Firewall configuration

In this section

In this section

1 Ports
- 1.1 Outbound
- 1.2 Inbound
2 Virtual private network (VPN)
3 Using URL allowlisting (recommended)
- 3.1 Screen recording traffic
- 3.2 WebRTC traffic
- 3.3 Webhooks API traffic
4 Using IP allowlisting
- 4.1 Outbound VCC traffic
- 4.2 --Adobe Analytics
- 4.3 --Amplitude
- 4.4 --Cloudfront
- 4.5 --NewRelic
- 4.6 --Screen recording traffic
- 4.7 --WebRTC traffic
- 4.8 --Webhooks API traffic

Version history

Version	Date	Comment
Current Version (v. 33)	Jul 30, 2025 14:06	Agnieszka Maladyn : Added go-live date for new IP addresses
v. 32	Jul 29, 2025 11:50	Helen Griffith Added *.adobedtm.com to the list of recommended URLs
v. 31	Jul 22, 2025 07:51	Helen Griffith Added *.vonagenetworks.net to the list of recommended URLs
v. 30	May 19, 2025 10:05	Helen Griffith Added new IP addresses for inbound VCC traffic
v. 29	May 08, 2025 13:53	Helen Griffith Added Screen Recording URLs
v. 28	Jun 26, 2024 16:13	Helen Griffith Removed legacy APAC URLs and IP addresses
v. 27	Apr 16, 2024 07:32	Helen Griffith Updated WebRTC destination media ports to ephemeral range
v. 26	Jan 08, 2024 10:55	Helen Griffith Added Adobe Analytics sections
v. 25	Oct 11, 2023 10:57	Helen Griffith Added Webhooks IPs that need to be added to allowlist
v. 24	Oct 09, 2023 11:16	Helen Griffith Updated outbound port for SFTP access
v. 23	Jul 05, 2023 10:17	Helen Griffith Added that SFTP access to call recordings will need additional port from Oct 1, 23
v. 22	Jun 13, 2023 09:57	Helen Griffith Removed AWS region us-west-1
v. 21	Jun 13, 2023 09:51	Helen Griffith Removed references to cloud 16 and 17
v. 20	Jun 12, 2023 10:20	Helen Griffith Removed old NAM IP addresses
v. 19	May 31, 2023 12:50	Helen Griffith
v. 18	May 31, 2023 12:49	Helen Griffith
v. 17	May 09, 2023 15:24	Helen Griffith Moved WalkMe traffic into list of URLs to be allowlisted
v. 16	May 04, 2023 12:17	Helen Griffith Added date by which new APAC IP addresses must be added to allowlist
v. 15	Mar 31, 2023 14:39	Helen Griffith New IP addresses added for inbound traffic in APAC
v. 14	Jan 04, 2023 17:10	Helen Griffith Removed stun.l.google.com:19302 domain from WebRTC config section
v. 13	Dec 14, 2022 13:17	Helen Griffith Added stun.l.google.com:19302 domain to WebRTC config section
v. 12	Oct 17, 2022 09:48	Helen Griffith Added WalkMe configuration section
v. 11	Jun 29, 2022 13:18	Helen Griffith Added fully qualified domain names (FQDN) to 'Using URL allowlisting (recommended)' section
v. 10	Feb 14, 2022 14:44	Helen Griffith Added .vonage.com and .cc.vonage.com to list of URLs to allow list
v. 9	Feb 08, 2022 08:50	Helen Griffith Renamed USA-->NAM, updated NAM section with additional addresses, removed outbound IPs
v. 8	Oct 25, 2021 10:26	Helen Griffith Removed decommissioned data centers
v. 7	Mar 15, 2021 08:52	Helen Griffith Added *nexmo.com to list of URLs to allowlist
v. 6	Dec 15, 2020 10:51	Helen Griffith Added version history section
v. 5	Oct 28, 2020 14:35	Helen Griffith
v. 4	Oct 19, 2020 13:23	Helen Griffith
v. 3	Oct 15, 2020 06:46	Helen Griffith Removed ambiguous and superfluous sentence from Cloudfront section
v. 2	Oct 14, 2020 10:35	Helen Griffith Fixing typo in Amplitude URL
v. 1	Sept 28, 2020 13:11	Helen Griffith

About this page

You must read this entire section to ensure that you configure your firewall correctly.
Inbound and outbound traffic terminology:
- Inbound describes traffic from VCC.
- Outbound describes traffic to VCC.

We recommend adding the appropriate URLs and IP addresses to any firewall rules that restrict employee access, and we request that you treat Vonage Contact Center as a business-critical application. By this, we mean optimizing and prioritizing IP traffic to Vonage Contact Center over other non-critical traffic. This is to ensure real-time responses to agent requests are processed in a timely and efficient manner (call steering buttons, call transfers, hold requests, and so on).

You should also review any IP packet inspection or local caching policies to optimize the user experience.

Ports

Outbound

All outbound traffic requires TCP port 443 (HTTPS). Responses are sent to a range of ephemeral ports. This requirement applies to:

VCC traffic, regardless of whether you use URL or IP allowlisting
VCC APIs
WebRTC traffic (see WebRTC sections later in this page for information about other ports required for WebRTC traffic)
All other third-party traffic (Amplitude, Cloudfront, and NewRelic)

SFTP access to call recordings requires TCP port 44044.

Inbound

All inbound traffic requires access to destination TCP port 443 (HTTPS) on our servers to establish a connection. Responses are sent to a range of ephemeral ports.

Virtual private network (VPN)

We recommend using a split tunnel configuration to ensure that traffic—especially voice traffic—to Vonage services is routed directly from the end user to our platform and not through a VPN. We do not recommend tunneling voice connectivity through a VPN tunnel due to the potential adverse effect on voice quality.

Using URL allowlisting (recommended)

Depending on whether you will use wildcard or fully qualified domain names, add the following URLs to your allowlist:

Using wildcard domains:
- *.vonage.com
- *.vonagenetworks.net
- *.cc.vonage.com
- *.api.cc.vonage.com
- *.newvoicemedia.com
- *.api.newvoicemedia.com
- *.contact-world.net
- api.amplitude.com
- bam.nr-data.net
- js-agent.newrelic.com
- *.nexmo.com
- *.adobedtm.com
Using fully qualified domain names (FQDN):
WalkMe traffic
Adobe Analytics
Add the URL addresses specified in the following page to any existing firewall permissions: https://experienceleague.adobe.com/docs/analytics/technotes/ip-addresses.html?lang=en

You must also add the IP addresses specified in the following sections to your allowlist:

Screen recording traffic

WebRTC traffic

Webhooks API traffic

Using IP allowlisting

If your firewall does not support URL or DNS allowlisting, add the following IP addresses for your region to any existing firewall permissions.