企業ファイアウォールで設定するポートとサービス


Feature deprecation: The port range 32769-65535 will no longer be supported for TURN server communication. The TURN port range will move exclusively to 16384–32768. For more information, see Deprecation: TURN port range.

On this page you’ll find detailed information on the ports and services that you’ll need to configure on your company firewall based on your product/source(client). Just locate the header pertaining to your product and expand the appropriate section. Then, where applicable, select the tab matching the service you are using. On each tab, you’ll find a table that provides the following information:

  • Transport/Port (Application)

The transport protocol is a description of the type of network traffic used for the application. Most applications use either TCP or UDP as a transport, and sometimes both, which depends on how the application operates. Most applications’ protocols have standard ports selected, which are commonly used for that service on the public Internet. PureCloud typically uses the standard port for each application protocol.

  • Destination

The destination device is the server which is listening for “inbound” requests to the application port. Inbound requests are received from the client from its transmission port.

  • 説明

The description contains additional information about the connectivity requirement.

Note: The WAN network interface port must connect to a network that supports external DNS resolution to ensure Cloud Connectivity.


一般

Transport/Port (Application) Destination 説明
udp/53 (DNS) *

tcp/53 (DNS) *

  † DNS provides name resolution for network connections. DNS is used by most applications, it converts names like “mypurecloud.com” to IP addresses required for connectivity.

These settings apply to:

  • Workstations / PureCloud client (browser or desktop app)
  • Mobile / PureCloud mobile app (iOS and Android)
  • VoIP phones
  • Edge devices
  • Bridge Servers

* Typical. If your network is configured for private or internal DNS, then port 53 is not required.

† Third-party service; not hosted by PureCloud.


Transport/Port (Application) Destination 説明
udp/123 (NTP) time.nist.gov* NTP provides time synchronization. Devices that use NTP will automatically set their clock from the network source and occasionally update their time for accuracy.

These settings apply to:

  • VoIP phones
  • Edge devices
  • Bridge Servers

* Third-party service; not hosted by PureCloud.


Co-browse, chat, video chat, screen share, screen recording


Transport/Port (Application) Destination 説明
tcp/443 (HTTPS) PureCloud, Amazon AWS The secure connection from your client (desktop, web, mobile) to the PureCloud Services on the public Internet.

Transport/Port (Application) Destination 説明

tcp/3478 (STUN)

udp/3478 (STUN)

tcp/19302 (STUN)

udp/19302 (STUN)

PureCloud, Amazon AWS

Google*

Session Traversal Utilities for NAT (STUN) is an egress connection that informs a host of its public IP address used for media-based communications.
udp/49152–65535 (SRTP) PureCloud, Amazon AWS The secured transmission of streaming media (audio and video).

* Third-party service; not hosted by PureCloud.



Transport/Port (Application) Destination 説明
tcp/443 (HTTPS) PureCloud, Amazon AWS The secure connection from your client (desktop, web, mobile) to the PureCloud Services on the public Internet.

Transport/Port (Application) Destination 説明
tcp/5222 (XMPP) PureCloud, Amazon AWS The secure connection from your client (desktop, web, mobile) to the PureCloud Services on the public Internet.



Bridge Server



Transport/Port (Application) Destination 説明
tcp/443 (HTTPS) PureCloud, Amazon AWS The secure connection from your premises Bridge Server to the PureCloud Services on the public Internet.

Transport/Port (Application) Destination 説明

tcp/389 (LDAP)*

tcp/636 (LDAPS)*

Corporate Active Directory environment The connection from your Bridge server to the corporate Active Directory environment.

* LDAP Ports are only required if your solution uses the PureCloud Bridge Server for Active Directory integration. 



PureCloud Edge


Transport/Port (Application) Destination 説明
tcp/443 (HTTPS) PureCloud, Amazon AWS The secure connection from your premise Edge devices (LDM) to the PureCloud Services on the public Internet.

Transport/Port (Application) Destination 説明

tls/8063

Edge devices in the same Edge Group The connection for Edges to communicate with each other. The connection can optionally be secured.

