Revision History
Change Log
Dec, 14th 2022 |
The following callstats.io subnets and ports are no longer used as of Jan 2023. Subnets: 132.226.0.0/26, 168.138.100.0/26, 140.238.129.64/26, 130.61.163.128/26, 158.101.200.64/26, 152.67.22.64/26, 193.122.65.0/26, 168.138.245.192/26, 152.67.146.0/26, 129.159.81.0/26, 158.101.40.128/26 Ports: UDP 1024 - 65000 (Smart Connectivity Tests) |
Oct, 21st 2022 |
Further clarification on UDP ports 3478-3480 and add recommendation to allow always |
Aug, 17th 2022 |
8x8 Meet Anycast Subnets 13.248.132.124/32, 13.248.142.92/32,76.223.3.109/32,76.223.9.91/32 TCP:443 have been REMOVED. For proper functionality of 8x8 Meet it is recommended to place NO RESTRICTIONS ON OUTBOUND TCP Port 443 (HTTPS) traffic. |
Aug, 6th 2022 |
Add reference that AnyCast DNS Servers are not recommended |
June, 22nd 2022 |
Clarification on when NOT using SRTP for softphone (Work for Desktop/Work for Mobile) TCP Port 5199 is required |
June, 8th 2022 |
Add link to Citrix Integration Documentation/Recommendations |
May, 11th 2022 |
Update Activation ports for Audio Codes to include UDP 5499 |
May, 4th 2022 |
Add UK (152.67.137.148/32) and US (132.226.123.231/32) Customer Experience Subnets |
Feb, 14th 2022 |
Updates to Filtering functions for Subnets |
Nov, 30th 2021 |
Correction/clarification Nomadic 911 is communicating over HTTPS (TCP 443) not HTTP. |
Nov, 19th 2021 |
New Meetings Subnet in Japan. 155.248.191.0/24 UDP 10000. It will go into effect Dec 17th,2021 -- UPDATED |
Oct, 14th 2021 |
Add additional dedicated sections for Contact Center as a Stand-Alone Service |
Aug 18th, 2021 |
Added the following subnet: Canada (SaskTel): 207.195.32.64/27 |
May 19th, 2021 |
Removed the following subnets for 8x8 Meetings
|
May 7th, 2021 |
Add 35.182.82.252/32 and 15.222.42.21/32 for Quality Management as REQUIRED when using the service/application. |
April 28th, 2021 |
Updated Meetings Domains, better clarified required vs optional vs analytics, and removed outdated domains (for Meetings only) |
March 18-19th, 2021 |
|
March 9th, 2021 |
Update Contact Center Mail Server Addresses, minor corrections, and/or clarifications for Contact Center. Browser and TLS requirements added/updated CORRECTION in the United States Quality Management SUBNETS 2.35.50.242/32 was corrected to be 52.35.50.242/32 |
February 22nd, 2021 |
Additional Clarity on FTP and Email Requirements |
February 10th, 2021 |
8x8 is expanding geo-routing capabilities on April 2nd, 2021.
|
January 27th, 2021 |
For converged networks, a link to recommendation for setting up VLANs for Poly was provided. |
January 13th, 2021 |
Add WorkW WebRTC Ports |
November 21st, 2020 |
8x8 is expanding geo-routing capabilities on January 25, 2021.
