Firewall Exceptions US AWS Cloud
This document is specific to the US AWS cloud deployments.
We require a 12 min TCP port registration timer and a 1 min UDP port registration timer.
The ESChat client requires specific network routes to communicate between the host device (such as a smartphone or computer running the client) and the remote servers. We continue to push our architecture and deployment model forward to improve security and redundancy for our customers. If you currently have firewall rules in place, the following tables outline existing and new rules that are required to support our newest servers and our disaster recovery instances. All ports are outbound only. Please enter all information as listed in the tables. We do not control IP ranges required by third party providers. While most third party vendors will accept IP addresses, Google Maps requires the DNS name: https://maps.googleapis.com/
If your device has a firewall enabled or is on a network that operates behind a firewall, such as many corporate wired and Wifi networks, it may be blocking connectivity to our server and/or audio from passing through. If you experience problems or need assistance changing the settings of your firewall, please contact your IT staff.
ESChat requires various ports to be opened for both outbound traffic and inbound response (as requested from the client) to the IP addresses listed below (8 including the Disaster Recovery addresses). The signaling port and data port range are specific to each customer's build.
ESChat requires various ports to be opened for outbound traffic to 4 IP addresses, as listed below.
The signaling port and data port range are specific to each customer's build. Please contact Support to obtain your specific port(s) if you do not know them.
These rules cover both the existing AWSNEW and the new AWSUS cluster. Customers that have outbound firewall restrictions need to have these in place before they may be transitioned from AWSNEW to AWSUS to avoid service disruptions.
For AWSNEW:
| Description | IP Address | Port(s) | Type |
| ESChat Provisioning Server |
Primary: 54.215.171.160 54.219.138.108 Disaster Recovery: 35.153.48.78 |
80 & 443 | TCP |
| ESChat Signaling Port |
Primary: 13.56.203.56 54.193.233.42 3.140.60.106 3.23.41.163 18.221.84.42 Disaster Recovery: 34.198.152.141 34.199.159.184 34.195.225.226 35.174.119.55
|
To determine your signaling port, go to the Administrative Portal and view your customer profile. You'll see your TCP Signaling Port.
(Example: 7400 TCP) |
TCP |
| ESChat Data Ports |
Primary: 13.56.203.56 54.193.233.42
3.140.60.106 3.23.41.163 18.221.84.42
Disaster Recovery: 34.198.152.141 34.199.159.184 34.195.225.226 35.174.119.55 |
Port Range: 4201-4264
AND Supplied ESChat Port thru Port + 8 (Example: 7400 -7408 UDP) |
UDP |
| Description | IP Ranges | Port(s) | Type |
| AWS NLB for ESChat |
54.176.245.111 54.219.53.123
3.16.122.225 3.20.1.13 3.129.232.109 |
80 & 443 | TCP |
For AWSUS:
This applies to new customers to AWSUS or for customers AFTER they've been transitioned to AWSUS.
| Description | IP Address | Port(s) | Type |
| ESChat Provisioning Server |
Primary: 54.215.171.160 54.219.138.108 Disaster Recovery: 35.153.48.78 |
80 &443 | TCP |
| ESChat Signaling Port |
Primary: 3.140.60.106 3.23.41.163 18.221.84.42 Disaster Recovery: 34.198.152.141 34.199.159.184 34.195.225.226 35.174.119.55 |
To determine your signaling port, go to the Administrative Portal and view your customer profile. You'll see your TCP Signaling Port.
(Example: 7400 TCP) |
TCP |
| ESChat Data Ports |
Primary: 3.140.60.106 3.23.41.163 18.221.84.42 Disaster Recovery: 34.198.152.141 34.199.159.184 34.195.225.226 35.174.119.55 |
Port Range: 4201-4264 |
UDP |
| Description | IP Ranges | Port(s) | Type |
| AWS NLB for ESChat |
3.16.122.225 3.20.1.13 3.129.232.109 |
80 & 443 | TCP |
Apple requires 2 ports be opened for outbound traffic to the IP range below for the APNS Push Notifications.
| Description | IP Range | Port(s) | Type |
| Apple APNS (iOS Only) | 17.0.0.0/8 | 80 & 5223 | TCP |
Google requires a port be opened for outbound traffic to the DNS names below.
| Description | DNS Name | Port | Type |
| Client Mapping Tiles |
maps.googleapis.com |
80 & 443 | TCP |