Network Requirements
- 25 Oct 2022
- 4 Minutes To Read
-
Print
-
PDF
Network Requirements
- Updated On 25 Oct 2022
- 4 Minutes To Read
-
Print
-
PDF
Allowlist Domains
Allow Outbound Traffic
For outbound traffic only, you will need to add the following domains to your allowlist. These domains are also found on the spreadsheet attached to this article and summarized in the tables below. There is no additional action needed If you do not restrict outbound traffic.
Gladly Basics
| Destination | Destination Port(s)/Protocol(s) | Transmission (https, etc.) | Transmission TLS 1.2 or Greater (no SSL or early TLS) | Public Certificate (Identify Issuer) | Business Justification | Notes |
|---|---|---|---|---|---|---|
| *.gladly.com | 443/TCP | https | Yes | DigiCert SHA2 Secure Server CA | Gladly web application | Gladly won't work without this. |
| *.gladly.qa | 443/TCP | https | Yes | DigiCert SHA2 Secure Server CA | Gladly sandbox | Gladly QA won't work without this. |
| app.getsentry.com | 443/TCP | https | Yes | DigiCert SHA2 Secure Server CA | Error reporting and issue debugging | Critically important for product development. We use this to alert us on unexpected errors within the application, which we use to fix and improve the product. The app will continue to work without this, but it's recommended that it be allowed. |
| cdn.gladly.com | 443/TCP | https | Yes | Amazon | Gladly resources | Gladly won't work without this. |
| cdn.gladly.qa | 443/TCP | https | Yes | Amazon | Gladly resources for sandbox environment | Gladly QA won't work without this. |
| *.amazonaws.com | 443/TCP | https | Yes | DigiCert Baltimore CA-2 G2 | Attachments/voice recordings | Gladly productions and QA won't work without this. |
| fonts.googleapis.com | 443/TCP | https | Yes | Google Internet Authority | Fonts used in Gladly | Gladly UI won't display as intended without this. |
Gladly Voice
You will need to allow the Basic components below, as well as region-specific IP addresses.
For all clients in North America, {region} corresponds to us1. Please work with your implementations team if you are unsure what region you fall under
Basic Allowlist
| Component | Address | Server-side port used | Protocol |
|---|---|---|---|
| Signaling - GLL (Global Low Latency) | chunderw-gll.twilio.com chunderw-vpc-gll.twilio.com | 443 | TCP |
| Signaling - Regional | chunderw-vpc-gll{region}.twilio.com (Regions: au1, br1, de1, ie1, jp1, sg1, us1) | 443 | TCP |
| RTP | Static IP Range* | 10,000 - 20,000, 3478 | UDP |
| Insights | eventgw.twilio.com | 443 | TCP |
Region Specific IP Addresses
To view a list of region-specific IP addresses you must allow traffic to, please review Voice Media Servers Connectivity Requirements.
- Note – We suggest allowing all the IPs listed in Voice Media Servers Connectivity Requirements unless you decide to pin calls to a given region.
Other
If your router includes SIP Application Level Gateway (ALG) function or Stateful Packet Inspection (SPI), disable both these functions.
User Analytics
| Destination (IP or hostname) | Destination Port(s)/Protocol(s) | Transmission (https, etc.) | Transmission TLS 1.2 or Greater (No SSL or early TLS) | Public Certificate (Identify Issuer) | Business Justification | Notes |
|---|---|---|---|---|---|---|
| cdn.segment.com, api.segment.io | 443/TCP | https | Yes | DigiCert SHA2 Secure Server CA | User analytics | Used for product analytics. It acts as a single interface for product errors. With other analytics destinations allowed, it helps us understand how customers are using Gladly and we can improve. Necessary for analytics; however, it is useless by itself. |
| google-analytics.com | 443/TCP | https | Yes | Google Internet Authority G3 | User analytics | Used for product analytics to understand where people spend time Gladly and how any are using it. Coarse grained metrics. Lower priority on being included. Requires segment as well. |
| api.amplitude.com | 443/TCP | https | Yes | COMODO RSA Domain Validation Securt Server CA | User analytics, issue debugging | Used for product analytics to understand where people spend time in Gladly, how many people are using it, and the workflows they take. Medium-high importance for improving the product, ut the product will continue to work without this. Requires segment as well. |
| fullstory.com, rs.fullstory.com | 443/TCP | https | Yes | RapidSSL SHA256 CA | User analytics, issue debugging | Allows us to replay user sessions with proper redaction. We use this to replay bugs, which more easily allows us to replicate them. High important for improving the product, but the product will continue to work without this. Requires segment as well. |
| gladly-staging.sinter-collect.com, gladly-production.sinter-collect.com | 443/TCP | https | Yes | Amazon SHA 256 with RSA Encryption | User analytics | Same as api.amplitude.com |
Check Firewall
After completing the above requirements, we recommend checking your firewall against a tool. In order to check your overall firewall and port configuration, we recommend:
- http://www.netscan.co/ for a general scan
- https://pentest-tools.com/discovery-probing/udp-port-scanner-online-nmap for a UDP port scan
- http://netalyzr.icsi.berkeley.edu/ for a much more detailed network scan, including testing for buffer bloat.
Allow Inbound Traffic
Integrations
Allow traffic from the addresses below to allow for Lookup API requests and webhooks.
Production
34.201.115.230 (added in 2021)
34.224.73.189 (added in 2021)
34.226.104.158 (added in 2021)
52.44.26.29 (added in 2021)
Sandbox (if you have access to one)
34.226.187.43 (added in 2021)
34.227.54.194 (added in 2021)
34.207.12.67 (added in 2021)
34.225.229.172 (added in 2021)
Allow Email From
Allow inbound email from support-notifications@gladly.com (Gladly's support notification email)
We use the below IPs to send notifications. You should allow the following IP ranges:
| IP Range |
|---|
167.89.0.0/17, 192.174.80.0/20, 147.253.208.0/20, 168.245.0.0/17, 34.211.27.137, 34.211.27.236, 34.213.22.229, 34.249.70.175, 34.251.56.38, 34.252.236.245, 52.51.22.205, 54.187.228.111, 34.209.119.136, 34.211.27.82, 34.212.5.76, 34.253.110.0, 34.253.57.155, 35.167.157.209, 35.167.7.36, 52.19.227.102, 52.24.176.31, 54.72.208.111, 54.72.24.111, 54.77.2.231 |
Verify Bandwidth
If you are using Gladly Voice over the web, you must have at least 100 kb/s per online voice Agent at any given time. For example, if you have 25 online voice Agents, you must have 2500 kb/s. See our infrastructure requirements for more information.
Network Testing
At the beginning of your implementation, we will ask you to test your network under the following scenarios to verify you are set up as needed:
- Timing: Daily, for one week, at the beginning, middle, and end of your customer support hours
- Hardware: Must be tested using a customer support agent’s actual machine and setup (e.g.: plugged into ethernet)
- Network: Must be tested on the same network that agents use for their work
To test your network, follow this link: https://networktest.twilio.com/. We are looking for you to pass only the following tests:
- UDP: Makes sure you can communicate voice packets over the internet
- TURN TCP: Allows Gladly voice to communicate back-and-forth with you over webRTC
- TURN UDP: Allows Gladly voice to communicate back-and-forth with you over webRTC
- Bandwidth: Tests how much available bandwidth there is for webRTC communication
- Test Call: Tests that you can do a test call with the Gladly Voice provider
Upon completion of each test run:
- Take a screenshot of your output
- Send it to your implementation team
Was this article helpful?