Network Requirements For Webex Services

Revision Date

New and Changed Information

10/14/2022New slido URL added : *.slido-assets-production.s3.eu-west-1.amazonaws.com9/15/2022New IP subnet for media added : 20.120.238.0/23 (Azure Data Centre for VIMT)9/12/2022URLs for Webex Scheduler for Microsoft Outlook added.8/12/2022A note was added in Port Number and Protocols section. RoomOS devices do not send media transported over TLS to a configured Proxy server.8/12/2022The IP subnets for Webex media – AWS IP subnet 18.230.160.0/25 have been removed from the IP subnets table. These media nodes now used Cisco-owned IP addresses in subnets already listed in the table.8/12/2022A note was added to emphasize that access to all domains and subdomains is required for the listed URLs under the Domains and URLs for Webex services section.6//25/2022Requirements for Google and Apple notification services added6/25/2022New webex URL *.webexapis.com added to the domains and URLs table6/22/2022Additional guidance added for SIP deployments with Cisco Unified CM4/5/2022Removal of AWS IP subnets for media services – these subnets are obsolete12/14/2021New media UDP port ranges (50,000 – 53,000) added for Video Mesh Node
Port 9000 for media over TCP removed – Use of this destination port for media over TCP will be deprecated in January 2022
Port for media over UDP and TCP removed – Use of the destination port for media over UDP and TCP will be deprecated in January /11/2021Updated Webex Services-Port Numbers and Protocols & Cisco Webex Services URLs table.10/27/2021Added *.walkme.com and s3.walkmeusercontent.com in the domains table.10/26/2021Added Guidance on Proxy settings for Windows OS10/20/2021Added CDN URLs to the domain allow list in your firewall10/19/2021The Webex app uses AES-256-GCM or AES-128-GCM to encrypt content for all Webex Meeting types.10/18/2021Added new IP subnets (20.57.87.0/24*, 20.76.127.0/24* and 20.108.99.0/24*) used to host Video Integration for Microsoft Teams (aka Microsoft Cloud Video Interop) services, and the domains (*.cloudfront.net, *.akamaiedge.net, *.akamai.net and *.fastly.net) that we have added for Content Delivery Networks used by Webex services10/11/2021Updated the Trust Portal link in Domain and URL section.10/04/2021Removed *.walkme.com and s3.walkmeusercontent.com from domains table as they are no longer needed.07/30/2021Updated the Note in Proxy Features section07/13/2021Updated the Note in Proxy Features section07/02/2021Changed *.s3.amazonaws.com to *s3.amazonaws.com06/30/2021Updated the Additional URLs for Webex Hybrid Services list.06/25/2021Added *.appdynamics.com domain to the list06/21/2021Added *.lencr.org domain to the list.06/17/2021Updated Ports and Protocols for Webex SIP Services table06/14/2021Updated Ports and Protocols for Webex SIP Services table05/27/2021Updated the table in Additional URLs for Webex Hybrid Services section.04/28/2021Added domains for Slido PPT add-in and to allow Slido webpages to create polls/quizzes in pre-meeting04/27/2021Added 23.89.0.0/16 IP range for Webex Edge Audio04/26/2021Added 20.68.154.0/24* as it is an Azure Subnet04/21/2021Updated the Webex Services CSV file under Additional URLs for Webex Hybrid Services04/19/2021Added 20.53.87.0/24* as it is an Azure DC for VIMT/CVI04/15/2021Added domain *.vbrickrev.com for Webex Events Webcasts.03/30/2021Substantial document layout revision.03/30/2021Details of Webex web-based app and Webex SDK media support added (No media over TLS).03/29/2021Webex Edge for devices features listed with a link to the documentation.03/15/2021Added domain *.identrust.com02/19/2021Added section for Webex Services for FedRAMP customer01/27/2021*.cisco.com domain added for Cloud Connected UC service, and Webex Calling onboarding IP subnets for Video Integration for Microsoft Teams (aka Microsoft Cloud Video Interop) indicated by *01/05/2021New document that describes the network requirements for the Webex app Meetings and Messaging services11/13/20Removed subnet /23 from the IP subnets for media table10/7/2020Removed *.cloudfront.net row from Additional URLs for Webex Teams Hybrid Services9/29/2020New IP subnet (20.53.87.0/24) added for Webex Teams Media services9/29/2020Webex devices renamed to Webex Room devices9/29/2020*.core-os.net URL removed from table : Additional URLs for Webex Teams Hybrid Services9/7/2020Updated AWS regions link08/25/20Simplification of the table and text for Webex Teams IP subnets for media8/10/20Additional details added on how reachability to media nodes is tested and Cisco IP subnet usage with Webex Edge Connect7/31/20Added new IP subnets for media services in AWS and Azure data centers7/31/20Added new UDP destination media ports for SIP calls to the Webex Teams cloud7/27/20Added 170.72.0.0/16 (CIDR) or 170.72.0. .72.255.255 (net range)5/5/20Added sparkpostmail.com in Third Party domains table4/22/20Added new IP range 150.253.128.0/1703/13/20New URL added for the walkme.com service
TLS media transport for Room OS devices added
New section added : Network Requirements for Hybrid Calling SIP Signalling
Link added for the Webex Calling network requirements document12/11/19Minor text changes, Update of the Webex Teams Apps and Devices – Port Numbers and Protocols table, Update and reformat of the Webex Teams URLs tables. Remove NTLM Proxy Auth support for Management Connector and Call Connector hybrid services10/14/19TLS Inspection support for Room Devices added9/16/2019Addition of TCP support requirement for DNS systems using TCP as a transport protocol.
Addition of the URL *.walkme.com – This service provides onboarding and usage tours for new users.
Amendments to the service URLs used by Web Assistant.8/28/2019*.sparkpostmail1.com URL added
e-mail service for newsletters, registration info, announcements8/20/2019Proxy support added for Video Mesh Node and Hybrid Data Security service8/15/2019Overview of Cisco and AWS data centre used for Webex Teams Service.
*.webexcontent.com URL added for file storage
Note on deprecation of clouddrive.com for file storage
*.walkme.com URL added for metrics and testing7/12/2019*.activate.cisco.com and *.webapps.cisco.com URLs added
Text to Speech URLs updated to *.speech-googleapis.wbx2.com and
*.texttospeech-googleapis.wbx2.com
*.quay.io URL removed
Hybrid Services Containers URL updated to *.amazonaws.com6/27/2019Added *.accompany.com allowed list requirement for People Insights feature4/25/2019Added ‘Webex Teams services’ for line about TLS version support.
Added ‘Webex Teams’ to media streams line under Media traffic.
Added ‘geographic’ before region in Webex Teams IP subnets for media section.
Made other minor edits to wording.
Edited Webex Teams URLs table, by updating URL for A/B testing & metrics, and adding new row for Google Speech Services.
In ‘Additional URLs for Webex Teams Hybrid Services’ section, removed ‘10.1’ version info after AsyncOS.
Updated text in ‘Proxy Authentication Support’ section.
3/26/2019Changed the URL linked here “please refer to the WSA Webex Teams configuration document for guidance” from /c/dam/en/us/products/collateral/security/web-security-appliance/guide-c .pdf to /c/en/us/td/docs/security/wsa/wsa11-5/user_guide/b_WSA_UserGuide_11_5_1.html

