The following table lists the firewall ports for signaling and data synchronization between the on-premise and cloud deployments:
IP Transport |
Origination Ports |
Origination IP |
Destination ports |
Protocol |
Destination IP CIDR or FQDN |
Purpose: Accessing the Avaya Workspaces services and the Media Processing Core (MPC) services from the browser of the agent. Data Type: Signaling Direction: From the browser to Unified Client Server and Avaya Experience Platform™ (On-Prem + Connect) Application Center Administration. |
TLS/TCP |
Ephemeral |
Enterprise internal network PC IP address ranges. |
443 |
HTTPS/WSS |
*.avayacloud.com |
Purpose: Avaya Hybrid Cloud Gateway to the Avaya Experience Platform™ (On-Prem + Connect) services. Data Type: Signaling and Configuration Direction: From Avaya Hybrid Cloud Gateway to the Avaya Experience Platform™ (On-Prem + Connect) cloud services. |
TLS/TCP |
Ephemeral |
Avaya Hybrid Cloud Gateway IP address ranges. |
443 |
HTTPS/WSS |
*.avayacloud.com |
Purpose: Download the Avaya Hybrid Cloud Gateway upgrade package from Google Cloud Storage (GCP). Data Type: Signaling Direction: From Avaya Hybrid Cloud Gateway to Google Storage on GCP. |
TLS/TCP |
Ephemeral |
Avaya Hybrid Cloud Gateway IP address ranges. |
443 |
HTTPS |
storage.googleapis.com |
Avaya recommends split tunneling VPNs and allowing signaling traffic to route directly without proxy interference.
Important:
If the on-premise deployment has Avaya Aura® Device Services, Avaya Workspaces must access Avaya Aura® Device Services for the directory search.
The Avaya Workspaces agents and devices using VPN on the same enterprise network as Avaya Aura® Device Services can access Avaya Aura® Device Services directly. The internal Domain Name Server (DNS) of the enterprise resolves the Avaya Aura® Device Services Fully Qualified Domain Names (FQDN) with the Avaya Aura® Device Services private IP address.
For the Avaya Workspaces agents outside the enterprise network and devices not using a VPN, you must configure the reverse proxy and support the Avaya Aura® Device Services FQDN on the public Internet.
