Firewall Exceptions for Telus Customers
This document is specific to AWS Telus cloud deployments.
Recent and planned future system improvements require additional firewall exceptions to be implemented prior to Feb 13th, 2023. If client devices are unable to connect to any of the services defined below, they will experience service disruptions. If you have questions or are unable to implement these new firewall exceptions prior to the Feb 13th, 2023 implementation date, please contact ESChat support as soon as possible.
We require a 12 min TCP port registration timer and a 1 min UDP port registration timer.
The ESChat client requires specific network routes to communicate between the host device (such as a smartphone or computer running the client) and the remote servers. We continue to push our architecture and deployment model forward to improve security and redundancy for our customers. If you currently have firewall rules in place, the following tables outline existing and new rules that are required to support our newest servers and our disaster recovery instances. All ports are outbound only.
Please enter all information as listed in the tables. We do not control IP ranges required by third party providers. While most third party vendors will accept IP addresses, Google Maps requires the DNS name: https://maps.googleapis.com/
If your device has a firewall enabled or is on a network that operates behind a firewall, such as many corporate wired and WiFi networks, it may be blocking connectivity to our server and/or audio from passing through. If you experience problems or need assistance changing the settings of your firewall, please contact your IT staff.
ESChat requires various ports to be opened for both outbound traffic and inbound response (as requested from the client) to the IP addresses listed below (including the Disaster Recovery addresses). The signaling port and data port range are specific to each customer's build.
ESChat requires various ports to be opened for outbound traffic to 4 IP addresses, as listed below.
The signaling port and data port range are specific to each customer's build. New IPs are shown in Bold. Please contact Support to obtain your specific port(s) if you do not know them.
Description | IP Addresses | Port(s) | Type |
ESChat Provisioning Server |
Primary: 54.215.171.160 54.219.138.108 52.61.94.106 3.31.151.6 3.31.160.231 18.252.168.182 18.253.93.42 18.254.200.140 Disaster Recovery: 35.153.48.78 |
80 & 443 | TCP |
ESChat Signaling Port |
35.183.162.161 35.183.194.99 35.182.64.40 |
To determine your signaling port, go to the admin portal and view the TCP Signaling Port in the customer profile. 4200 4600 4800 5000 |
TCP |
ESChat Data Port Ranges |
35.183.162.161 35.183.194.99 35.182.64.40 |
4201-4264 4601-4664 4801-4864 5001-5064 |
UDP |
Description | IP Addresses | Port(s) | Type |
AWS NLB for ESChat |
15.222.97.140
35.182.185.133 3.99.93.19
|
80 & 443 | TCP |
Apple requires 2 ports be opened for outbound traffic to the IP range below for the APNS Push Notifications.
Description | IP Range | Port(s) | Type |
Apple APNS (iOS Only) | 12.0.0.0/8 | 80 & 5223 | TCP |
Description | DNS Name | Port(s) | Type |
Client Mapping Tiles | maps.googleapis.com maps.gstatic.com khmdb0.googleapis.com khmdb1.googleapis.com khm.googleapis.com khm0.googleapis.com khm1.googleapis.com khms0.googleapis.com khms1.googleapis.com khms2.googleapis.com khms3.googleapis.com |
80 & 443 | TCP |