Additionally added 8x8's Maestro Gateway IPs (for use when restricting access to your CRM from 8x8). |
November 5th, 2020 |
New Domain Table format with filtering and export capability added |
October 26th, 2020 |
New Subnet Table format with filtering and export capability added |
October 16th, 2020 |
|
September 24th, 2020 |
Change the format of the IP Range table to make it easier to read/use, added new IPs for Quality Management Service. New 3rd party domain walkme.com added New 8x8 domain added 8x8cloud.com added |
August 17th, 2020 |
ADD the following SUBNET for Australia 168.138.20.0/25 India had the following CHANGE of SUBNETS 152.67.22.0/26 REPLACED |
November 5th, 2020 |
New Domain Table format with filtering and export capability added |
October 26th, 2020 |
New Subnet Table format with filtering and export capability added |
October 16th, 2020 |
|
July 31st, 2020 |
Added the following Subnets UK: 109.70.59.0/24 Update of 8x8 Meet IP subnets. New Ranges: 130.61.162.0/24 168.138.245.0/25 152.67.144.0/24 193.122.184.0/24 152.67.21.0/24 158.101.40.0/25 129.146.204.128/27 129.146.205.0/27 129.146.205.96/27 129.146.206.64/27 168.138.111.128/25 130.61.64.185 193.122.11.14 168.138.236.29 168.138.229.53 140.238.95.196 152.67.128.56 193.122.177.113 193.122.167.175 152.67.14.48 152.67.30.22 129.146.227.2 129.146.219.44 168.138.110.244 168.138.110.59 140.238.148.121 140.238.148.27 168.138.216.49 168.138.223.155 158.101.192.6 193.123.38.193 193.122.64.56 158.101.224.215 Update product names to reflect Work for Desktop and Work for Mobile Remove range 50000-65535 UDP for RTP (Overlap) |
July 20th, 2020 |
Add *.amazonaws.com for storing and downloading Call Center Analytic reports via S3 Signed URLs. Correction on Softphone Ports, removed 5443. |
June 4th, 2020 |
Added the following Subnets UK: 185.173.48.64/26 and China: 101.227.59.128/27. *.callstats.io moved to 8x8 Core Domains from 3rd Party Domains. Add "Additional Resources" links for customers that are mixing both 8x8 and other Brands owned by 8x8. |
| Dec, 14th 2022 | The following callstats.io subnets and ports are no longer used as of Jan 2023. Subnets: 132.226.0.0/26, 168.138.100.0/26, 140.238.129.64/26, 130.61.163.128/26, 158.101.200.64/26, 152.67.22.64/26, 193.122.65.0/26, 168.138.245.192/26, 152.67.146.0/26, 129.159.81.0/26, 158.101.40.128/26 Ports: UDP 1024 - 65000 (Smart Connectivity Tests) |
| Oct, 21st 2022 | Further clarification on UDP ports 3478-3480 and add recommendation to allow always |
| Aug, 17th 2022 | 8x8 Meet Anycast Subnets 13.248.132.124/32, 13.248.142.92/32,76.223.3.109/32,76.223.9.91/32 TCP:443 have been REMOVED. For proper functionality of 8x8 Meet it is recommended to place NO RESTRICTIONS ON OUTBOUND TCP Port 443 (HTTPS) traffic. |
| Aug, 6th 2022 | Add reference that AnyCast DNS Servers are not recommended |
| June, 22nd 2022 | Clarification on when NOT using SRTP for softphone (8x8 Work for Desktop/8x8 Work for Mobile) TCP Port 5199 is required |
| June, 8th 2022 | Add link to Citrix Integration Documentation/Recommendations |
| May, 11th 2022 | Update Activation ports for Audio Codes to include UDP 5499 |
| May, 4th 2022 | Add UK ( 152.67.137.148/32 ) and US ( 132.226.123.231/32) Customer Experience Subnets |
| Feb, 14th 2022 | Updates to Filtering functions for Subnets |
| Nov, 30th 2021 | Correction/clarification Nomadic 911 is communicating over HTTPS (TCP 443) not HTTP. |
| Nov, 19th 2021 | New Meetings Subnet in Japan. 155.248.191.0/24 UDP 10000. It will go into effect Dec 17th,2021 -- UPDATED |
| Oct, 14th 2021 | Add additional dedicated sections for Contact Center as a Stand-Alone Service |
| Aug 18th, 2021 | Added the following subnet: Canada (SaskTel): 207.195.32.64/27 |
| May 19th, 2021 | Removed the following subnets for 8x8 Meetings
|
| May 7th, 2021 | Add 35.182.82.252/32 and 15.222.42.21/32 for Quality Management as required when using the service/application. |
| April 28th, 2021 | Updated Meetings Domains, better clarified required vs optional vs analytics, and removed outdated domains (for Meetings only) |
| March 18-19th, 2021 |
|
| March 9th, 2021 | Update Contact Center Mail Server Addresses, minor corrections, and/or clarifications for Contact Center. Browser and TLS requirements added/updated CORRECTION in the United States Quality Management SUBNETS 2.35.50.242/32 was corrected to be 52.35.50.242/32 |
| February 22nd, 2021 | Additional Clarity on FTP and Email Requirements |
| February 10th, 2021 | 8x8 is expanding geo-routing capabilities on April 2nd, 2021.
|
| January 27th, 2021 | For converged networks, a link to recommendation for setting up VLANs for Poly was provided. |
| January 13th, 2021 | Add WorkW WebRTC Ports |
| November 21st, 2020 | 8x8 is expanding geo-routing capabilities on January 25, 2021.
Additionally added 8x8's Maestro Gateway IPs (for use when restricting access to your CRM from 8x8). |
| November 5th, 2020 | New Domain Table format with filtering and export capability added |
| October 26th, 2020 | New Subnet Table format with filtering and export capability added |
| October 16th, 2020 |
|
| September 24th, 2020 | Change the format of the IP Range table to make it easier to read/use, added new IPs for Quality Management Service. New 3rd party domain walkme.com added New 8x8 domain added 8x8cloud.com added |
| August 17th, 2020 | ADD the following SUBNET for Australia 168.138.20.0/25 India had the following CHANGE of SUBNETS 152.67.22.0/26 REPLACED |
| November 5th, 2020 | New Domain Table format with filtering and export capability added |
| October 26th, 2020 | New Subnet Table format with filtering and export capability added |
| October 16th, 2020 |
|
| July 31st, 2020 | Added the following Subnets UK: 109.70.59.0/24 Update of 8x8 Meet IP subnets. New Ranges: 130.61.162.0/24 168.138.245.0/25 152.67.144.0/24 193.122.184.0/24 152.67.21.0/24 158.101.40.0/25 129.146.204.128/27 129.146.205.0/27 129.146.205.96/27 129.146.206.64/27 168.138.111.128/25 130.61.64.185 193.122.11.14 168.138.236.29 168.138.229.53 140.238.95.196 152.67.128.56 193.122.177.113 193.122.167.175 152.67.14.48 152.67.30.22 129.146.227.2 129.146.219.44 168.138.110.244 168.138.110.59 140.238.148.121 140.238.148.27 168.138.216.49 168.138.223.155 158.101.192.6 193.123.38.193 193.122.64.56 158.101.224.215 Update product names to reflect 8x8 Work for Desktop and 8x8 Work for Mobile Remove range 50000-65535 UDP for RTP (Overlap) |
| July 20th, 2020 | Add *.amazonaws.com for storing and downloading Call Center Analytic reports via S3 Signed URLs. Correction on Softphone Ports, removed 5443. |
| June 4th, 2020 | Added the following Subnets UK: 185.173.48.64/26 and China: 101.227.59.128/27. *.callstats.io moved to 8x8 Core Domains from 3rd Party Domains. Add "Additional Resources" links for customers that are mixing both 8x8 and other Brands owned by 8x8. |
Overview
This document provides a comprehensive guide to the network requirements necessary to enable 8x8 X Series services (Including Unified Communications, Contact Center Applications, 8x8 Work for Desktop and 8x8 Work for Mobile, UCaaS clients, Video Meetings, and current hardware offerings).
Note: This document should supersede any other documentation that references IPs, Subnets, or Ports used by 8x8.
Applies To
- X Series Platforms
- Technical Requirements
Abbreviations
| Abbreviation | Meaning |
|---|---|
| 8x8 | 8x8, Inc. |
| ALG | Application Layer Gateway |
| DNS | Domain Name System |
| DPI | Deep Packet Inspection |
| DSCP | Differentiated Services Code Point |
| EF | Expedited Forwarding |
| FTPS | FTP Secure (FTP over TLS) |
| GTM | Global Traffic Manager (8x8 DNS) |
| HTTPs | HyperText Transfer Protocol (Secure) |
| IMAP | Internet Message Access Protocol |
| IP | Internet Protocol |
| KB | Knowledge Base System |
| LAN | Local Area Network |
| LDAPs | Lightweight Directory Access Protocol (Secure) |
| NTP | Network Time Protocol |
| POP3 | Post Office Protocol version 3 |
| QoS | Quality of Service |
| SIPs | Session Initiation Protocol (Secure) |
| SPI | Stateful Packet Inspection |
| sRTP | (Secure) Real-Time Protocol |
| TCP | Transport Control Protocol |
| TLS | Transport Layer Security |
| UDP | User Datagram Protocol |
| CC | 8x8 Contact Center |
| VLAN | Virtual Local Area Network |
| 8x8 Work for Desktop | 8x8 Work for Desktop Application (8x8 UC Client for desktop) |
| 8x8 Work for Mobile | 8x8 Work for Mobile Application (8x8 UC Client for mobile devices) |
| WAN | Wide Area Network |
| ZTP | Poly Zero Touch Provisioning |
Terminology
The following terms are essential in understanding your network requirements for 8x8:
- Jitter: A measure of the time interval between data packets as they reach their destination. A low degree of jitter indicates a relatively steady stream of data packets.