Transport/Port (Application) Destination 説明
tcp/5060-5061 PureCloud, Amazon AWS The connection for Edges to connect to the PureCloud services for WebRTC softphones.

Transport/Port (Application) Destination 説明

tcp/3478 (STUN)

udp/3478 (STUN)

tcp/19302 (STUN)

udp/19302 (STUN)

PureCloud, Amazon AWS

Google

Session Traversal Utilities for NAT (STUN) is an egress connection that informs a host of its public IP address used for media-based communications.

† Third-party service; not hosted by PureCloud.

Transport/Port (Application) Destination 説明

udp/16384-65535 (SRTP/TURN)

PureCloud Edge devices (premise), PureCloud, and Amazon AWS

The transmission of secured streaming media (audio).

For more information, see Ports and services for WebRTC.

Transport/Port (Application) Destination 説明

udp/5060 (SIP)*

tcp/5060 (SIP)*

tcp/5061 (SIPS) [without FENT]*

VoIP phones The connection for VoIP signaling (dialing, ringing, etc. for inbound and outbound calls). The connection can optionally be secured.
vendor specified (SIP)* Telephony SIP Provider (PSTN) † The connection for VoIP signaling (dialing, ringing, etc. for inbound and outbound calls). The connection can optionally be secured.

* Default ranges; ports can be changed in the PureCloud configuration.

† Third-party service; not hosted by PureCloud.

Transport/Port (Application) Destination 説明
udp/4000+ (RTP/SRTP)* VoIP phones The transmission of streaming media (audio). The connection can optionally be secured.
vendor specified (RTP/SRTP)* Telephony SIP Provider (PSTN) † The connection for VoIP signaling (dialing, ringing, etc. for inbound and outbound calls). The connection can optionally be secured.

* Default ranges; ports can be changed in the PureCloud configuration.

† Third-party service; not hosted by PureCloud.



PureCloud Voice

Transport/Port (Application) Destination 説明
tcp/443 (HTTPS) Polycom ZTP The secure connection an unconfigured Polycom device will make to discover its initial configuration.

† Third-party service; not hosted by PureCloud.

Transport/Port (Application) Destination 説明

tcp/80 (HTTP)

tcp/443 (HTTPS)

PureCloud Global Phone Provisioning (AWS) The connection a phone makes for organization level configuration. The connection can optionally be secured.

tcp/80(HTTP)*

tcp/443 (HTTPS)*

PureCloud Edge デバイス The connection a phone makes for VoIP configuration. The connection can optionally be secured.

* Default ranges; ports can be changed in the PureCloud configuration.

Transport/Port (Application) Destination 説明

tcp/8061 (SIPS)*

PureCloud Edge デバイス The connection for VoIP signaling (dialing, ringing, etc. for inbound and outbound calls). The connection can optionally be secured.

* Default ranges; ports can be changed in the PureCloud configuration.

Transport/Port (Application) Destination 説明
udp/16384-32768 (RTP/SRTP) PureCloud Edge デバイス The transmission of streaming media (audio). The connection can optionally be secured.

Transport/Port (Application) Destination 説明
tcp/443 (HTTPS) PureCloud, Amazon AWS The secure connection for VoIP signaling (dialing, ringing, etc. for inbound and outbound calls).

tcp/3478 (STUN)

udp/3478 (STUN)

tcp/19302 (STUN)

udp/19302 (STUN)

PureCloud, Amazon AWS

Google*

These ports must be opened for both the client and Edges. These are used for the srflx and relay candidates. If they are closed, calls will have a high rate of failure.

* Third-party service; not hosted by PureCloud.

Transport/Port (Application) Destination 説明

udp/16384-65535 (SRTP/TURN)

PureCloud Edge devices, PureCloud, Amazon AWS

The transmission of secured streaming media (audio).

For more information, see Ports and services for WebRTC.

BYOC Premises

Transport/Port (Application) Destination 説明
tcp/443 (HTTPS) Polycom ZTP The secure connection an unconfigured Polycom device will make to discover its initial configuration.

† Third-party service; not hosted by PureCloud.

