cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1218
Views
0
Helpful
2
Replies

Firewall destination restrictions

Hello,

I was reviewing the required ports and destination IPs for Spark, and wanted to know if there are any destination ranges we can add to our firewall rules, instead of just using ANY.  Reference: https://help.webex.com/docs/DOC-4401

From a security perspective, we'd like to avoid allowing outbound traffic to ANY IP address, regardless of port. If there are defined IP ranges that can be used, that would be a better/safer option. 

2 Replies 2

Kenneth Russell
Cisco Employee
Cisco Employee

Hi Michael,

Unfortunately there isn't a defined IP address range that can be used. This is alluded to in this requirements doc:

https://support.ciscospark.com/customer/en/portal/articles/1911657-firewall-and-network-requirements-for-the-cisco-spark-app?b_id=8722

"IP ranges for the Cisco Spark services are dynamic and can change. TCP port 443 and TCP/UDP port 33434 must be open to any destination so that media from the Cisco Spark services can pass through your firewall."

I understand the security concern, and this has come up before to the product management teams. It's a matter of balancing  dynamic data center usage abilities with pinning down IP addresses. Hopefully we'll have a better way to handle this in the future.

Thanks for the feedback & discussion. We have updated Requirements for Cisco Spark Services | Cisco Cloud Collaboration Help Central to explain why Any is used.

Laurel