keyboard_arrow_right

Firewall rules Pexip by Kinly


General firewall rules

We recommend using general Firewall rules that allow for outgoing traffic, as shown in the table below. This will always work in all regions as well as for future upgrades of our infrastructure. Please supply your network administrator with these details.

We also recommend turning off any SIP or H.323 application gateways or fixup that may be enabled in the Firewall.

Required Service Host Transport Ports Rule
Mandatory My Meeting Video Any TCP 443 Outgoing, established
Recommended My Meeting Video Any UDP 10000 Outgoing, established
Mandatory Provisioning and Phone book Any TCP 80 / 389 / 443 Outgoing, established
Mandatory Call signaling Any TCP 1720 / 5060 / 5061 Outgoing, established
Mandatory Media Any UDP 10000 - 65535 Outgoing, established
Recommended Network Time Protocol Any UDP 123 Outgoing, established
Recommended SNMP Traps Any UDP 162 Outgoing, established

Alternative rules, limited hosts / networks to open in your firewall

Some security policies may require limiting IP addresses. If this is the case, the following networks should be opened in your Firewall. We recommend opening for the Global network segments, as this has presence in Europe, the Americas, and most of Asia. If your office is located in China or Southern Africa, the network segments for those regions are required as well.

The servers on these IP addresses work as application layer gateways and only relay audio/video traffic, so trusting these IP addresses should be safe from a security point of view.

Required Service Host Transport Ports Rule
Mandatory My Meeting Video meet.vmr.vc, static.vp.vc, IP ranges listed below TCP 443 Outgoing, established
Recommended My Meeting Video meet.vmr.vc, static.vp.vc, IP ranges listed below
(We recommend allowing the FQDN due to geo-DNS)
UDP 10000 Outgoing, established
Mandatory Provisioning and Phone book 46.137.184.162 TCP 80 / 389 / 443 Outgoing, established
Recommended Network Time Protocol 176.58.109.199 UDP 123 Outgoing, established
Recommended SNMP Traps 46.137.184.162 UDP 162 Outgoing, established

Opening for at least one of the regions below is required. For most customers, the "Global" region is enough unless they are located in China or Southern Africa.
Required Region Network Netmask
Mandatory Global 176.121.88.0 255.255.248.0 (/21)
Mandatory Global 91.240.204.0 255.255.252.0 (/22)
Mandatory Global 91.240.195.0 255.255.255.0 (/24)
Mandatory Global 185.94.240.0 255.255.252.0 (/22)
Required for region People's Republic of China 218.83.160.8-23
Required for region People's Republic of China 112.65.213.227-238
Required for region Southern Africa 196.34.160.224 255.255.255.224 (/27)
Enabling federation for Office 365

Since the SIP domain for Cloudrooms is different than the company’s SIP domain for Skype for Business, federation/external access needs to be configured to allow calls to the Cloudroom domain.

To enable this go to https://portal.office.com and login with a user that has administrator rights.

Once you have logged in, choose the grey Admin button to access the admin page.


Within the "Admin Center" select "Admin centers" labeled 1 in the picture above. Next select "Skype for Business" labeled 2 in the picture. The "Skype for Business admin center" will then open in a new window.


  • Within the "Skype for Business admin center" first select "organization" labeled 1 in the picture above.
  • Then select "external communications" labeled 2 within the picture.
  • Under "external access" is a pull down menu, we recommend selecting "On except for blocked domains" to allow communication with all outside parties as showed in #3 above.
  • Optional is to select the option labeled in 4 to allow complete federation with users outside your organization.
  • Once you have completed the above tasks, be sure to scroll all the way to the bottom of the page and click the "save" button. These changes may take up to 24 hours to take effect.