- Packet loss: Data, such as a VoIP transmission, is sent over the Internet in the form of packets. Packet loss occurs when some of these packets do not arrive at their destination. For each packet loss, a small amount of speech is cut out. If the degree of packet loss is high, conversation audio can sound very choppy, delayed, or unclear.
- MOS score: The higher your MOS score, the better your VoIP experience will be. A MOS score is measured on a scale of 1 to 5, in which 5 represents the best possible call quality, and 1 represents the worst possible call quality. The range is subjective and based on normative data collected from experimental trials.
Firewall Guidelines
With regards to Firewall guidelines, It is advisable to either exempt 8x8 traffic from Deep Packet Inspection (DPI) and Intrusion Protection or ensure that appliances performing these operations can inspect the traffic without inducing measurable delay.
Default Recommendations
DNS
When using a Voice Only VLAN (a Virtual LAN with only Hard Phones, and no computers on it), 8x8 recommends that you set the 8x8 GTMs, 8.28.0.9 and 192.84.18.11 as the Primary and Secondary DNS servers in the VLANs DHCP Scope. An alternate option is to implement conditional forwarding of 8x8.com and packet8.net on your local DNS servers to 8.28.0.9 and 192.84.18.11, which are 8x8's DNS servers. It is not recommended to set conditional forwarding on your Data VLAN, and/or if you have only one network. If your network only consists of a single LAN (you are not using VLANs), 8x8 can set the DNS of your hard phones to the GTMs. This ensures proper Geo Routing of your 8x8 traffic to the closest 8x8 data center for each location.
8x8 UCasS 8x8 Work for Mobile and 8x8 Work for Desktop Clients use the 8x8 GTMs directly (with a fallback of the local DNS); thus, no additional work is needed to ensure proper routing of the traffic for UCaaS Clients.
8x8 does not recommend the use of DNS servers that make use of AnyCast, as the Geo Location can be unpredictable.
NTP
8x8's recommendation for NTP is to allow the default NTP setting of pool.ntp.org through the firewall. If your internal security requirements do not allow for external NTP, our advice is to use Option 42 in your DHCP scope to override the NTP setting to an NTP server of your choice. Should you not have an internal NTP server, use ntp2.packet8.net.
SIP-Application Level Gateway (ALG)
By default, 8x8 enables SRTP, which supersedes SIP-ALG functionality for a list of equipment that supports SRTP see our list of SRTP Compatible Equipment. 8x8 recommends for NON-SRTP Users that SIP-ALG be disabled on all your Layer 3 Network equipment, as SIP-ALG can cause issues with SIP messages. Please review and test to ensure that disabling SIP-ALG on your networking equipment will not impact other existing services on their network. For more information on SIP-ALG and possible solutions for disabling, see Disabling SIP-ALG in Your Router or Firewall.
SIP-ALG (Application Level Gateway) is a feature in which the layer three network equipment can manipulate the payload section of a SIP Packet to change the private addressing to be public address. As the phone or 8x8 Work for Desktop/8x8 Work for Mobile is not aware of the public address, all payload information references private addressing. Edge devices attempt to correct this by opening all SIP packets and manipulating the payload (body) of the packets by replacing private addresses with the public IP of the edge device and the Natted port. Unfortunately, many devices do not adequately manipulate these packets causing them to be invalid or contain incorrect information. For this reason, 8x8 recommends that this function be disabled for non-SRTP users.
Firewall Rules
Our recommendation is to create an Inbound and Outbound Policy "Internal to 8x8" rule in your firewall. This is a highly secure action as it is only opening inbound and outbound traffic towards a known destination (8x8 data centers). The list of 8x8 subnets (or Domains) is later in the document.
We recommend setting firewall session timers as follows to prevent premature NAT session changes that can cause de-registration, intermittent one-way audio, and phones not to pick up or ring when using certain firewalls:
- UDP session timer: 660 seconds
- TCP session timer (TLS connections only, port 5443): 300 - 700 seconds
Application and Browser-Based Interfaces
All 8x8 services are deployed within the IP address spaces listed in this document and identified by one of the domains listed in this document. Outbound requests made to these ranges on port 80 (HTTP) will be redirected to port 443 (HTTPS) and customers should allow both outbound ports to the IP/Domains.
To ensure the utmost security as you use your 8x8 services, beginning February 28, 2021, access to the 8x8 Configuration Manager for Contact Center, Agent Desktop, along with API calls to these systems, will require up-to-date web browsers or libraries compliant with TLS 1.2 or better:
The following browsers have been verified by 8x8 QA to support the changes occurring February 28, 2021:
- Google Chrome version 70 or later
- Mozilla Firefox version 48 or later
- Microsoft Edge (any)
- Apple Safari version 9 or later
Proxy Server
8x8 only supports using a proxy for TCP port 80 and 443 (HTTP/HTTPS) traffic, all other traffic (Video and Audio) should bypass your proxy. 8x8 has made every attempt to ensure that 8x8 Work for Desktop application will respect the proxy settings of the system 8x8 Work for Desktop is running on. 8x8's web applications (Contact Center Agent Interface, Configuration managers, Analytics, and so forth) are, by nature, proxy aware and will respect the proxy setting of the system/browser.
Physical Instruments
For all approved telephony devices (endpoints), Outbound requests made via HTTP over TLS (HTTPS) on port TCP 443 to all 8x8 domains listed in the Domains section of this document without restriction to specific IP address ranges.
Provisioning Note: Poly devices can make use of Poly Zero Touch Provisioning (ZTP) and Poly PDMS service. Each of these services require HTTPS traffic to be allowed to Poly. For more details see Whitelist Zero Touch Provisioning Services for Obihai and Poly Devices. Device Access to Poly’s IPs is not required for 8x8 services, it will assist/speed deployment for new devices.
Citrix
Customers using 8x8 Work for Desktop should refer to Citrix VDI Integration with 8x8 Work for Desktop & Web for more details.
Network Considerations and Recommendations
Below are Network considerations and recommendations that customers should review and adapt as appropriate, as they may not ally to all installations.
Requirements
| Parameters | Requirements |
|---|---|
| Poly Zero Touch Provisioning (ZTP) | Allow Poly Zero Touch Provisioning, alternative options can be found in Setting Up ZTP Override. |
| TLS | TLS 1.2 support is mandatory. |
| Wiring | At least Cat 5 (preferably Cat 6) wiring for networking devices, and IP phones that use a wired connection. |
| WiFi | Strong and consistent WiFi connection for networking devices, and IP phones that use WiFi. |
| PoE (recommended) | See Device Manufacturer Data Sheets. |
| Packet loss | 0% packet loss |
| Jitter | <20 ms jitter |
| Network latency | <100 ms latency to 8x8 data centers. VoIP services are known to work even in higher latency conditions up to 150-200 milliseconds. However, this must be maintained consistently with no packet loss. |
| Bandwidth requirement | Voice UCaaS and CCaaS:
Video Meetings Upstream:
Video Meetings Downstream:
