Knowledgebase
Firewall Exceptions
Posted by Nancy Rodgers on 30 May 2018 01:09 PM

The ESChat client requires specific network routes to communicate between the host device (such as a smartphone or computer running the client) and the remote servers.  We continue to push our architecture and deployment model forward to improve security and redundancy for our customers. If you currrently have firewall rules in place, the following tables outline existing and new rules that are required to support our newest servers and our disaster recovery instances.  All ports are outbound only. Please enter all information as listed in the tables. We do not control IP ranges required by third party providers. While most third party vendors will accept IP addresses, Google Maps requires the DNS name: https://maps.googleapis.com/

If your device has a firewall enabled or is on a network that operates behind a firewall, such as many corporate wired and Wifi networks, it may be blocking connectivity to our server and/or audio from passing through.  If you experience problems or need assistance changing the settings of your firewall, please contact your IT staff.

This document is specific to the NA AWS cloud deployments:

ESChat requires various ports to be opened for both inbound & outbound traffic to IP addresses listed below (8 including the Disaster Recovery addresses).  The signaling port and data port range are specific to each customer's build.

1. ESChat requires various ports to be opened for outbound traffic to 4 IP addresses, as listed below.

The signaling port and data port range are specific to each customer's build.  New IPs are shown in Bold.  Please contact Support to obtain your specific port(s) if you do not know them.

Description

IP Address  

Port(s)

Type

ESChat Provisioning server

Primary: 54.215.171.160

54.219.123.13

Disaster Recovery:

35.153.48.78

35.169.252.174

80 & 443

TCP

ESChat Signaling Port

Primary: 54.193.35.65

52.8.165.33

13.56.203.56

54.193.233.42

Disaster Recovery: 34.198.152.141

34.199.159.184

34.195.225.226

35.174.119.55

 

To determine your signaling port, go to the Administrative Portal and view your customer profile. You'll see your TCP Signaling Port.

TCP

ESChat Data Ports

Primary:

54.193.35.65

52.8.165.33

13.56.203.56

54.193.233.42

Disaster Recovery:

34.198.152.141

34.199.159.184

34.195.225.226

35.174.119.55

Port

thru

Port + 8

UDP

 

2.    AWS requires 2 ports be opened for outbound traffic for outbound traffic  to various IP ranges due to the Elastic Load Balancer (ELB).

        You can find more documentation on AWS IP Ranges here: http://docs.aws.amazon.com/general/latest/gr/aws-ip-ranges.html

        A real time JSON file that lists all AWS IP ranges by region and availability zone here: https://ip-ranges.amazonaws.com/ip-ranges.json

 

Description

IP Ranges

Port(s)

Type

AWS ELB for ESChat server

13.56.0.0/16

50.18.0.0/16

52.8.0.0/16

52.9.0.0/16

52.52.0.0/15

52.95.246.0/24

52.95.255.96/28

54.67.0.0/16

54.151.0.0/17

54.153.0.0/17

54.176.0.0/15

54.183.0.0/16

54.193.0.0/16

54.215.0.0/16

54.219.0.0/16

54.241.0.0/16

 

184.72.0.0/18

184.169.128.0/17

204.236.128.0/18

80 & 443

TCP

 

 

  3. Apple requires 2 ports be opened for outbound traffic to the IP range below for the APNS Push Notifications.

                  

Description

IP Range

Port(s)

Type

Apple APNS (iOS Only)

17.0.0.0/8

80 & 5223

TCP

 

  4. Google requires a port be opened for outbound traffic to the DNS names below.

                            

Description

DNS Name

Port

Type

Client Mapping Tiles

maps.googleapis.com

maps.gstatic.com

khmdb0.googleapis.com

khmdb1.googleapis.com

khm.googleapis.com

khm0.googleapis.com

khm1.googleapis.com

khms0.googleapis.com

khms1.googleapis.com

khms2.googleapis.com

khms3.googleapis.com

https://maps.googleapis.com/

80

TCP

  For further assistance, please contact ESChat Support.

 

 

(0 vote(s))
Helpful
Not helpful