keyboard_arrow_right

Firewall rules Kinly Cloud


Endpoints deployed behind NAT needs outbound access to our networks in order to make/receive calls and media. There is no need to enable inbound access in the firewall.

This rule set will allow communication for all endpoints connected to Kinly Cloud.


From Trust to Untrust (outbound)
Protocol Ports Comment
TCP 443 / 1720 / 2776 / 2777 / 5060 / 5061 Provisioning / signaling
TCP 443 / 389 / 636 Phonebook
UDP 123 NTP
UDP 1719 / 2776 / 2777 / 3478 Signaling and media
UDP 20000 - 65535 RTP/RTCP (media)

From Untrust to Trust (inbound)

Allow return traffic on established sessions. No direct inbound access is required.

From Trust to Untrust (outbound)
Protocol Ports Comment
TCP 443 / 389 / 636 / 1720 / 5060 / 5061 Phonebook / provisioning / signaling
UDP 123 / 1719 / 3478 NTP / signaling
UDP 1024 - 65535 Media

From Untrust to Trust (inbound)
Protocol Ports Source Comment
TCP 1720 / 5061 / 5060 Any Signaling
UDP 1024 - 65535 Any Signaling / media
From client / SfB Edge to Kinly Cloud
Protocol SRC ports Dest ports Comment
TCP / UDP Any 40000 - 49999 RTP / RTCP / RDP / DTLS / RTMP / STUN / TURN
TCP Any 5061 SIP / TLS
TCP Any 80 HTTP

From Kinly Cloud to client / SfB Edge
Protocol SRC ports Dest ports Comment
TCP / UDP 40000 - 49999 Any RTP / RTCP / RDP / DTLS / RTMP / STUN / TURN
TCP 33000 - 39999 5061 SIP / TLS

Enabling federation for Office 365

Since the SIP domain for Cloudrooms is different than the company’s SIP domain for Skype for Business, federation/external access needs to be configured to allow calls to the Cloudroom domain.

To enable this go to https://portal.office.com and login with a user that has administrator rights.

Once you have logged in, choose the grey Admin button to access the admin page.


Within the "Admin Center" select "Admin centers" labeled 1 in the picture above. Next select "Skype for Business" labeled 2 in the picture. The "Skype for Business admin center" will then open in a new window.


  • Within the "Skype for Business admin center" first select "organization" labeled 1 in the picture above.
  • Then select "external communications" labeled 2 within the picture.
  • Under "external access" is a pull down menu, we recommend selecting "On except for blocked domains" to allow communication with all outside parties as showed in #3 above.
  • Optional is to select the option labeled in 4 to allow complete federation with users outside your organization.
  • Once you have completed the above tasks, be sure to scroll all the way to the bottom of the page and click the "save" button. These changes may take up to 24 hours to take effect.

    From client to Kinly Cloud
    Protocol SRC ports Dest ports Comment
    TCP / UDP Any 40000 - 49999 RTP / RTCP / RDP / DTLS / RTMP / STUN / TURN
    TCP Any 80 HTTP
    TCP Any 443 HTTPS

    From Kinly Cloud to client
    Protocol SRC ports Dest ports Comment
    TCP / UDP 40000 - 49999 Any RTP / RTCP / RDP / DTLS / RTMP / STUN / TURN
    Kinly Cloud networks

    Which IP addresses to use depends on where the customer is deployed. Please contact support@kinly.com for more details.