This document contains all the region wise IPs, ports, and protocols for Voice Gateway. It’s useful for transferring calls from respective Contact Centres to Contact Center AI. Learn more.
Use the following steps and checklist to verify your company’s network preparedness for voice and video.To assist in preparing your network, a Network Readiness checklist is available at the end of this document.
For optimal connectivity within your company network, use Cat 5e or higher network cables for all system connections, including Edges (routers and routing switches).Cables usually have their type printed on them. If you are unsure, an electrical contractor can test the type of cabling you have. Most network cables purchased in the last five years are Cat 5e or better.
Refer to the Cloud requirements for the minimum technical requirements to run the application.
To ensure successful usage of our Cloud, make sure to configure the necessary ports and services on your company firewall. Complete details can be found in the “Firewall Requirements” section within the above-provided link.
To maintain uninterrupted access to our Cloud, we recommended to directly let our Cloud connectivity on your device. This is due to security services, such as antivirus, firewalls, or intrusion protection, installed by some companies on users’ computers that might block access to our Cloud. Your IT administrator can also allow the connectivity. For a list of our common Cloud ports, protocols, and destinations, refer to the “Firewall Requirements” section here.
Verify that the features provided by your SIP trunking provider adhere to the following minimum requirements.
Also, select a compatible SIP provider, customers are strongly advised to conduct thorough interoperability testing between their specific Edge device and the chosen SIP provider’s infrastructure. This testing is essential to identify and resolve any potential compatibility issues, ensuring seamless communication and optimal performance between the customer’s Edge device and the SIP provider’s network.
Provide the list of the carrier’s source IP addresses to us for SIP and RTP traffic configuration
A dependable internet connection is necessary for our Cloud. Most internet connectivity issues are related to the “last mile,” which is the physical link between your location and your carrier’s network. If available, we suggest a “fully diverse” internet connection from your provider. Diversity means that your internet connection has multiple “last mile” paths to connect to various points on your internet service provider’s network. Diversity and Redundancy are different concepts in the carrier world.
To maintain uninterrupted access to our Cloud, verify that your network firewalls and security devices permit our Cloud connectivity. Company firewalls may occasionally block network traffic between our Cloud and your users.For a list of our common Cloud ports, protocols, and destinations, see the “Firewall Requirements” section here.
Many companies take advantage of private connectivity between their company offices. Private connectivity includes Multi-Protocol Label Switching (MPLS) and point-to-point connections. When using private circuit connectivity for voice and video services, the physical connection between your company office and your carrier’s network is a critical component. The industry refers to this connection as the “last mile.”We suggest that you collaborate with your provider to obtain a fully diverse private circuit connection, if available in your area. Having diversity guarantees that your connectivity utilizes multiple “last mile” paths to reach different access points on your provider’s network.To ensure a consistent user experience for voice and video communications over private circuit WAN connections, which typically have lower bandwidth than local office networks, it’s recommended to enable Quality of Service (QoS). QoS prioritizes voice and video traffic over other network traffic. Contact your private circuit carrier to configure QoS on your circuits.
If your organization utilizes VPNs to connect remote workers, ensure that all necessary Cloud network ports and protocols are allowed on the VPN connections. Our Cloud supports voice and video services over VPN.For a list of our common Cloud ports, protocols, and destinations, see the “Firewall Requirements” section here.
Connectivity issues often arise when the speed and duplex of devices connected to your LAN are mismatched. Ensure that your network ports and trunks register the correct speed and duplex settings for each connected device. Most devices on a typical LAN have a speed/duplex of 100/full or 1000/full.
For optimal performance of the Cloud real-time communications services over WLAN, use 802.11n or superior wireless hardware, and operate your wireless network on the 5 GHz band to minimize signal interference.To identify areas with weak wireless signals (dead spots) in your facility, consider using available Wi-Fi surveying tools or hiring a network services company to conduct a professional site survey of your wireless network.
Ensure consistent bandwidth across your LAN and WAN to support voice calls. The required bandwidth is specified on this page.Our Cloud utilizes OPUS, an adaptive voice codec, for voice traffic to agent WebRTC phones. OPUS automatically adjusts sampling rates in response to varying network conditions. To ensure optimal call quality, we recommend allocating 32–128 Kbps of bi-directional network voice bandwidth per expected/supported concurrent call. Higher bandwidth allocation results in higher sampling rates and improved voice quality. Bandwidth must also be allocated for SIP control traffic. It’s recommended that 5% of the high voice bandwidth value be allocated to SIP.
Prioritize voice and video traffic on all your network devices to maintain voice quality. This prioritization, also referred to as network Quality of Service (QoS), is crucial for managing network traffic and ensuring optimal performance for real-time communications.The manufacturer’s documentation for your specific network hardware setup details the network QoS process, as it varies depending on the vendor and model.
Traffic Description
Protocol
DSCP (Diffserv Code Point) Value
Voice traffic
RTP
46 (EF)
Signaling traffic
SIP
24 (CS3)
Performance target metrics
Connection
Target Metric
Client connectivity
Our Cloud requires round-trip latency of less than 1 second and packet loss of less than 10%.
Edge connectivity
Our Cloud requires round-trip latency of less than 300 ms and packet loss of less than 5%.
External phone calls
When the agent is on WAN/Internet, the one-way latency between the agent and Edge should be less than 150 ms, with packet loss less than 1% and end-to-end latency less than 150 ms.
Internal phone calls
When the agent and Edge are on the same LAN, the one-way latency must be less than 75 ms, packet loss less than 1%, and the end-to-end latency between the agent and Edge must be less than 75 ms.
Does your firewall support the Pinhole feature or not? (Firewalls performing a network address translation (NAT) function, the mapping between the external IP address, port socket, and the internal IP address, port socket is a pinhole).
Yes
No
If your firewall has a Pinhole feature, does it have the support of the following modules:
NAT hole punching
NAT traversal
TCP hole punching
UDP hole punching
Will you be able to enable WSS support in your Firewall to establish a WebSocket over an encrypted TLS connection?
Yes
No
Are you connecting to the internet through the router?
Yes
No
Are you using any proxy server to connect to the internet?
Yes
No
If you are using a proxy server, will you be able to remove or skip (bypass) your proxy server from our configuration environment?
Yes
No
Will you be able to allocate and configure one test number to us?
Yes
No
Will you let and bypass traffic for *. Kore and *.twilio.com domains (HTTPS) on 443, 8443, 3478, and 5349 ports?
Yes
No
Per the firewall requirements, will you be able to whitelist and let the traffic to all IP addresses and domains (SBCs, STUN/TURN, etc.)?
Yes
No
As per the firewall requirements, will you be able to let all mentioned UDP ports in a bi-directional way?
Yes
No
Are you using any anti-virus software?
Yes
No
If you are using any anti-virus software, does it need to follow any federation rules?
Yes
No
Can you run the latency test using the AWS latency test from your Agent’s office premises and share the latency test results with Kore?
Yes
No
Are you using any internal firewall for each and every agent in their systems, like ZScaler?
Yes
No
If you are using any internal firewall like ZScaler, will you be able to let all mentioned UDP ports in a bi-directional way?
Our Cloud WebRTC (Agent Desktop) requires specific port and service configurations that must be considered before configuring a firewall in different network scenarios. The following diagrams show how to configure the ports and services for each scenario.When reviewing the diagrams to identify the one that best matches the WebRTC (Agent Desktop) setup, consider the following questions:
Are Kore.ai Cloud Voice Edges used?
Are agents:
Inside the same network or firewall as the Edges?
Outside or in a separate network or firewall from the Edges?
In both locations (some inside and some outside)?
Is the firewall configured as Endpoint Dependent (Symmetric) or Endpoint Independent (Asymmetric)?
Firewalls that perform Network Address Translation (NAT) map an external IP address and port to an internal IP address and port. This is a pinhole mapping.
If your firewall supports the pinhole feature, does it support the following modules?
NAT hole punchingNAT traversalTCP hole punchingUDP hole punching | NAT hole punching: Without support, the system can’t establish a direct connection between peers when one or both are behind firewalls or NAT-enabled routers.NAT traversal: Without support, devices behind a NAT can’t communicate with external devices. NAT traversal enables direct communication without port forwarding or manual configuration.TCP hole punching: Without support, the system can’t establish TCP connections between peers using NAT traversal.UDP hole punching: Without support, the system can’t establish bidirectional UDP connections between peers using NAT traversal. |
| Can you enable WSS support on your firewall to establish a WebSocket over an encrypted TLS connection? | Without WSS support, the system can’t establish a secure WebSocket connection to transmit data securely over TLS. |
| Do you connect to the internet through a router? | If required ports aren’t opened as described in the firewall requirements, the system can’t establish peer connections and blocks traffic. |
| Do you use a proxy server to connect to the internet? | When a proxy server is in use, the system can’t perform direct NAT traversal with the customer. |
| If you use a proxy server, can you bypass it in the Kore configuration environment? | When you bypass the proxy, NAT traversal occurs directly with the customer, and data transmission proceeds. |
| Can you allocate and configure one test number? | A test number enables end-to-end testing, ensures successful delivery, and helps troubleshoot future issues. |
| Can you let and bypass traffic for *.kore.ai and *.twilio.com domains (HTTPS) on ports 443, 8443, 3478, and 5349? | Without allowing this traffic, the system can’t establish connections, perform NAT traversal, or transmit audio and data packets between peers. |
| Can you whitelist and let traffic to all required IP addresses and domains (SBCs, STUN/TURN, and others) as specified in the firewall requirements? | Without whitelisting, the system can’t establish connections, perform NAT traversal, or transmit IP packets between peers. |
| Can you let all required UDP ports in a bidirectional manner as specified in the firewall requirements? | Without bidirectional UDP ports, the system can’t transmit data in both directions, which results in one-way audio issues. |
| Do you use any antivirus software? | Antivirus software can block traffic and must let data through the required ports. |
| If you use antivirus software, does it require federation rules? | If federation rules apply, let traffic must according to Kore requirements and local regulations. |
| Can you run the AWS latency test from the agent office premises and share the results? | Latency up to 150 ms is acceptable. Latency more than 150 ms degrades call quality, and latency between 150 ms and 300 ms remains within acceptable limits. |
| Do you use an internal firewall on each agent system, such as Zscaler? | Open required UDP ports. Otherwise, RTP audio packets can’t transmit between peers and blocks audio traffic. |
| If you use an internal firewall such as Zscaler, can you let all required UDP ports in a bidirectional manner? | Without bidirectional UDP ports, the system can’t transmit RTP audio packets and blocks audio traffic. |
