05-26-2016 12:58 PM - edited 03-17-2019 06:08 PM
Hello,
I was reviewing the required ports and destination IPs for Spark, and wanted to know if there are any destination ranges we can add to our firewall rules, instead of just using ANY. Reference: https://help.webex.com/docs/DOC-4401
From a security perspective, we'd like to avoid allowing outbound traffic to ANY IP address, regardless of port. If there are defined IP ranges that can be used, that would be a better/safer option.
05-26-2016 03:11 PM
Hi Michael,
Unfortunately there isn't a defined IP address range that can be used. This is alluded to in this requirements doc:
"IP ranges for the Cisco Spark services are dynamic and can change. TCP port 443 and TCP/UDP port 33434 must be open to any destination so that media from the Cisco Spark services can pass through your firewall."
I understand the security concern, and this has come up before to the product management teams. It's a matter of balancing dynamic data center usage abilities with pinning down IP addresses. Hopefully we'll have a better way to handle this in the future.
05-27-2016 08:10 AM
Thanks for the feedback & discussion. We have updated Requirements for Cisco Spark Services | Cisco Cloud Collaboration Help Central to explain why Any is used.
Laurel
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide