Hi Samuel
I'll take a guess here but hopefully someone jumps on if I'm way off the mark.
The new CIDR range you mention relates to the Genesys media services for STUN, sRTP type traffic. Port 19302 is actually what's used by Edges to communicate to Google's STUN servers in the first instance as part of the ICE candidate discovery. So port 19302 should have already been allowed for the early part of the call negotiation, but it's not impacted as part of this upcoming CIDR change which is why that port isn't mentioned within the articles. The IP you mentioned there is actually a Google IP address.
The destination for the Google side of this isn't from a particular list of IPs unfortunately but is essentially
*.l.google.com
There are issues if the firewall in question does a reverse lookup for some services for example here:
https://help.mypurecloud.com/faqs/when-troubleshooting-firewall-issues-why-do-i-see-names-like-1e100-net-when-doing-a-reverse-lookup-on-addresses-resolved-from-l-google-com/Port 19302 isn't required by clients as they'll use the Genesys STUN servers, but if they can access port 19302 to Google they will.
------------------------------
Vaun McCarthy
NTT New Zealand Limited
------------------------------
Original Message:
Sent: 03-08-2021 15:54
From: Samuel Effange
Subject: Firewall Ports for CIDR IP Address Range for Cloud Media
I have a concern in regards to the Firewall ports that needs to be opened for the new Range.
We have opened port 16384-32768 and 3478 for UDP, destined for 52.129.96.0/20, but some of the WebRTC tests are failing. The firewall shows that port 19302 needs to be opened as well. It fails at 173.194.196.127. Do we need to also add port 19302 ? if so, what destination ? or are we to simply open the ports which are mentioned on the resource center, destined for 52.129.96.0/20
Regards
Samuel
#ArchitectureandDesign
------------------------------
Samuel Effange
Nissan North America, Inc.
------------------------------