Alignment of firewall addresses on the Pexip Service

This article describes changes to the firewall policy on the Pexip Service that are scheduled to come into effect from July 2021, and notification of the deprecation of previous policy addresses.

The purpose of these changes is to align the range of addresses used by the service network (which is used to provision and service your video units and apps) with the calling network.

New service network addresses for registered video conferencing hardware (effective July 2021)

On the service network we currently require you to open traffic to TCP 389/443 at 46.137.184.162 for provisioning and phonebook services.

  • From 1 July 2021 the service network will start using the same standard range of addresses (as listed below) that are already in use by the calling network.
  • Some time soon after 1 July 2021 the service network will stop using 46.137.184.162.

To prepare for this switchover please ensure that your firewall policy has the following rules in place by 1 July 2021:

RequiredRegionNetworkNetmaskTransportPortsRule
New standard range of addresses to be used on the service network — must be in place by 1 July 2021
Mandatory
(for all customers)
Global
(for all 5 segments)
176.121.88.0255.255.248.0 (/21)TCP389, 443Outgoing, established
91.240.204.0255.255.252.0 (/22)TCP389, 443Outgoing, established
91.240.195.0255.255.255.0 (/24)TCP389, 443Outgoing, established
185.94.240.0255.255.252.0 (/22)TCP389, 443Outgoing, established
Required for regionSouthern Africa196.34.160.224255.255.255.224 (/27)TCP389, 443Outgoing, established
Existing rule — still required until the end of the transition period (some time after July 2021)
Mandatory
(for all customers)
Global
(for all 5 segments)
46.137.184.162255.255.255.255 (/32)TCP389, 443Outgoing, established

Note that in your existing firewall rules you may already have enabled the standard addresses for the service network, as they are the same as those used by the service on its calling network.

The timetable for the switchover is shown in the following diagram:

The Pexip Service continues to mandate access to 46.137.184.162 until 1 July 2021, at which point the service network will switch over to the new addresses. We recommend that you check your existing firewall policies to ensure that the addresses and ports listed above are allowed, so that you are ready for the switchover. These firewall rules for the service network must be in place by 1 July 2021.

To view all of the new and current rules, see https://pexip.me/test/firewall.

Other changes

The requirement for the SNMP Traps service (UDP 162) has been removed.