Changed the URL “api.giphy.com” to *.giphy.com2/21/2019Updated ‘Webex Calling’ to read “Webex Calling (formerly Spark Calling) as requested by John Costello, due to upcoming product launch of same name – Webex Calling through BroadCloud.2/6/2019Updated text ‘Hybrid Media Node’ to read ‘Webex Video Mesh Node’1/11/2019Updated text ‘End to End encrypted files uploaded to Webex Teams spaces and Avatar storage’ to now read ‘End to End encrypted files uploaded to Webex Teams spaces, Avatar storage, Webex Teams branding Logos’1/9/2019Updated to remove following line: ‘*In order for Webex Room devices to obtain the CA certificate necessary to validate communication through your TLS-inspecting proxy, please contact your CSM, or open a case with the Cisco TAC.’5th December 2018Updated URLs: Removed ‘https://’ from 4 entries in the Webex Teams URLs table:

-> api.giphy.com
-> safebrowsing.googleapis.com
/ncsi.txt -> msftncsi.com/ncsi.txt
/hotspot-detect.html -> captive.apple.com/hotspot-detect.html

* Updated linked .CSV file for Webex Teams to show revised links shown above

30th November 2018New URLs :
*.ciscosparkcontent.com, *.storage101.ord1.clouddrive.com, *.storage101.dfw1.clouddrive.com, *.storage101.iad3.clouddrive.com, , , /ncsi.txt, /hotspot-detect.html, *.segment.com, *.segment.io, *.amplitude.com,*.eum-appdynamics.com, *.docker.io, *.core-os.net, *.s3.amazonaws.com, *.identity.api.rackspacecloud.comSupport for additional Proxy Authentication Methods for Windows, iOS and AndroidWebex Board adopts Room Device OS and features ; Proxy features shared by Room Devices: SX, DX, MX, Room Kit series and Webex BoardSupport for TLS Inspection by iOS and Android AppsRemoval of support for TLS Inspection removed on Room Devices: SX, DX, MX, Room Kit series and Webex BoardWebex Board adopts Room Device OS and features ; 802.1X support21st November 2018Following Note added to IP Subnets for media section : The above IP range list for cloud media resources is not exhaustive, and there may be other IP ranges used by Webex Teams which are not included in the above list. However, the Webex Teams app and devices will be able to function normally without being able to connect to the unlisted media IP addresses.19th October 2018Note added : Webex Teams use of third parties for diagnostic and troubleshooting data collection; and the collection of crash and usage metrics. The data that may be sent to these third party sites is described in the Webex Privacy datasheet. For details see :/c/dam/en_us/about/doing_business/trust-center/docs/cisco-webex-privacy-data-sheet.pdfSeparate table for Additional URLs used by Hybrid Services : *.cloudfront.net, *.docker.com, *.quay.io, *.cloudconnector.cisco.com, *.clouddrive.com7th August 2018Note added to Ports and Protocols table : If you configure a local NTP and DNS server in the Video Mesh Node’s OVA, then ports 53 and 123 are not required to be opened through the firewall.7th May 2018Substantial document revision24th April 2022Updated to change the order of the paragraphs in the section for IP Subnets for Webex media services. The paragraph starting with “If you have configured your firewall .. ” was moved below the paragraph starting with “Cisco does not support …”