Genesys Cloud CX

Discussion Thread View
Expand all | Collapse all

Ports and services for WebRTC phones under BYOC Cloud

  • 1.  Ports and services for WebRTC phones under BYOC Cloud

    Top 25 Contributor
    Posted 10-24-2021 21:14

    I am looking for BYOC cloud. I found the below ports which needs to be opened for WebRTC phones.

    Its mentioned that the access needs to be open for google. But it is mentioned as optional.

    So wanted to confirm even if we didn't open the access to google for BYOC cloud, it should be ok right ?

    Can any one confirm this ?

    Has anyone used BYOC cloud even when not opening the required access to Google ?

    Please confirm.

    Ports and services for WebRTC phones under BYOC Cloud - Genesys Cloud Resource Center (mypurecloud.com)


    #ArchitectureandDesign

    ------------------------------
    Rajeev Srikant
    ------------------------------


  • 2.  RE: Ports and services for WebRTC phones under BYOC Cloud

    Top 25 Contributor
    Posted 10-25-2021 21:46
    All - Any inputs r help

    ------------------------------
    Rajeev Srikant
    ------------------------------



  • 3.  RE: Ports and services for WebRTC phones under BYOC Cloud

    Posted 10-25-2021 22:33
    Hi Rajeev

    AWS/Cloud based Edges use both AWS and Google STUN services for ICE negotiation.  Whichever responds first is used basically.  On-premise Edges only use Google STUN - although I believe this was/is being changed so on-premise Edges also use both.

    Because you're going BYOC-C for your Edges, then they are capable of using both.  Technically that means the Google one is optional. however you may find in some cases that the Google STUN servers respond better than the AWS Services.  So there's a case to be made for allowing both.

    Watching the two episodes on WebRTC that Matt put together earlier in the year may be helpful for you:

    https://community.genesys.com/digestviewer29/viewthread?GroupId=19&MessageKey=318aedb6-b6d2-451a-af8f-3b8b53f0e596&CommunityKey=bab95e9c-6bbe-4a13-8ade-8ec0faf733d4&tab=digestviewer




    ------------------------------
    Vaun McCarthy
    ------------------------------



  • 4.  RE: Ports and services for WebRTC phones under BYOC Cloud

    Top 25 Contributor
    Posted 30 days ago

    Thanks @Vaun McCarthy

    for the explanation. I understood that Google STUN is optional from your explanation.
    But just wanted to understand if I wanted to use Google STUN what are the range of Google IP Address that I need to open in my firewall ?



    ------------------------------
    Rajeev Srikant
    ------------------------------



  • 5.  RE: Ports and services for WebRTC phones under BYOC Cloud

    Posted 30 days ago
    There's a link to a Google JSON file at this link:

    https://help.mypurecloud.com/articles/ip-addresses-for-the-firewall-allowlist/


    ------------------------------
    Vaun McCarthy
    ------------------------------



  • 6.  RE: Ports and services for WebRTC phones under BYOC Cloud

    Top 25 Contributor
    Posted 30 days ago

    @Vaun McCarthy - Thanks.

    I saw the link which you have shared.

    But the list of IP range which are required to be opened are huge for Google .

    So there are some concerns.​



    ------------------------------
    Rajeev Srikant
    ------------------------------



  • 7.  RE: Ports and services for WebRTC phones under BYOC Cloud

    Posted 29 days ago
    you need to allow an outbound path on the FW to
    *.l.google.com
    0n 19302 UDP or TCP

    ------------------------------
    Andy Jackson
    Ten Lifestyle Management Limited
    ------------------------------



  • 8.  RE: Ports and services for WebRTC phones under BYOC Cloud

    Top 25 Contributor
    Posted 28 days ago
    Thanks.
    In my network I am using network firewall. In network firewall it does not understand DNS or the URL
    *.l.google.com

    It works on IP Address & Port.


    So in this case should I allow all the IP Address of Google mentioned in the link.
    R is there any other recommended method ?



    ------------------------------
    Rajeev Srikant
    ------------------------------



  • 9.  RE: Ports and services for WebRTC phones under BYOC Cloud

    Posted 27 days ago
    Not sure whether or not this would work for you but you could *try* to nslookup the following:

    stun.l.google.com
    stun1.l.google.com
    stun2.l.google.com
    stun3.l.google.com
    stun4.l.google.com

    Then add the IPs that resolve from those names into your firewall.

    ------------------------------
    Vaun McCarthy
    ------------------------------



  • 10.  RE: Ports and services for WebRTC phones under BYOC Cloud

    Top 25 Contributor
    Posted 27 days ago
    @Vaun McCarthyThanks
    I understood your point.
    Is this the normal practice or method every one does to allow the access to google stun ?

    Or it is something the firewall should support regarding the resolution of the dns like  ​stun.l.google.com

    What is the standard & best practices which is followed ?

    ------------------------------
    Rajeev Srikant
    ------------------------------



  • 11.  RE: Ports and services for WebRTC phones under BYOC Cloud

    Posted 27 days ago
    Given how fussy WebRTC can be, "best practice" in my view is to give it the best chance at a quick and successful ICE candidate exchange.  Other things are going to depend on what type of firewall you have etc.  It's worth noting that some of this same discussion takes place for things like MS Teams as well.

    There's other things to look at as well like Forced TURN etc but that's a last resort really.

    ------------------------------
    Vaun McCarthy
    ------------------------------



  • 12.  RE: Ports and services for WebRTC phones under BYOC Cloud

    Top 25 Contributor
    Posted 27 days ago
    @Vaun McCarthy Thanks
    Since you have mentioned about MS Teams, we are using MS Teams using Zscaler proxy.
    With MS Teams it tries to communicate using UDP & if it is not possible it falls back to TCP,
    In this scenario it was working using proxy & there was minimal efforts.

    But my understanding is that Genesys cloud does not work under proxy​ like MS Teams

    ------------------------------
    Rajeev Srikant
    ------------------------------



  • 13.  RE: Ports and services for WebRTC phones under BYOC Cloud

    Posted 27 days ago

    This is all outbound so I would allow outbound to 19302 to the isp/www

     

    There may be a json file that is available to get the stun server ip but I am not sure how often it changes

     

     

    Thanks

     

    Andy Jackson

     

    Telecoms Specialist

     

    Email: andyjackson@tengroup.com

    Desk: +44 (0) 2070505160

    Online: tengroup.com

    We're hiring: tengroup.com/careers

     



    Disclaimer

    The information contained in this communication from the sender is confidential. It is intended solely for use by the recipient and others authorized to receive it. If you are not the recipient, you are hereby notified that any disclosure, copying, distribution or taking action in relation of the contents of this information is strictly prohibited and may be unlawful.

    This email has been scanned for viruses and malware, and may have been automatically archived by Mimecast Ltd, an innovator in Software as a Service (SaaS) for business. Providing a safer and more useful place for your human generated data. Specializing in; Security, archiving and compliance. To find out more Click Here.