Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
266
Views
0
Helpful
1
Replies

webex calling fireqll requirement question

vijayS
Level 1
Level 1

‎06-12-2025 06:12 PM

I have some questions regarding the firewall rules that we need to enable for webex calling.

It says,

Whitelist or open access to the following so that the Webex Calling and Webex Aware services function correctly.

  • The URLs/Domains mentioned under the section Domains and URLs for Webex Calling Services
  • IP subnets, Ports, and Protocols mentioned under the section IP Subnets for Webex Calling Services

 

So I am assuming that we need to enable both?  or if we enabled domain and URL then IP subnets is not required?

Also one of the rule that we need to define is,

Device time synchronization (NTP)

Webex Calling devices

51494

UDP

Refer to IP Subnets for Webex Calling Services.

123

These IP addresses are needed for Time Synchronization for Devices (MPP phones, ATAs, and SPA ATAs)

 

This "Refer to IP Subnets for Webex Calling Services" has 3 categories.  1.IP subnets for Webex Calling services, 2.Device configuration and firmware management, 3. Webex App configuration.  which category is the one for NTP here?

Labels:
0 Helpful
1 Reply 1

wajidhassan
Level 4
Level 4

‎07-01-2025 09:21 AM

You're right to enable both domain/URL whitelisting and IP-subnet access—they serve different purposes and both are required for full Webex Calling functionality. Here's a clearer breakdown:

1. Domains/URLs vs. IP Subnets

  • Domain & URL whitelisting: Needed for accessing services like authentication, cloud APIs, firmware upgrades, etc. (e.g., webex.com, wbx2.com)

  • IP Subnets + Ports: Required for the actual media and signaling data flow (e.g., SIP, RTP, NTP). These are the static IP ranges used by the Webex Calling cloud infrastructure

Bottom line: You need both—domain whitelists for control-plane traffic, and IP/port rules for data-plane traffic.

2. NTP Rule Clarified

From the port reference:

Purpose Applies To Source Port Protocol Destination Destination Port Notes
Device time synchronizationWebex Calling devices51494UDPWebex IP subnets123 
 

That "Refer to IP Subnets..." directive means the destination addresses for NTP requests are those listed in the "IP Subnets for Webex Calling Services" section 

So yes, this is part of the IP Subnets for Webex Calling Services category—it’s about phones syncing time to Webex's NTP servers.

What You Should Do

  1. Whitelist domains/URLs under the "Domains and URLs for Webex Calling Services" section.

  2. Allow specific IP ranges and ports from the "IP Subnets for Webex Calling Services" section.

  3. Include NTP rules:

    • Source: your phones

    • Protocol: UDP

    • Destination: Webex IP subnets

    • Destination port: 123

  4. DNS (port 53) and NTP (port 123) for internal infrastructure should also be allowed outbound if your network uses local DNS/NTP.

0 Helpful
Customers Also Viewed These Support Documents