How Do I Allow Webex Meetings Traffic on My Network?
The Webex Meetings software and SIP/H323 video collaboration devices have certain network requirements that must be met. Note: If you are also joining (or intend to join) Webex Meetings from any of the following apps or devices: Webex app (desktop, mobile, and web-based apps), Cloud Registered Webex Devices Note: If you are also joining (or plan to join) Webex Meetings from any of the following apps or devices: (including Webex Boards). Use the following document instead of this one. It not only contains the requirements for the Webex Meetings client, but it also includes the requirements for video collaboration devices: https://help.webex.com/WBX000028782/Network-Requirements-for-Webex-Services. Webex services have specific requirements for their networks.
- How do I allow Webex Meetings traffic on my network?
- Network Requirements
- Network Requirements for Cisco Webex
- How do I optimize firewall and proxy settings for use with Webex services?
- What ports need to be opened to use Webex services?
- What exceptions should I add to my firewall for Webex?
- What IP range is assigned to Webex?
- What settings does Webex recommend for proxy servers?
Ports used by Webex Meeting Clients
Webex website, Webex Desktop App/Productivity Tools, Webex Meetings for Android/iOS, Webex Web App | ||||
Protocol | Port Number(s) | Direction | Access Type | Comments |
TCP | 80 / 443 | Outbound | Webex Client Access port and Webex Events (Audio Streaming) | For the purpose of exchanging preliminary meeting setup information, the Webex client signaling channel is utilized. alternative port for media communication in the event that the firewall does not permit UDP port access. Webex Events Audio Broadcast is being transmitted currently. |
TCP/UDP | 53 | Outbound | DNS | Utilized for conducting DNS lookups in order to locate the IP addresses of Webex servers located in the cloud. Even though DNS lookups are typically performed over UDP, certain ones may need to be done over TCP if the query responses are too large to accommodate in UDP packets. |
UDP | 9000 | Outbound to Webex | Primary Webex Client Media (VoIP & Video RTP) | The Webex client media port is used for transferring audio and video from computers and webcams, as well as sharing material with other users. The opening of this channel is necessary in order to guarantee the highest quality of all media experiences. |
TCP | 5004, 443, 80 | Outbound to Webex | Alternate Webex Client Media (VoIP & Video RTP) | alternative ports for media communication in the event that the UDP port 9000 is blocked by the firewall. |
TCP/UDP | Operating System Specific Ephemeral Ports | Inbound | Return traffic from Webex | As soon as the client establishes a connection, Webex will begin communicating with the destination port it has been given. These return connections should be allowed through the firewall after they have been established properly. |
TCP | 443 | Inbound | Proximity | The device that is connecting must have an IPv4 routeable path between itself and the device that is using HTTPS in order to communicate. |
UDP | 5004 | Outbound | Webex Client Media | Out-of-meeting sharing to Cisco Video Collaboration Devices is done over UDP channel 5004, which is used for this purpose. |
Ports used by Cisco Video Collaboration Devices
These ports are provided as a reference only. Please refer to the deployment guide/manufacturer recommendation for full details.
Protocol | Port Number(s) | Direction | Access Type | Comments |
TCP | 5060-5070 | Outbound | SIP signaling | The Webex media edge is listening on the frequency range of 5060 to 5070. Please refer to the configuration guide for the particular service that is being utilized for any further information: Cisco Webex Meeting Center Video Conferencing Enterprise Deployment Guide.pdf |
TCP | 5060, 5061 and 5065 | Inbound | SIP signaling | Signaling traffic coming in through the Webex cloud using SIP. |
TCP / UDP | 1719, 1720 and port 15000-19999 | Inbound and Outbound | H.323 LS | If the communication between your endpoint and the gatekeeper is required, you must also enable port 1719, which is used by Lifesize. |
TCP/UDP | Ephemeral Ports 36000-59999 |
Inbound and Outbound | Media ports | The media ranges on a Cisco Expressway should be adjusted to 36000–59999 if you are using one. If you are going to use an endpoint or call control that is provided by a third party, they will need to be configured so that they can use this region. |