Transport/Port (Application) Destination 説明

tcp/80 (HTTP)

tcp/443 (HTTPS)

PureCloud Global Phone Provisioning (AWS) The connection a phone makes for organization level configuration. The connection can optionally be secured.

tcp/8088 (HTTP)* [legacy]

tcp/8089 (HTTPS)*[legacy]

tcp/80 (HTTP)*

tcp/443 (HTTPS)*

PureCloud Edge デバイス The connection a phone makes for VoIP configuration. The connection can optionally be secured.

* Default ranges; ports can be changed in the PureCloud configuration.

Transport/Port (Application) Destination 説明

udp/8060 (SIP)*

tcp/8060 (SIP)*

tcp/8061 (SIPS)*

PureCloud Edge デバイス The connection for VoIP signaling (dialing, ringing, etc. for inbound and outbound calls). The connection can optionally be secured.

* Default ranges; ports can be changed in the PureCloud configuration.

Transport/Port (Application) Destination 説明
udp/16384-32768 (RTP/SRTP) PureCloud Edge デバイス The transmission of streaming media (audio). The connection can optionally be secured.

Transport/Port (Application) Destination 説明
tcp/443 (HTTPS) PureCloud, Amazon AWS The secure connection for VoIP signaling (dialing, ringing, etc. for inbound and outbound calls).

tcp/3478 (STUN)

udp/3478 (STUN)

tcp/19302 (STUN)

udp/19302 (STUN)

PureCloud, Amazon AWS

Google*

These ports must be opened for both the client and Edges. These are used for the srflx and relay candidates. If they are closed, calls will have a high rate of failure.

* Third-party service; not hosted by PureCloud.

Transport/Port (Application) Destination 説明

udp/16384-65535 (SRTP/TURN)

PureCloud Edge devices, PureCloud, and Amazon AWS

The transmission of secured streaming media (audio).

For more information, see Ports and services for WebRTC.


Transport/Port (Application) Destination 説明

udp/5060*

tcp/5060*

tcp/5061*

Edge devices (LDM/premise) The connection for VoIP signaling (dialing, ringing, and so on for inbound and outbound calls). The connection can optionally be secured.

* Default ranges; ports can be changed in the PureCloud configuration.

Transport/Port (Application) Destination 説明
udp/16384-32768 (RTP/SRTP) Edge devices (LDM/premise) The transmission of streaming media (audio). The connection can optionally be secured.


BYOC Cloud


You will need to make sure that your carrier allows traffic from these addresses. 

If you are using a 3rd-party premises-based carrier or PBX device/service, then you need to make sure that connectivity to these addresses is allowed.

Note: Also see the Amazon AWS IP address information in the Domains and IP Addresses section of this article.

Domain byoc.mypurecloud.com
DNS SRV and SIP FQDN <customer prefix>.byoc.mypurecloud.com

Server DNS 

(If SRV not supported)

us-east-1

lb01.byoc.us-east-1.mypurecloud.com

lb02.byoc.us-east-1.mypurecloud.com

lb03.byoc.us-east-1.mypurecloud.com

lb04.byoc.us-east-1.mypurecloud.com


eu-west-1

lb01.byoc.eu-west-1.mypurecloud.ie

lb02.byoc.eu-west-1.mypurecloud.ie

lb03.byoc.eu-west-1.mypurecloud.ie

lb04.byoc.eu-west-1.mypurecloud.ie


eu-central-1

lb01.byoc.eu-central-1.mypurecloud.de

lb02.byoc.eu-central-1.mypurecloud.de

lb03.byoc.eu-central-1.mypurecloud.de

lb04.byoc.eu-central-1.mypurecloud.de


ap-southeast-2

lb01.byoc.ap-southeast-2.mypurecloud.com.au

lb02.byoc.ap-southeast-2.mypurecloud.com.au

lb03.byoc.ap-southeast-2.mypurecloud.com.au

lb04.byoc.ap-southeast-2.mypurecloud.com.au


ap-northeast-1

lb01.byoc.ap-northeast-1.mypurecloud.jp

lb02.byoc.ap-northeast-1.mypurecloud.jp

lb03.byoc.ap-northeast-1.mypurecloud.jp

lb04.byoc.ap-northeast-1.mypurecloud.jp



Note: Firewall settings for BYOC Cloud will be provided by your carrier.