Downstream max bandwidth in a conference of n people would be 2.5Mbps + (n-2)*200kbps + 40kbps Make sure you have 50% of your available bandwidth free to accommodate any spike in usage. Always assume that at least 35% of your users are on call at any time. However, depending on your company's use case, you may have a higher percentage. Note: When setting up devices to use an uncompressed voice CODEC, enable both G.711a law and G.711μ law capabilities available on the device. This prevents call quality loss by eliminating transcoding of international VoIP calls. This has no impact on bandwidth requirements, as either choice uses 80 Kbps per call. Transcoding does increase latency. To estimate the network bandwidth required to support a VoIP station:
When calculating total network load, be sure to include all applications that use the network, especially applications with high bandwidth requirements (such as video conferencing). |
| Contact Center hardware requirements |
|
| SoHo (small office/home office) suggestions | For information on setting up SoHo networks see SoHo Networking Design Best Practices. |
Considerations
| Parameters | Considerations |
|---|---|
| If running a converged network for voice and data | Configure VLANs to separate the traffic. Ensure that the Phone VLAN has the following DNS and NTP in its DHCP scope:
Note: The recommended DNS does not resolve any other domain except 8x8.com and packet8.net. For more information on Poly and VLANs see Poly Devices VLAN Recommendations. |
| DHCP scope | Ensure that there are no rules specified to force any provisioning server or NTP server to deviate from default 8x8 values. For provisioning servers, you must disable Option 66/160. |
| Maximum Transmission Unit (MTU) | The network must support an MTU of 1500 bytes per packet. The MTU is the size of the largest protocol data unit that the layer can pass onwards. This is for Non-SRTP Communications only. |
| WAN failover | We highly recommend that you use dual WAN connections in a failover state by using WAN link redundancy (Active / Standby). Dual WAN connections in load balancing (Active / Active) may not be supported due to the multiple ways to implement, speak to your 8x8 engineer for supported options and/or recommendations. |
| VPN use cases | If your remote users or Internet egress use a VPN tunnel, make sure that the 8x8 traffic does not traverse it. Consider a Split Tunnel to have local Internet egress for 8x8 traffic. In addition, split DNS to resolve 8x8 domain queries locally. Speak to your 8x8 engineer for more information. |
| Internet Access Requirements |
|
| NAT Requirements |
|
QoS / Priority
The basic approach of handling QoS for 8x8 traffic within your network is by DSCP markings as provided by the applications and approved devices. When configuring QoS, on circuits that support QoS, external to your network 8x8's recommendation is to identify 8x8 traffic based on source/destination network, (i.e., not by DSCP markings, ports, channels, etc.). RTP will make up 90+% of your traffic. That way, any of your traffic that is sourced/destined to any of the 8x8 networks should be treated with the highest priority.
If the majority of your users are on Wi-Fi rather than Ethernet, make sure you follow the best practices in Wi-Fi deployment to ensure plenty of coverage.
8x8 Meetings does not currently mark the meetings traffic; our recommendation is to set priority (EF) on the predictable port of UDP 10000.
8x8 DSCP / CoS Values Applied
| Endpoint Type | Traffic Type / Application | COS Value (Decimal) | DSCP (Decimal) | Name |
|---|---|---|---|---|
| Windows / Non-Admin | Voice Media - Real-Time | CS7 | DSCP 56 | |
| Windows / Non-Admin | SIP Signalling | CS5 | DSCP 40 | |
| Windows / Admin | Voice Media - Real-Time | EF | DSCP 46 | Expedited Forwarding |
| Windows / Admin | SIP Signalling | AF31 | DSCP 26 | Assured Forwarding |
| Mac / iOS | Voice Media - Real-Time | EF | DSCP 46 | Expedited Forwarding |
| Mac / iOS | SIP Signalling | AF31 | DSCP 26 | Assured Forwarding |
| Android | Voice Media - Real-Time | EF | DSCP 46 | Expedited Forwarding |
| Android | SIP Signalling | AF31 | DSCP 26 | Assured Forwarding |
| Poly | Voice Media - Real-Time | EF | DSCP 46 | Expedited Forwarding |
| Poly | SIP Signalling | AF31 | DSCP 26 | Assured Forwarding |
8x8 Outbound Datacenter Ports
Traffic Requiring Outbound Connections from within the customer network to the 8x8 Cloud.