For on-premise Video Device network configuration refer to the following guide: Cisco Expressway IP Port Usage – Configuration Guide
Ports used by Webex Edge Audio
Protocol | Port Number(s) | Direction | Access Type | Comments |
TCP | 5061, 5062 | Inbound | SIP Signaling | Signaling coming inbound over SIP for Webex Edge Audio |
TCP | 5061, 5065 | Outbound | SIP Signaling | Signaling over SIP in the outbound direction for Webex Edge Audio |
TCP/UDP | Ephemeral Ports 8000 – 59999 |
Inbound and Outbound | Media Ports | For outbound traffic to Expressway, pinholes need to be opened up on an enterprise firewall. The port range for this traffic should be between 8000 and 59999. |
List of IP address ranges used by Cisco Webex Meeting Services
- 23.89.0.0/16 (CIDR) or 23.89.0.0 – 23.89.255.255 (net range)
- 62.109.192.0/18 (CIDR) or 62.109.192.0 – 62.109.255.255 (net range)
- 64.68.96.0/19 (CIDR) or 64.68.96.0 – 64.68.127.255 (net range)
- 66.114.160.0/20 (CIDR) or 66.114.160.0 – 66.114.175.255 (net range)
- 66.163.32.0/19 (CIDR) or 66.163.32.0 – 66.163.63.255 (net range)
- 69.26.160.0/19 (CIDR) or 69.26.160.0 – 69.26.191.255 (net range)
- 114.29.192.0/19 (CIDR) or 114.29.192.0 – 114.29.223.255 (net range)
- 150.253.128.0/17 (CIDR) or 150.253.128.0 – 150.253.255.255 (net range)
- 170.72.0.0/16 (CIDR) or 170.72.0.0 – 170.72.255.255 (net range)
- 170.133.128.0/18 (CIDR) or 170.133.128.0 – 170.133.191.255 (net range)
- 173.39.224.0/19 (CIDR) or 173.39.224.0 – 173.39.255.255 (net range)
- 173.243.0.0/20 (CIDR) or 173.243.0.0 – 173.243.15.255 (net range)
- 207.182.160.0/19 (CIDR) or 207.182.160.0 – 207.182.191.255 (net range)
- 209.197.192.0/19 (CIDR) or 209.197.192.0 – 209.197.223.255 (net range)
- 210.4.192.0/20 (CIDR) or 210.4.192.0 – 210.4.207.255 (net range)
- 216.151.128.0/19 (CIDR) or 216.151.128.0 – 216.151.159.255 (net range)
Domains that need to be allowed
Webex suggests that users never cache their information, regardless of the circumstances. The meeting applications that connect to Webex Meetings will use the following domain(s) in order to access the service:
Client Type | Domain(s) |
Webex Meetings Desktop Application | *.wbx2.com *.ciscospark.com *.webexcontent.com |
Connecting Webex Desktop Clients (Mac and PC, as well as WebApp, a browser-based thin client) to Webex Meetings | *.webex.com |
On-premises SIP or H323 devices making a connection into or receiving a call from a Webex Meeting | *.webex.com (note IP dialing also available) |
Webex Mobile Clients (iOS, Android) connecting to Webex Meetings | *.webex.com |
Certificate Validation | *.identrust.com *.quovadisglobal.com *.digicert.com *.godaddy.com *.lencr.org *.intel.com |
People Insights Integration | *.accompany.com |
Webex Meetings site performance analytics and Webex App | *.eum-appdynamics.com *.appdynamics.com |
Webex Events Webcasts (Attendees only) | *.vbrickrev.com |
Used for the Slido PPT add-in and to enable surveys and quizzes to be created in the pre-meeting using Slido webpages. | *.slido.com *.sli.do *.data.logentries.com |
You need to enable the list of domains outlined in the following section if you have Webex app Desktop Clients, Cloud Registered Devices (including Webex Boards), and other devices connecting to Webex Meetings. https://help.webex.com/WBX000028782/Network-Requirements-for-Webex-Teams-Services |
Refer to the Webex Peering Policy for more information regarding the advertising of all Webex-hosted services under the AS13445 identifier. The inclusion of services that are managed by other service providers is not part of this offering. This encompasses the systems of our content delivery partners as well as TSP partner systems. If you are connecting to systems that are managed by a partner, such as a Partner VoIP system, you will need to obtain the appropriate IP addresses and ports from the partner. Please contact the partner for this information.
Guidance on IPS firewall:
- Avoid using a firewall, intrusion prevention system (IPS), or any of the other kinds of DoS protection (allowed) when dealing with Webex traffic (defined by Webex IP CIDR blocks), particularly media traffic.
- In the event that IPS cannot be used as a bypass, appropriate sizing must be performed to ensure that IPS has sufficient capacity to manage the audio and visual throughput for a large number of participants.