Domains and IP Addresses

Those domains in this list that specifically apply to your network configuration should be whitelisted or approved for authorized access. For more information, see the appropriate Description section in this table.

Owner ドメイン 地域 説明
PureCloud  *.mypurecloud.com North America Provides the PureCloud interface for users and admins; domains are region-specific and each PureCloud organization exists within only one region. Entities with multiple organizations may be deployed in various regions.
*.mypurecloud.com.au Australia & New Zealand

*.mypurecloud.ie

*.mypurecloud.de

Europe
*.mypurecloud.jp 日本
*.ininpcv.com North America  Provides voice and configuration services for PureCloud Voice phones. (PureCloud Voice customers only). This domain is legacy and not used for new customers.
Amazon AWS *.cloudfront.net すべて Provides static content for PureCloud applications.

*.s3.amazonaws.com

*.s3.{region}.amazonaws.com

where {region} is the domain for your particular region.

All Provides S3 download links.
Google *.googleapis.com All Provides cascading style sheet (CSS) and font information.
*.gstatic.com All Provides static content, mainly images.
*.l.google.com All Provides STUN services for Edge devices, VoIP phones, WebRTC softphones, and Collaborate multimedia.
New Relic *.js-agent.newrelic.com All Requests made by client-side New Relic analytics browser applications.
*.bam.nr-data.net All Requests made by client-side New Relic analytics browser applications.
National Institute of Standards and Technology (NIST)

time.nist.gov

All (The global address time.nist.gov is resolved to all of the appropriate server addresses.) The NIST servers listen for an NTP request on port 123, and respond by sending a udp/ip data packet in the NTP format. The data packet includes a 64-bit timestamp.
Polycom *.ztp.polycom.com All Provides zero-touch phone provisioning for Polycom VoIP phones.

† Third-party service; not hosted by PureCloud.

An asterisk (*) prefix indicates that services may exist in one or more subdomains of the defined domain.

PureCloud is deployed in a public cloud environment where IP addresses are expected to change. The IP addresses used by PureCloud are provided by our vendor from their public IP pool, which contains many IP addresses used by many other organizations. All client connections to PureCloud are initiated as outbound connections to PureCloud cloud services. When network access restrictions as used, such as a firewall, PureCloud recommends allowing client outbound access on the specified ports to any IP destination.

The table below lists each vendor and, where available, provides a list of potential IP addresses its services use.

Note: Vendors may update the lists at any time without notice.

Owner Services IP addresses 説明
Amazon AWS PureCloud
Amazon AWS (CloudFront, S3, and others)
https://ip-ranges.amazonaws.com/ip-ranges.json Amazon AWS utilizes a large set of IP address ranges. Services deployed in AWS can use any of these addresses, and addresses are subject to change frequently. Amazon provides and maintains a list of available IP addresses, which is subject to change. More details are available here: http://docs.aws.amazon.com/general/latest/gr/aws-ip-ranges.html
Google Google does not provide a list of potential IP addresses its services use.
New Relic NewRelic provides IP and domain details here: https://docs.newrelic.com/docs/apm/new-relic-apm/getting-started/networks
Polycom Polycom does not provide a list of potential IP addresses its services use.

Note: PureCloud does not own any of the IP addresses it uses, rather all addresses come from third-party service provider IP pools. The availability of potential IP address lists depends on each provider providing those IP addresses. IP lists that are provided do not only list IP in use by PureCloud, but will include IP addresses used by other non-PureCloud services.

PureCloud strongly recommends that the Edges sit behind a NAT that follows the Internet best current practice for UDP as defined in RFC4787. PureCloud requires the NAT to provide “endpoint-independent mapping” behavior. If both peers of a WebRTC media session sit behind NATs that do not provide endpoint-independent mapping behavior, the media traffic often requires a relay through a TURN server. Relay through a TURN server results in increased latency and impairs the WebRTC user experience.

