@Vaun McCarthy Thanks
Since you have mentioned about MS Teams, we are using MS Teams using Zscaler proxy.
With MS Teams it tries to communicate using UDP & if it is not possible it falls back to TCP,
In this scenario it was working using proxy & there was minimal efforts.
But my understanding is that Genesys cloud does not work under proxy like MS Teams
------------------------------
Rajeev Srikant
------------------------------
Original Message:
Sent: 11-04-2021 21:39
From: Vaun McCarthy
Subject: Ports and services for WebRTC phones under BYOC Cloud
Given how fussy WebRTC can be, "best practice" in my view is to give it the best chance at a quick and successful ICE candidate exchange. Other things are going to depend on what type of firewall you have etc. It's worth noting that some of this same discussion takes place for things like MS Teams as well.
There's other things to look at as well like Forced TURN etc but that's a last resort really.
------------------------------
Vaun McCarthy
Original Message:
Sent: 11-04-2021 21:34
From: Rajeev Srikant
Subject: Ports and services for WebRTC phones under BYOC Cloud
@Vaun McCarthyThanks
I understood your point.
Is this the normal practice or method every one does to allow the access to google stun ?
Or it is something the firewall should support regarding the resolution of the dns like stun.l.google.com
What is the standard & best practices which is followed ?
------------------------------
Rajeev Srikant
Original Message:
Sent: 11-04-2021 00:54
From: Vaun McCarthy
Subject: Ports and services for WebRTC phones under BYOC Cloud
Not sure whether or not this would work for you but you could *try* to nslookup the following:
stun.l.google.com
stun1.l.google.com
stun2.l.google.com
stun3.l.google.com
stun4.l.google.com
Then add the IPs that resolve from those names into your firewall.
------------------------------
Vaun McCarthy
Original Message:
Sent: 11-03-2021 20:03
From: Rajeev Srikant
Subject: Ports and services for WebRTC phones under BYOC Cloud
Thanks.
In my network I am using network firewall. In network firewall it does not understand DNS or the URLIt works on IP Address & Port.
So in this case should I allow all the IP Address of Google mentioned in the link.
R is there any other recommended method ?
------------------------------
Rajeev Srikant
Original Message:
Sent: 11-02-2021 04:44
From: Andy Jackson
Subject: Ports and services for WebRTC phones under BYOC Cloud
you need to allow an outbound path on the FW to0n 19302 UDP or TCP
------------------------------
Andy Jackson
Ten Lifestyle Management Limited
Original Message:
Sent: 11-01-2021 21:18
From: Rajeev Srikant
Subject: Ports and services for WebRTC phones under BYOC Cloud
@Vaun McCarthy - Thanks.
I saw the link which you have shared.
But the list of IP range which are required to be opened are huge for Google .
So there are some concerns.
------------------------------
Rajeev Srikant
Original Message:
Sent: 11-01-2021 20:55
From: Vaun McCarthy
Subject: Ports and services for WebRTC phones under BYOC Cloud
There's a link to a Google JSON file at this link:
https://help.mypurecloud.com/articles/ip-addresses-for-the-firewall-allowlist/
------------------------------
Vaun McCarthy
Original Message:
Sent: 11-01-2021 20:31
From: Rajeev Srikant
Subject: Ports and services for WebRTC phones under BYOC Cloud
Thanks @Vaun McCarthy
for the explanation. I understood that Google STUN is optional from your explanation.
But just wanted to understand if I wanted to use Google STUN what are the range of Google IP Address that I need to open in my firewall ?
------------------------------
Rajeev Srikant
Original Message:
Sent: 10-25-2021 22:33
From: Vaun McCarthy
Subject: Ports and services for WebRTC phones under BYOC Cloud
Hi Rajeev
AWS/Cloud based Edges use both AWS and Google STUN services for ICE negotiation. Whichever responds first is used basically. On-premise Edges only use Google STUN - although I believe this was/is being changed so on-premise Edges also use both.
Because you're going BYOC-C for your Edges, then they are capable of using both. Technically that means the Google one is optional. however you may find in some cases that the Google STUN servers respond better than the AWS Services. So there's a case to be made for allowing both.
Watching the two episodes on WebRTC that Matt put together earlier in the year may be helpful for you:
https://community.genesys.com/digestviewer29/viewthread?GroupId=19&MessageKey=318aedb6-b6d2-451a-af8f-3b8b53f0e596&CommunityKey=bab95e9c-6bbe-4a13-8ade-8ec0faf733d4&tab=digestviewer
------------------------------
Vaun McCarthy
Original Message:
Sent: 10-24-2021 21:14
From: Rajeev Srikant
Subject: Ports and services for WebRTC phones under BYOC Cloud
I am looking for BYOC cloud. I found the below ports which needs to be opened for WebRTC phones.
Its mentioned that the access needs to be open for google. But it is mentioned as optional.
So wanted to confirm even if we didn't open the access to google for BYOC cloud, it should be ok right ?
Can any one confirm this ?
Has anyone used BYOC cloud even when not opening the required access to Google ?
Please confirm.
Ports and services for WebRTC phones under BYOC Cloud - Genesys Cloud Resource Center (mypurecloud.com)
#ArchitectureandDesign
------------------------------
Rajeev Srikant
------------------------------