- If IPS cannot be circumvented, then the signature and the threshold need to be appropriately fine-tuned in order to prevent Webex traffic from being incorrectly categorized and, as a result, dropped.
- Investigate any intrusion prevention system (IPS) warnings that are generated against Webex traffic by monitoring the firewall alerts.
Note: The following UserAgents will be passed by Webex as part of the utiltp process in Webex; therefore, these UserAgents should be permitted to travel through the firewall of an organization:
- UserAgent=WebexInMeetingWin
- UserAgent=WebexInMeetingMac
- UserAgent=prefetchDocShow
- UserAgent=standby
Guidance on Proxy servers:
- SNI extension for TLS media connections is not supported by the Webex conference client. Failure to establish a connection to the Webex audio and video services will take place if a proxy server stipulates the existence of SNI.
Revision Date | New and Changed Information |
10/24/2022 | Updated for inclusive language |
12/21/2021 | Added the UDP port 5004 Outbound to Webex Media Client |
11/11/2021 | Added *.intel.com to the required Certificate Validation. |
11/04/2021 | Updated *.letcr.org to *.lencr.org cert |
10/27/2021 | Added *.godaddy.com and *.letcr.org Cert |
10/04/2021 | Removed *.walkme.com and s3.walkmeusercontent.com from domains table as they are no longer needed. |
08/25/2021 | Changed *.webexcontent.com (1) to *.webexcontent.com |
07/29/2021 | Added *.webexcontent.com (1) URL added for file storage |
07/08/2021 | Removed the range 20.68.154.0 – 20.68.154.255 |
06/25/2021 | Added *.appdynamics.com and s3.walkmeusercontent.com domains to the list |
05/11/2021 | The list of IP addresses was arranged in order. |
05/06/2021 | Added the CIDR notation 20.68.154.0/24 or the network region 20.68.154.0 – 20.68.154.255 for the sole purpose of Cisco Webex Video Integration for Microsoft Teams (Microsoft CVI) media traffic. |
04/28/2021 | Added domains for the Slido PowerPoint add-in and made it possible for pre-meeting Slido websites to contain polls and quizzes. |
04/27/2021 | Added 23.89.0.0/16 (CIDR) or 23.89.0.0 – 23.89.255.255 (net range) for Webex Edge Audio |
04/26/2021 | Added UserAgents in Webex during utiltp process. |
0415/2021 | Domain *.vbrickrev.com for Webex Events Webcasts was added. |
04/01/2021 | Domains that need to be allowed – Table was updated. |
3/15/2021 | Added IdenTrust certificates domain. |
3/10/2021 | Removed UDP 5004 Outbound to Webex |
2/23/2021 | Added: UDP Port: 9000, 5004 and TCP: 5004, 443, 80 Webex Client Media |
1/06/2021 | Added TCP/UDP Ephemeral Ports Outbound Port range. |
12/7/2020 | Added section: Guidance on Proxy servers |
10/23/2020 | Added *.eum-appdynamics.com to domains |
7/31/2020 | Added *.wbx2.com and *.ciscospark.com domains |
7/27/2020 | Added 170.72.0.0/16 (CIDR) or 170.72.0.0 – 170.72.255.255 (net range) |
7/24/2020 | Added Guidance on IPS firewall |
6/1/20 |
|
4/29/20 | Added *.digicert.com for Cert Validation |
4/22/20 | Added new IP range 150.253.128.0/17 |
3/27/20 | New introductory paragraph has been included in the solution. The comments on the table titled “Webex website, Webex Desktop App/Productivity Tools, Webex Meetings for Android/iOS, Webex Web App” have been brought up to speed. |
3/3/2020 | Provided an update for Port Exceptions |
2/14/2020 | UDP 9000 for AB was removed and added Audio Broadcast is only available on TCP port 443. |
1/29/2020 | Access Type Column: Alternate Webex Client Media (VoIP and Video RTP) |
12/11/2019 | Added “port 80” in Table 1 – Row # 4. |
10/30/19 | For Edge Audio – On an enterprise firewall, pinholes need to be opened up for incoming traffic to Expressway with port range from 8000 – 59999 |
07/25/2019 | Updated text for UDP 9000, and completely new row for TCP 5004. Since TCP 5004 port is going to be deferred from the 39.7 release. |
6/27/2019 | Added People Insights *.accompany.com domain requirement |
5/23/2019 | Added 170.133.128.0/18 range |
2/27/2019 | Added info for China Clusters link to new article WBX9000018173 |