改訂履歴


日付

改訂

March 22, 2019

Removed reference to Google Analytics from the Domains and IP Addresses section.. PureCloud no longer uses Google Analytics.

February 19, 2019

Reset WebRTC Media Transport/Port (Application) port numbers 

FROM

udp/16384-32768 (SRTP/TURN)

udp/49152-65535 (SRTP/TURN)

TO

udp/16384-65535 (SRTP/TURN)

Unable to remove the upper range at this time.

For more information, see Deprecation: TURN port range.

2018年11月21日

Removed Pendo references from the Domains and IP Addresses section. PureCloud no longer supports Pendo.

2018年10月31日

Added links to the Ports and services for WebRTC article to the following sections:

PureCloud Edge>Edge Devices>WebRTC

PureCloud Voice>WebRTC Phones

BYOC Premises>WebRTC Phones

August 24, 2018

Added region directive to the Domains and IP Addresses>Domains section in the Amazon AWS row to specify that regional domain names are now needed to provide the S3 download links. 

*.s3.{region}.amazonaws.com

where {region} is the domain for your particular region.

July 12, 2018

Added *.mypurecloud.de to the Domains and IP Addresses>Domains section to reflect that we have a new region in Europe: eu-central-1.

June 26, 2018

Reworded the Description of *.cloudfront.net under the Domains and IP Addresses>Domains section to indicate that this domain covers a host of PureCloud applications. For example, in addition to the PureCloud user interface, it covers client integrations, such as PureCloud for Salesforce, and plugins, such as co-browse.

June 25, 2018

Added Transport/Port/Application information to the PureCloud Voice>WebRTC Phones>WebRTC Signaling and
BYOC Premises>WebRTC Phones>WebRTC Signaling sections. (This information was already in the article under the PureCloud Edge>Edge devices>WebRTC>WebRTC Station Trunk section.)

April 2, 2018

Reorganized the layout of the article using new headings and expandable sections containing information broken out in tabs to make is easier to find the configuration details required for particular configuration. The reorganization also allowed the incorporation of new content from the addition of BYOC. See About BYOC.

January 8, 2018

Added Co-browse to the table in the Chat and Video section.

May 30, 2017

In the Destination column, changed PureCloud (AWS) to PureCloud, Amazon AWS to illustrate we connect to PureCloud and Amazon AWS owned domains and Amazon AWS owned IP addresses.

May 3, 2017

Added firewall firewalls firewall firewalls firewall port port port for search results

March 9, 2017

Added NIST server address info to Core Services and Domain and IP Addresses sections.

January 31, 2017

Complete redo of page based on feedback from development.

December 21, 2016

IPアドレスで記載されていた表形式の記載を削除。

December 16, 2016

Network Time Protocol (NTP)関係で、デフォルトの照会先を time.nist.gov に変更。

December 19, 2016

Edge Group通信用の、ポート8062及び8063を、テレフォニーサービスのセクションに追加。

November 30, 2016

ドメイン名とIPアドレスのセクションに説明欄を追加。

November 21, 2016

ドメイン名とIPアドレスのセクションに ztp.polycom.com を追加。

November 17, 2016

WebRTCサービスのセクションに、幾つか具体的なIPアドレスを追加。

2016年11月16日

コラボレーションサービスのセクションに、幾つか具体的なIPアドレスを追加。

November 15, 2016

WebRTCサービスのセクションにNATに関するメモを追加し、Edgeやエージェントのネットワークに関してオープンすべきポートの記載等を行いました。

コラボレーションサービスのセクションにWebSocketに関する記載を追加。

November 10, 2016

テレフォニー サービスによって使用される特定の IP アドレスを、テレフォニー サービスのセクションに追加。

October 31, 2016

新しいレリック情報をドメインと IP アドレスのテーブルに追加しました。

October 25, 2016

NTP サーバーのポート 123 をテレフォニー サービスのテーブルに追加しました。

2016 年 10 月 24 日

IP アドレス 8.8.8.8 をドメインと IP アドレスのテーブルに追加しました。

October 20, 2016

DNS ポートを複数のテーブルに追加しました。

2016年10月19日

改訂履歴テーブルを追加しました。