A couple of things we have found. First, WebRTC initially provisions over Https (port 443) to your ORG's region and a TLS session is pinned up. Once a call is established, it will transmit audio (RTP) over the media ports (
udp/16384-32768) to the Genesys Cloud Media IPs (
52.129.96.0/20). We have had very few customers that have 443 blocked and most of them have no problem hitting the STUN ports on Google. What I tell customers is to try the WebRTC phone and run the diagnostics first before going through the hassles of getting security to approve ports and IP's. ------------------------------
Robert Wakefield-Carl
Avtex Solutions, LLC
Contact Center Innovation Architect
robertwc@avtex.comhttps://www.Avtex.comhttps://RobertWC.Blogspot.com------------------------------
Original Message:
Sent: 01-22-2022 00:47
From: Blair Wilkinson
Subject: Do we still need to whitelist all AWS IP address for WebRTC? (if doing IP whitelisting outbound on firewall)
It is my understanding that if you are whitelisting (outbound) IP addresses on firewall for WebRTC you need to include all the AWS IP addresses in the region of the Org https://ip-ranges.amazonaws.com/ip-ranges.json .
Given that we now have the tighter defined CIDR range for media = 52.129.96.0/20 , please can I check if we still need to whitelist the full AWS IP range (+CIDR range) or the CIDR range suffices?
Resource Centre reference = https://help.mypurecloud.com/articles/ip-addresses-for-the-firewall-allowlist/
#Telephony
------------------------------
Thanks and regards
Blair Wilkinson
CVT Global Enablement
------------------------------