Traffic Source & Purpose |
Applies To |
Protocols |
Destination Ports |
|---|---|---|---|
Device
|
All Certified Physical Phones & ATAs |
|
TCP 80, 443 |
Device Secure SIP Signalling |
All Certified Physical Phones & ATAs |
SIPS (Secure SIP) |
TCP 5443 |
Device Corporate Directory |
Certified Physical Phones |
LDAPS |
TCP 636 |
Device Network Time |
All Certified Physical Phones & ATAs |
NTP |
Can be provided locally via DHCP Option 42 |
Device Domain Name System |
All Certified Physical Phones & ATAs |
DNS |
Can be provided locally via DHCP Option |
Device SIP Signalling |
All Certified Physical Phones & ATAs |
SIP |
|
Device SIP Activation |
All Certified Physical Phones & ATAs |
SIP |
|
Softphone Application & Browser
|
|
HTTPS |
TCP 443 |
Softphone Application Secure SIP Signalling (Default) |
|
SIPS (Secure SIP) |
TCP: 5401 |
Softphone Application SIP Signalling (When SRTP is Disabled this port is required. If you are using SRTP, the default setting, it is optional) |
|
SIP |
TCP: 5199 |
Real-Time Audio Voice Call Audio |
|
SRTP (Secure RTP) |
|
| Real-Time Audio |
|
|
|
8x8 Meet |
|
|
|
Optional Services
Applications Requiring Outbound Connections
The following are optional items that may not be required. Consult your 8x8 team to validate whether these scenarios are applicable to your specific use cases.
Traffic Source & Purpose |
Applies To |
Protocols |
Destination Ports |
|---|---|---|---|
| Nomadic 911 Location Management | Location Manager Application (also referred to as ERS Server communications) | HTTPS |
|
| Nomadic 911 Location Management | Physical Phone (also referred to as HELD Server communications) | HTTPS |
|
Quality Management Screen Recording Streaming screens |
Screen Recording Client in Quality Management |
HTTPS |
TCP 443 |
VCC FTPS Call Recording Download |
Downloads of contact center call recordings using FTP over TLS (FTPS). |
FTPS Note: FTPS is not the same as SFTP (SSH Based). |
|
Bria Softphone |
Standalone contact center softphone |
|
|
Zoiper Softphone |
Standalone contact center softphone |
|
|
Network Utility*
|
Network Assessment *8x8's recommendation is to always allow these ports |
|
|
Wavecell API |
Video API |
|
|
SIP Trunks / TIE Trunks
|
See customized Statement of Work for the unique implementation | ||
Applications Requiring Incoming Connections
Traffic Source & Purpose |
Destination Ports |
Source IPs |
|---|---|---|
Contact Center Email POP3/IMAP email access |
Note: custom ports can be configured. |
|
SIP Trunks
|
See customized Statement of Work for the unique implementation. | |
8x8 Datacenter IP Ranges & Domains
Note: In the process of connecting to Secure HTTP servers and setting up TLS connections, the certificates used in the connections will be validated by the issuing authority. Ensure you allow access to any/all issuing authorities.
Provisioning Note: Poly devices can make use of Poly Zero Touch Provisioning (ZTP) and Poly PDMS service. Each of these services require HTTPS traffic to be allowed to Poly. For more details see Whitelist Zero Touch Provisioning Services for Obihai and Poly Devices. Device Access to Poly’s IPs is not required for 8x8 services, it will speed deployment for new devices.
IP Ranges
Below is a list of IP Ranges that are used by 8x8 products and applications. Access Control List (ACL) and Quality of Service (QoS) flags indicate if the subnet should be included in your ACL and/or QoS Lists. There is an export option at the top of the list. When a Port range of * is referenced it refers to All Ports listed above in the Data Center Ports section.
Domains
Below is a list of domains that are used by 8x8 products and applications. There is an export option at the top of the list. When a Port Used range of * is referenced it refers to All Ports listed above in the Data Center Ports section.
Contact Center as a Stand Alone Service
When using Contact Center as a stand-alone service (not using 8x8 UC as a voice path/answering point). If you are using 8x8's XCaaS services, this section does not apply.
| Computer hardware |
|
| Firewall and Network Address Translation (NAT) Requirements |
|
Additional Resources
The following resources are intended for customers who are using Jitsi, Wavecell, or other companies/brands owned by 8x8 outside of their 8x8 resources/applications.
The following resources are intended for customers who are using 8x8 Voice + Microsoft Teams. There are no 8x8 specific network requirements for these users. The Teams applications (mobile, desktop, browser) and any Teams-certified phones communicate directly with Microsoft and do not communicate directly with 8x8.