Network Requirements
  • 22 Apr 2022
  • 4 Minutes To Read
  • PDF

Network Requirements

  • PDF

Allowlist Domains

Allow Outbound Traffic

For outbound traffic only, you will need to add the following domains to your allowlist. These domains are also found on the spreadsheet attached to this article and summarized in the tables below. There is no additional action needed If you do not restrict outbound traffic.

Gladly Basics

DestinationDestination Port(s)/Protocol(s)Transmission (https, etc.)Transmission TLS 1.2 or Greater (no SSL or early TLS)Public Certificate (Identify Issuer)Business JustificationNotes
*.gladly.com443/TCPhttpsYesDigiCert SHA2 Secure Server CAGladly web applicationGladly won't work without this.
*.gladly.qa443/TCPhttpsYesDigiCert SHA2 Secure Server CAGladly sandboxGladly QA won't work without this.
app.getsentry.com443/TCPhttpsYesDigiCert SHA2 Secure Server CAError reporting and issue debuggingCritically important for product development. We use this to alert us on unexpected errors within the application, which we use to fix and improve the product. The app will continue to work without this, but it's recommended that it be allowed.
cdn.gladly.com443/TCPhttpsYesAmazonGladly resourcesGladly won't work without this.
cdn.gladly.qa443/TCPhttpsYesAmazonGladly resources for sandbox environmentGladly QA won't work without this.
*.amazonaws.com443/TCPhttpsYesDigiCert Baltimore CA-2 G2Attachments/voice recordingsGladly productions and QA won't work without this.
fonts.googleapis.com443/TCPhttpsYesGoogle Internet AuthorityFonts used in GladlyGladly UI won't display as intended without this.

Gladly Voice

You will need to allow the Basic components below, as well as region-specific IP addresses.

For all clients in North America, {region} corresponds to us1. Please work with your implementations team if you are unsure what region you fall under

Basic Allowlist

ComponentAddressServer-side port used Protocol
Signaling - GLL (Global Low Latency)chunderw-gll.twilio.com
chunderw-vpc-gll.twilio.com
443TCP
Signaling - Regionalchunderw-vpc-gll{region}.twilio.com
(Regions: au1, br1, de1, ie1, jp1, sg1, us1)
443TCP
RTPStatic IP Range*10,000 - 20,000, 3478UDP
Insightseventgw.twilio.com443TCP

Region Specific IP Addresses

To view a list of region-specific IP addresses you must allow traffic to, please review Voice Media Servers Connectivity Requirements.

Other

If your router includes SIP Application Level Gateway (ALG) function or Stateful Packet Inspection (SPI), disable both these functions.

User Analytics

Destination (IP or hostname)Destination Port(s)/Protocol(s)Transmission (https, etc.)Transmission TLS 1.2 or Greater (No SSL or early TLS)Public Certificate (Identify Issuer)Business JustificationNotes
cdn.segment.com, api.segment.io443/TCPhttpsYesDigiCert SHA2 Secure Server CAUser analyticsUsed for product analytics. It acts as a single interface for product errors. With other analytics destinations allowed, it helps us understand how customers are using Gladly and we can improve. Necessary for analytics; however, it is useless by itself.
google-analytics.com443/TCPhttpsYesGoogle Internet Authority G3User analyticsUsed for product analytics to understand where people spend time Gladly and how any are using it. Coarse grained metrics. Lower priority on being included. Requires segment as well.
api.amplitude.com443/TCPhttpsYesCOMODO RSA Domain Validation Securt Server CAUser analytics, issue debuggingUsed for product analytics to understand where people spend time in Gladly, how many people are using it, and the workflows they take. Medium-high importance for improving the product, ut the product will continue to work without this. Requires segment as well.
fullstory.com, rs.fullstory.com443/TCPhttpsYesRapidSSL
SHA256 CA
User analytics, issue debuggingAllows us to replay user sessions with proper redaction. We use this to replay bugs, which more easily allows us to replicate them. High important for improving the product, but the product will continue to work without this. Requires segment as well.
gladly-staging.sinter-collect.com, gladly-production.sinter-collect.com443/TCPhttpsYesAmazon SHA 256 with RSA EncryptionUser analyticsSame as api.amplitude.com

Check Firewall

After completing the above requirements, we recommend checking your firewall against a tool. In order to check your overall firewall and port configuration, we recommend:

  • http://www.netscan.co/ for a general scan
  • https://pentest-tools.com/discovery-probing/udp-port-scanner-online-nmap for a UDP port scan
  • http://netalyzr.icsi.berkeley.edu/ for a much more detailed network scan, including testing for buffer bloat.

Allow Inbound Traffic

Integrations

Allow traffic from the addresses below to allow for Lookup API requests and webhooks. 

Production

34.201.115.230 (added in 2021)

34.224.73.189 (added in 2021)

34.226.104.158 (added in 2021)

52.44.26.29 (added in 2021)

35.172.17.60 (existing)

52.2.94.61 (existing)

35.168.217.113 (existing)


Sandbox (if you have access to one)

34.226.187.43 (added in 2021)

34.227.54.194 (added in 2021)

34.207.12.67 (added in 2021)

34.225.229.172 (added in 2021)

34.199.211.76 (existing)

34.238.54.57 (existing)

35.170.231.118 (existing)

Allow Email From

Allow inbound email from support-notifications@gladly.com (Gladly's support notification email)

We use the below IPs to send notifications. You should allow the following IP ranges:

IP Range

167.89.0.0/17, 192.174.80.0/20, 147.253.208.0/20, 168.245.0.0/17, 34.211.27.137, 34.211.27.236, 34.213.22.229, 34.249.70.175, 34.251.56.38, 34.252.236.245, 52.51.22.205, 54.187.228.111, 34.209.119.136, 34.211.27.82, 34.212.5.76, 34.253.110.0, 34.253.57.155, 35.167.157.209, 35.167.7.36, 52.19.227.102, 52.24.176.31, 54.72.208.111, 54.72.24.111, 54.77.2.231

Verify Bandwidth

If you are using Gladly Voice over the web, you must have at least 100 kb/s per online voice Agent at any given time. For example, if you have 25 online voice Agents, you must have 2500 kb/s. See our infrastructure requirements for more information. 

Network Testing

At the beginning of your implementation, we will ask you to test your network under the following scenarios to verify you are set up as needed:

  • Timing: Daily, for one week, at the beginning, middle, and end of your customer support hours
  • Hardware: Must be tested using a customer support agent’s actual machine and setup (e.g.: plugged into ethernet)
  • Network: Must be tested on the same network that agents use for their work

To test your network, follow this link: https://networktest.twilio.com/. We are looking for you to pass only the following tests:

  • UDP: Makes sure you can communicate voice packets over the internet
  • TURN TCP: Allows Gladly voice to communicate back-and-forth with you over webRTC
  • TURN UDP: Allows Gladly voice to communicate back-and-forth with you over webRTC
  • Bandwidth: Tests how much available bandwidth there is for webRTC communication
  • Test Call: Tests that you can do a test call with the Gladly Voice provider

Upon completion of each test run:

  1. Take a screenshot of your output
  2. Send it to your implementation team
Attachments

Was this article helpful?