Captured 12/1/2020 from https://pexip.me/test/firewall

General Firewall rules (recommended)

We recommend using general Firewall rules that allow for outgoing traffic, as shown in the table below. This will always work in all regions as well as for future upgrades of our infrastructure. Please supply your network administrator with these details.

We also recommend turning off any SIP or H.323 application gateways or fixup that may be enabled in the Firewall.

Pexip web and desktop

REQUIREDSERVICEHOSTTRANSPORTPORTSRULE
MandatoryPexip desktop appAnyTCP443Outgoing, established
RecommendedPexip desktop appAnyUDP10000Outgoing, established

Registered Video Conferencing hardware

1) Service network

The following ports need to be open in order for us to provision and service your video units and apps.

REQUIREDSERVICEHOSTTRANSPORTPORTSRULE
MandatoryProvisioning and Phone bookANYTCP389, 443Outgoing, established

2) Calling network

The following ports need to be open to allow call signaling and media for video units and Polycom apps. Only traffic initiated from the inside is to be allowed.

REQUIREDSERVICEHOSTTRANSPORTPORTSRULE
MandatoryCall signalingANYTCP5060, 5061Outgoing, established
MandatoryMediaANYUDP10000-65535Outgoing, established

3) Extra services

Open these for a better service experience.

REQUIREDSERVICEHOSTTRANSPORTPORTSRULE
RecommendedNetwork Time ProtocolANYUDP123Outgoing, established

Alternative rules, limited hosts / networks to open in your Firewall

Some security policies may require limiting IP addresses. If this is the case, the following networks should be opened in your Firewall. We recommend opening for the Global network segments, as this has presence in Europe, the Americas, and most of Asia. If your office is located in Southern Africa, the network segments for those regions are required as well.

The servers on these IP addresses work as application layer gateways and only relay audio/video traffic, so trusting these IP addresses should be safe from a security point of view.

Pexip web and desktop

REQUIREDSERVICEHOSTTRANSPORTPORTSRULE
MandatoryPexip desktop appmpg.videxio.net, static.videxio.net, IP ranges listed below in Calling network
TCP443Outgoing, established
RecommendedPexip desktop appmpg.videxio.net, static.videxio.net, IP ranges listed below in Calling network
(We recommend allowing the FQDN due to geo-DNS)
UDP10000Outgoing, established

Registered Video Conferencing hardware

1) Service network

REQUIREDREGIONNETWORKNETMASKTRANSPORTPORTSRULE
Mandatory
(for all customers)
Global
(for all 5 segments)
176.121.88.0255.255.248.0 (/21)TCP389, 443Outgoing, established
91.240.204.0255.255.252.0 (/22)TCP389, 443Outgoing, established
91.240.195.0255.255.255.0 (/24)TCP389, 443Outgoing, established
185.94.240.0255.255.252.0 (/22)TCP389, 443Outgoing, established
46.137.184.162255.255.255.255 (/32)TCP389, 443Outgoing, established
Required for regionSouthern Africa196.34.160.224255.255.255.224 (/27)TCP389, 443Outgoing, established

2) Calling network

Opening for at least one of the regions below is required. For most customers, the Global region is enough unless they are located in Southern Africa:

REQUIREDREGIONNETWORKNETMASK
Mandatory
(for all customers)
Global
(for all 4 segments)
176.121.88.0255.255.248.0 (/21)
91.240.204.0255.255.252.0 (/22)
91.240.195.0255.255.255.0 (/24)
185.94.240.0255.255.252.0 (/22)
Required for regionSouthern Africa196.34.160.224255.255.255.224 (/27)

These destination ports are required to allow for outbound initiated traffic and its return traffic:

REQUIREDTRANSPORTPORTSRULE
MandatoryTCP389, 443, 5060, 5061Outgoing, established
MandatoryUDP10000-65535Outgoing, established

3) Extra services

Open these for a better service experience.

REQUIREDSERVICEHOSTTRANSPORTPORTSRULE
RecommendedNetwork Time Protocol176.58.109.199UDP123Outgoing, established