Firewall configuration
In this section | ||||||
---|---|---|---|---|---|---|
| ||||||
Version history | ||||||
|
Note | ||
---|---|---|
| ||
|
We recommend adding the appropriate URLs and IP addresses to any firewall rules that restrict employee access, and we request that you treat Vonage Contact Center as a business-critical application. By this, we mean optimizing and prioritizing IP traffic to Vonage Contact Center over other non-critical traffic. This is to ensure real-time responses to agent requests are processed in a timely and efficient manner (call steering buttons, call transfers, hold requests, and so on).
You should also review any IP packet inspection or local caching policies to optimize the user experience.
Ports
Outbound
All inbound and outbound traffic requires TCP port 443 (HTTPS). Responses are sent to a range of ephemeral ports. This requirement applies to:
- VCC traffic, regardless of whether you use URL or IP allowlisting
- VCC APIs
- WebRTC traffic (see WebRTC sections later in this page for information about other ports required for WebRTC traffic)
- All other third-party traffic (Amplitude, Cloudfront, and NewRelic)
SFTP access to call recordings requires TCP port 44044.
Inbound
All inbound traffic requires port 22access to destination TCP port 443 (HTTPS) on our servers to establish a connection. Responses are sent to a range of ephemeral ports.
Virtual private network (VPN)
We recommend using a split tunnel configuration to ensure that traffic—especially voice traffic—to Vonage services is routed directly from the end user to our platform and not through a VPN. We do not recommend tunneling voice connectivity through a VPN tunnel due to the potential adverse effect on voice quality.
...
Using URL allowlisting (recommended)
Add Depending on whether you will use wildcard or fully qualified domain names, add the following URLs to your allowlist:
- Using wildcard domains:
- *.vonage.com
- *.cc.vonage.com
- *.newvoicemedia.com
- *.api.newvoicemedia.com
- *.contact-world.net
- api.amplitude.com
- bam.nr-data.net
- js-agent.newrelic.com
- *.nexmo.com
Using fully qualified domain names (FQDN):
WalkMe traffic
Insert excerpt _ExcerptWalkMeFirewallConfiguration _ExcerptWalkMeFirewallConfiguration nopanel true Adobe Analytics
Add the URL addresses specified in the following page to any existing firewall permissions: https://experienceleague.adobe.com/docs/analytics/technotes/ip-addresses.html?lang=en
You must also add the IP addresses specified in the following sections to your allowlist:
Insert excerpt | ||||||
---|---|---|---|---|---|---|
|
WebRTC traffic
Insert excerpt | ||||||
---|---|---|---|---|---|---|
|
Webhooks API traffic
Insert excerpt | ||||||
---|---|---|---|---|---|---|
|
...
Using IP allowlisting
If your firewall does not support URL or DNS allowlisting, add the following IP addresses for your region to any existing firewall permissions.
Insert excerpt | ||||||
---|---|---|---|---|---|---|
|
Outbound VCC traffic
Info | ||
---|---|---|
| ||
Outbound IP addresses are used for standard web access, for example, agents and supervisors accessing Vonage Contact Center applications. All customers will need to allow thisoutbound IP addresses. |
If your firewall does not support URL/DNS allowlisting, add the following IP addresses for your region to any existing firewall permissions:
...
VCC Region
...
IP addresses (outbound)
...
EMEA
...
194.140.251.0/24
194.140.252.0/24
35.178.30.136
3.11.193.198
3.126.22.243
3.121.175.40
...
USA
...
107.23.216.122
18.208.11.69
54.176.97.247
54.176.165.234
...
APAC
...
13.236.101.83
13.55.214.98
52.74.111.52
52.77.102.86
--Amazon Web Services (AWS)
Most of VCC uses Amazon Web Services (AWS).
...
There might be multiple AWS regions associated with your VCC region:
VCC region | AWS Region region ID | AWS Region Nameregion name | |
---|---|---|---|
EMEA | |||
eu-central-1 | Frankfurteu-west-1 | ||
Dublin | eu-west-2 | London | |
USANAM | |||
us-east-1 | North Virginiaus-west-1 | ||
North California | us-west-2 | Oregon | |
APAC | |||
ap-southeast-1 | Singapore | ||
ap-southeast-2 | Sydney |
...
--
...
Adobe Analytics
Add the IP addresses specified in the following page to any existing firewall permissions: https://experienceleague.adobe.com/docs/analytics/technotes/ip-addresses.html?lang=en
--Amplitude
Add the IP addresses specified in the following page to any existing firewall permissions:
--Cloudfront
Add the IP addresses specified in the following page to any existing firewall permissions:
- http://d7uri8nf7uskq.cloudfront.net/tools/list-cloudfront-ips. Note that this list of addresses is subject to change.
Note | ||
---|---|---|
| ||
The IP addresses are all outbound addresses. |
--NewRelic
Add this range of IP addresses—162.247.240.0/22—to any existing firewall permissions:.
Note | ||
---|---|---|
| ||
The IP addresses are all outbound addresses. |
--WebRTC traffic
Insert excerpt | ||||||
---|---|---|---|---|---|---|
|
--Webhooks API traffic
Insert excerpt | ||||||
---|---|---|---|---|---|---|
|