standard web access, for example, agents and
supervisors accessing Vonage Contact Center applications. All customers will
need to allow outbound IP addresses.
If your firewall does not support URL/DNS allowlisting, add the following IP
addresses for your region to any existing firewall permissions:
VCC Region
IP addresses (outbound)
EMEA
194.140.251.0/24
194.140.252.0/24
35.178.30.136
3.11.193.198
3.126.22.243
3.121.175.40
USA107.23.216.122
18.208.11.69
54.176.97.247
54.176.165.234APAC13.236.101.83
13.55.214.98
52.74.111.52
52.77.102.86
--AMAZON WEB SERVICES (AWS)
Most of VCC uses Amazon Web Services (AWS).
Add the IP addresses for your region as described in the following page:
https://docs.aws.amazon.com/general/latest/gr/aws-ip-ranges.html.
This list of addresses is subject to change.
There might be multiple AWS regions associated with your VCC region:
VCC regionAWS region IDAWS region nameEMEA
eu-central-1Frankfurt
eu-west-1Dublin
eu-west-2LondonUSA
us-east-1North Virginia
us-west-1North California
us-west-2OregonAPAC
ap-southeast-1Singapore
ap-southeast-2Sydney
INBOUND VCC TRAFFIC
Inbound IP addresses are used when Vonage Contact Center interacts with an
external system where IP allowlisting is in place. Such systems
include Salesforce; a customer-owned, or managed, server or service; and other
cloud provider services.
VCC Region
IP addresses (inbound)
EMEA
194.140.251.0/24
194.140.252.0/24
54.72.166.15
54.72.144.185
3.10.100.255
35.177.29.140
3.126.229.159
18.184.245.197
USA
54.208.98.242
54.209.40.204
54.219.131.57
54.219.131.71
APAC
54.252.173.50
54.252.187.75
54.254.137.133
54.254.157.106
AMPLITUDE
Add the IP addresses specified in the following page to any existing firewall
permissions:
* https://help.amplitude.com/hc/en-us/articles/360024419152
CLOUDFRONT
Add the IP addresses specified in the following page to any existing firewall
permissions:
* http://d7uri8nf7uskq.cloudfront.net/tools/list-cloudfront-ips.
Inbound addresses
The IP addresses are all inbound addresses.
NEWRELIC
Add this range of IP addresses—162.247.240.0/22—to any existing firewall
permissions.
Inbound addresses
The IP addresses are all inbound addresses.
WEBRTC
Your firewalls should allow inbound and outbound traffic as specified in the
following list:
<br/>
Also you must add all the IP addresses listed in the following pages:
* https://www.twilio.com/docs/stun-turn/regions
* https://www.twilio.com/docs/voice/client/javascript/voice-client-js-and-mobile-sdks-network-connectivity-requirements
If your agents use VPN clients, you must also add *.nexmo.com to your allowlist;
failure to do so may result in agents not being able to use WebRTC.
Where relevant, you must also add *.nexmo.com to your VPN client's proxy bypass
list and then restart your agents' clients.
No labels
Documentation feedback
If you have trouble understanding any part of this documentation, please send an
email to docs_feedback@vonage.com.
We're happy to hear from you. Your contribution helps everyone at Vonage Contact
Center!
Please include the name of the page in your email.
Support
Loading app...
{"serverDuration": 32, "requestCorrelationId": "bb475b20a224564f"}