Network and Firewall Setup for Kixie Network and Firewall Setup for Kixie

Network and Firewall Setup for Kixie

Jason Miani Jason Miani

Summary: If you have determined that you have the ideal conditions for Kixie to work, and that you have a sufficient router to handle voice traffic, your continuing issues could certainly be a result of your Network/Firewall setup. 

Important: This doc is written from most impactful ports/IPs to least impactful ports/IPs. If you have very restrictive networking rules, I recommend moving down the list one at a time until you regain dialer functionality. 

 Standard Setup: Please allow traffic for all the IPs listed and their assigned ports on this page for associated port ranges.

Voice IP Addresses to whitelist:

Required SIP Signaling:

Important: 

Please allow traffic to the following IPs on their matching ports

For 52.9.254.123/32 on Port 5060(TCP/UDP), you would do the following:

52.9.254.123/32:5060 (TCP/UDP)

 

Provider

IP Addresses

Ports

SIP

 (from phone.plivo.com)

52.9.254.123/32
5060(TCP/UDP)

5080(TCP/UDP)

5061, 5063, 443 (TCP)

SIP

 (from phone.plivo.com)

52.9.254.127/32
5060(TCP/UDP)
5080(TCP/UDP)
5061, 5063, 443 (TCP)

Google STUN servers

(from www.google.com)

stun:stun.l.google.com
stun:stun1.l.google.com
stun:stun2.l.google.com
stun:stun3.l.google.com
stun:stun4.l.google.com
19302 (UDP/TCP)

 

Required Domains

Since we do not support static IP ranges for the API, there is no need to whitelist specific IPs for Voice API communication. 

Dialer Functionality:

(Plivo API)
api.plivo.com
https://api.plivo.com
http://api.plivo.com

 

Recommended: Kixie Dialer Functionality (Call History, Directory, Voicemail Drop, etc)

If you opened access to the IPs above but still experience sub-standard dialer functionality, please whitelist access to the following IPs

https://*.kixie.com/*
http://*.kixie.com/*
https://*.datatables.net/*
https://*.firestore.googleapis.com/*
https://*.callstats.io/*

RTP media servers:

Recommended: We highly recommend adding all of the listed IP address so that you may make/receive calls from all the locations. 

Restricted Network Example: If you plan to only dial within the United States, you may only whitelist the IP range 52.9.254.64/26, 3.93.158.128/25, and 52.205.63.192/26 for port range 16384-32768 (UDP) ranges.

Regions

IP Addresses

Ports

San Jose, California, USA
52.9.254.64/26
16384-32768 (UDP)
Ashburn, Virginia, USA
3.93.158.128/25

52.205.63.192/26
16384-32768 (UDP)
Frankfurt, Germany
52.58.255.224/27

52.59.63.224/27
16384-32768 (UDP)
São Paulo, Brazil
54.233.255.192/27

54.233.191.0/27
16384-32768 (UDP)
Sydney, Australia
52.65.191.160/27

52.65.127.160/27
16384-32768 (UDP)
Singapore
52.220.63.128/26
16384-32768 (UDP)

 

Recommended: Kixie Call Recordings

http://calls.kixie.com/*
https://calls.kixie.com/*
https://s3-us-west-1.amazonaws.com/calls.kixie.com/*
http://s3-us-west-1.amazonaws.com/calls.kixie.com/*

Recommended: Other Callback APIs for Plivo

Some Plivo APIs support callback events. To make sure those callbacks are not blocked, allow traffic from below Plivo IPs to your web applications (ports defined by you, for HTTPS, default is 443, for HTTP it is 80).

Following IPs are NAT gateway IPs associated with our HTTP(s) OutProxy instance:

54.215.14.26/32
54.241.21.77/32
18.228.96.85/32
18.228.143.199/32
3.120.80.110/32
35.157.59.132/32
52.62.46.143/32
13.238.88.135/32
52.220.250.27/32
18.136.128.252/32
13.56.175.187/32
13.57.139.231/32
18.211.27.222/32
18.211.55.148/32