05-26-2016 12:58 PM - edited 03-17-2019 06:08 PM
Hello,
I was reviewing the required ports and destination IPs for Spark, and wanted to know if there are any destination ranges we can add to our firewall rules, instead of just using ANY. Reference: https://help.webex.com/docs/DOC-4401
From a security perspective, we'd like to avoid allowing outbound traffic to ANY IP address, regardless of port. If there are defined IP ranges that can be used, that would be a better/safer option.
05-26-2016 03:11 PM
Hi Michael,
Unfortunately there isn't a defined IP address range that can be used. This is alluded to in this requirements doc:
"IP ranges for the Cisco Spark services are dynamic and can change. TCP port 443 and TCP/UDP port 33434 must be open to any destination so that media from the Cisco Spark services can pass through your firewall."
I understand the security concern, and this has come up before to the product management teams. It's a matter of balancing dynamic data center usage abilities with pinning down IP addresses. Hopefully we'll have a better way to handle this in the future.
05-27-2016 08:10 AM
Thanks for the feedback & discussion. We have updated Requirements for Cisco Spark Services | Cisco Cloud Collaboration Help Central to explain why Any is used.
Laurel
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: