Allowlist Domains
Allow outbound traffic
You must add the following domains to your allowlist for outbound traffic. These domains are also found on the spreadsheet attached to this article and summarized in the tables below. No additional action is needed if you do not restrict outbound traffic.
Gladly basics
Destination | Destination Port(s)/Protocol(s) | Transmission (https, etc.) | Transmission TLS 1.2 or Greater (no SSL or early TLS) | Public Certificate (Identify Issuer) | Business Justification | Notes |
|---|---|---|---|---|---|---|
*.gladly.com | 443/TCP | https | Yes | DigiCert SHA2 Secure Server CA | Gladly web application | Gladly won't work without this. |
*.gladly.qa | 443/TCP | https | Yes | DigiCert SHA2 Secure Server CA | Gladly sandbox | Gladly QA won't work without this. |
app.getsentry.com | 443/TCP | https | Yes | DigiCert SHA2 Secure Server CA | Error reporting and issue debugging | Critically important for product development. We use this to alert us on unexpected errors within the application, which we use to fix and improve the product. The app will continue to work without this, but it's recommended that it be allowed. |
cdn.gladly.com | 443/TCP | https | Yes | Amazon | Gladly resources | Gladly won't work without this. |
cdn.gladly.qa | 443/TCP | https | Yes | Amazon | Gladly resources for sandbox environment | Gladly QA won't work without this. |
*.amazonaws.com | 443/TCP | https | Yes | DigiCert Baltimore CA-2 G2 | Attachments/voice recordings | Gladly Production and QA won't work without this. |
fonts.googleapis.com | 443/TCP | https | Yes | Google Internet Authority | Fonts used in Gladly | Gladly UI won't display as intended without this. |
Gladly Glad App
Add the IP addresses below to your allowlist to use Glad App.
Glad App IPs
104.198.49.18
35.192.91.7
35.225.247.106
130.211.230.34
35.192.190.234
35.192.105.60
35.225.33.10
35.238.213.231
34.68.253.110
104.154.180.10
34.68.19.1
130.211.193.78
35.239.150.255
34.66.62.232
35.188.108.36
104.155.148.233
35.224.28.191
35.238.97.253
35.238.145.72
35.238.63.4
35.184.49.242
35.224.113.57
35.192.135.242
35.238.137.7
35.232.147.123
34.66.125.214
34.67.171.206
35.223.60.57
34.170.252.175
34.122.156.182
35.238.162.85
34.68.12.183
104.197.15.81
34.134.90.39
35.223.226.239
34.171.15.179
104.154.241.197
35.188.107.76
35.225.73.67
35.222.8.99
35.223.16.58
35.223.101.142
35.232.133.119
35.232.88.255
34.67.201.225
34.133.173.151
35.193.85.158
35.238.9.205
35.239.148.7
34.136.157.15
35.222.111.23
35.223.82.241
34.121.41.70
34.172.174.158
35.225.196.80
34.122.250.12
35.188.204.110
104.198.159.243
35.192.185.145
35.202.242.120
104.154.245.13
35.232.10.176
34.67.33.142
35.202.165.254
34.67.188.138
35.184.238.39
35.193.0.101
35.223.157.7
35.222.181.249
35.238.162.145
146.148.86.226
35.239.141.105
35.239.82.161
Gladly Sidekick
Add the IP addresses below to your allowlist to use Gladly Sidekick.
Sidekick IPs
34.121.48.25
34.134.175.203
34.29.158.214
34.29.245.158
34.41.139.166
34.42.106.99
35.222.188.206
35.222.217.172
35.223.254.100
35.239.18.46
Gladly Voice
You will need to allow the Basic components below and region-specific IP addresses.
For all clients in North America, {region} corresponds to us1. Please work with your implementations team if you are unsure what region you fall under.
Basic allowlist
Component | Address | Server-side port used | Protocol |
|---|---|---|---|
Signaling - GLL (Global Low Latency) | chunderw-gll.twilio.comchunderw-vpc-gll.twilio.com | 443 | TCP |
Signaling - Regional | chunderw-vpc-gll{region}.twilio.com(Regions: au1, br1, de1, ie1, jp1, sg1, us1) | 443 | TCP |
RTP | Static IP Range* | 10,000 - 20,000, 3478 | UDP |
Insights | eventgw.twilio.com | 443 | TCP |
Voice Public Media* | 168.86.128.0/18 | 10000 - 60000 | UDP |
Voice IP Update
On January 23, 2024, Twilio transitioned to using the media IPs and port ranges for SIP calls in all regions to 168.86.128.0/18 and expand the UDP port range to 10000-60000. Old IP and port ranges will no longer accept or send traffic after this date. Information on how to check if your setup with the new IPs is correct can be found here.
Region-specific IPs
Please review Voice Media Servers Connectivity Requirements to review IPs to allowlist. We suggest allowing all the IPs listed in the link above unless you decide to pin calls to a given region.
Other
If your router includes SIP Application Level Gateway (ALG) function or Stateful Packet Inspection (SPI), disable both these functions.
User Analytics
Destination (IP or hostname) | Destination Port(s)/Protocol(s) | Transmission (https, etc.) | Transmission TLS 1.2 or Greater (No SSL or early TLS) | Public Certificate (Identify Issuer) | Business Justification | Notes |
|---|---|---|---|---|---|---|
cdn.segment.com, api.segment.io | 443/TCP | https | Yes | DigiCert SHA2 Secure Server CA | User analytics | Used for product analytics. It acts as a single interface for product errors. With other analytics destinations allowed, it helps us understand how customers are using Gladly and we can improve. Necessary for analytics; however, it is useless by itself. |
google-analytics.com | 443/TCP | https | Yes | Google Internet Authority G3 | User analytics | Used for product analytics to understand where people spend time Gladly and how any are using it. Coarse grained metrics. Lower priority on being included. Requires segment as well. |
api.amplitude.com | 443/TCP | https | Yes | COMODO RSA Domain Validation Securt Server CA | User analytics, issue debugging | Used for product analytics to understand where people spend time in Gladly, how many people are using it, and the workflows they take. Medium-high importance for improving the product, ut the product will continue to work without this. Requires segment as well. |
fullstory.com, rs.fullstory.com | 443/TCP | https | Yes | RapidSSLSHA256 CA | User analytics, issue debugging | Allows us to replay user sessions with proper redaction. We use this to replay bugs, allowing us to replicate them more easily. Highly important for improving the product, but the product will continue to work without this. Requires a segment as well. |
gladly-staging.sinter-collect.com, gladly-production.sinter-collect.com | 443/TCP | https | Yes | Amazon SHA 256 with RSA Encryption | User analytics | Same as api.amplitude.com |
Check Firewall
After completing the above requirements, we recommend checking your firewall against a tool. To check your overall firewall and port configuration, we recommend:
http://www.netscan.co/ for a general scan
https://pentest-tools.com/discovery-probing/udp-port-scanner-online-nmap or a UDP port scan
http://netalyzr.icsi.berkeley.edu/ for a much more detailed network scan, including testing for buffer bloat.
Allow Inbound Traffic
Integrations
Allow traffic from the addresses below for Lookup API requests and webhooks.
Production
34.201.115.230 (added in 2021)
34.224.73.189 (added in 2021)
34.226.104.158 (added in 2021)
52.44.26.29 (added in 2021)
Sandbox (if you have access to one)
34.226.187.43 (added in 2021)
34.227.54.194 (added in 2021)
34.207.12.67 (added in 2021)
34.225.229.172 (added in 2021)
Allow Email From
We send emails from three dedicated IP addresses listed below. In case you filter on sender IP addresses, you will need to allow emails from your domain to be received from these IP addresses:
143.55.235.42
198.244.49.44
198.244.56.155
Allow emails from @gladly.com domain, and we suggest allowing the email addresses listed below:
Verify Bandwidth
If you are using Gladly Voice over the web, you must have at least 100 kb/s per online voice Agent at any given time. For example, if you have 25 online voice Agents, you must have 2500 kb/s. See our infrastructure requirements for more information.
Network Testing
At the beginning of your implementation, we will ask you to test your network under the following scenarios to verify you are set up as needed:
Timing: Daily, for one week, at the beginning, middle, and end of your customer support hours.
Hardware: Must be tested using a customer support agent’s actual machine and setup (e.g., plugged into ethernet).
Network: Must be tested on the same network that agents use for their work.
To test your network, follow this link: https://networktest.twilio.com/. We are looking for you to pass only the following tests:
UDP: Makes sure you can communicate voice packets over the internet
TURN TCP: Allows Gladly voice to communicate back-and-forth with you over webRTC
TURN UDP: Allows Gladly voice to communicate back-and-forth with you over webRTC
Bandwidth: Tests how much available bandwidth there is for webRTC communication
Test Call: Tests that you can do a test call with the Gladly Voice provider
Upon completion of each test run:
Take a screenshot of your output.
Send it to your implementation team.