Ports used by Wildix services

Make sure that these ports are open on your router / firewall in order to be able to access and use different Wildix services.

It is recommended to open incoming custom secure port or default 443 from outside on PBX.

Updated: May 2024

Permalink: https://wildix.atlassian.net/wiki/x/NhXOAQ


Cloud PBX

Outgoing ports:

  • Outgoing traffic towards Cloud PBX to the Internet is not limited: any port from 1-65536 range

Incoming ports:

  • TCP 80 HTTP
  • TCP 443 HTTPS
  • all types ICMP
  • TCP 5060-5061 SIP
  • UDP: 5060 SIP
  • UDP 10000-59999 RTP
  • UDP 123 NTP
  • TCP 5222-5223, 5269, 5280 ejabberd
  • TCP 7008 smsd
  • TCP/ UDP 3478 turn
  • TCP 4222 gnats
  • TCP 10050 zabbix
  • TCP/ UDP 514 rsyslog

Access to external servers:

  • addons.wildix.com (also for HW / VM PBXs)

License activation / check

Access to external servers:

  • wmp.wildix.com, 443 (outbound, TCP)
  • pbx-api.wildix.com, 443 (outbound, TCP)

Upgrade

Access to external servers:

  • WMS-5.04 and WMS-6.xx
    • wmp.wildix.com + packages.wildix.com, 443 (outbound, TCP)
  • WMS-5.01-5.03 
    • wmp.wildix.com + aptly.wildix.com, 443 (outbound, TCP)
  • WMS-4.xx
    • wmp.wildix.com + apt.wildix.com, 443 (outbound, TCP)

Upgrade of devices

Starting from WMS 6.05, in case of Hardware or Virtual PBX:

Access to external servers:

  • firmwares-cdn.wildix.com, 443 (outbound, TCP)
  • wps.wildix.com, 443 (outbound, TCP)

WMS network

  • Enable the port TCP 443 (or another custom secure port) and UDP 1194 on the side of the Server PBX

Access to WMS network nodes between PBXs.

Port:

  • incoming: UDP 1194

Starting from WMS v 5.03.20210826.1, the following ports must be opened for the correct work of calls between nodes: 443 (or custom secure port) + RTP ports (on SIP-RTP page).

Access to external servers:

  • turn.wildix.com (to find a PBX public IP address for WMS Network correct functioning)

SSL certificate renew

Access to external server: 

  • ssl.wildix.com, 443 (outbound, TCP)

Text-to-speech

Access to external servers:

  • tts.wildix.com, 443 (outbound, TCP)

SIP Trunk / VoIP Provider

SIP Trunks registration

  • "PBX_NAME".wildixin.com, 5060 or another custom port specified in trunk settings (outbound, UDP)

CLASSOUND

Access to external servers:

  • operator-01-f.wildix.com 3.123.221.55
  • operator-02-f.wildix.com 18.158.245.207
  • operator-03-f.wildix.com 18.195.104.178

Port:

  • incoming: TCP 443, TCP 5061 or another custom secure port
  • RTP: e.g. UDP 10000-15000 (check SIP-RTP page in WMS Settings -> PBX (VM and HW PBXs RTP page)

Contact lookup during incoming/outgoing CLASSOUND calls 

Access to external servers:

  • classound-namelookup.wildix.com, 443 (outbound, TCP) - starting from WMS 6.02.20230201.1 or higher (available for the USA and Canada)

Remote Wildix IP Phones

Devices sync with portal

Access to external servers:

  • api.wildix.com, 443 (outbound, TCP)

Remote provisioning of devices

Incoming:

  • TCP 443 (default) or another external secure port (SIP-RTP page in WMS Settings -> PBX (VM and HW PBXs)
  • UDP 5060 – TCP 5061 for SIP registration
  • RTP:
    • VM/ HW PBX: e.g. UDP 10000 - 15000 (Note: The range depends on the number and type of licenses on the PBX; check SIP-RTP page for details)
    • Cloud PBX: UDP 10000-59999

Multicast paging uses

  • IP 224.0.0.1 or IP 239.1.1.10 (2N support)
  • Ports 9000-9009

Vision/ SuperVision

  • SIP: TCP 443
  • XMPP: TCP 443
  • Configuration: TCP 443 

Incoming:

  • TCP 443 or another external secure port (SIP-RTP page in WMS Settings -> PBX (VM and HW PBXs)
  • Add the port manually on the app login page: Account > Domain, example: pbx.wildixin.com:443
  • RTP:
    • VM/ HW PBX: e.g. UDP 10000 - 15000 (Note: The range depends on the number and type of licenses on the PBX; check SIP-RTP page for details)
    • Cloud PBX: UDP 10000-59999

Access to external server for upgrade of firmware/ applications:

  •  firmwares.wildix.com

Remote Collaboration Apps

Collaboration and Web Phone

  • TCP 443 (default) or another external secure port (SIP-RTP page in WMS Settings -> PBX (VM and HW PBXs);
  • RTP:
    • VM/ HW PBX: e.g. UDP 10000 - 15000 (Note: The range depends on the number and type of licenses on the PBX; check SIP-RTP page for details)
    • Cloud PBX: UDP 10000-59999 

Access to external servers:

  • addons.wildix.com

Cloud-stored group chats 

Access to external servers:

  • chats1.meet.wildix.com
  • chats2.meet.wildix.com 

Port:

  • outgoing: TCP 5269
  • incoming: TCP 443 or another custom secure port

Geolocation services

  • Maps in Collaboration are available only via .*wildixin.com domain

File / image sharing

Access to external servers(both PBX and Client):

  • auth.wildix.com, 443 (outbound, TCP)
  • fs.wildix.com, 443 (outbound, TCP)

WIService 

(Wildix Integration Service, used by CDR-View, Screen Sharing, Headset Integration, Fax printer, Click2call from Windows, Popup App and other Wildix applications):

  • Make sure that FQDN “wildixintegration.eu” is correctly resolved with the IP: 127.0.0.1 by your DNS (on the user PC or on the router side)

Cloud analytics in Collaboration and x-bees

Access to external servers:

  • auth.wildix.com, 443 or another custom secure port (inbound, outbound, TCP)
  • cognito-idp.eu-central-1.amazonaws.com, 443 or another custom secure port (inbound, outbound, TCP)

  • cognito-identity.eu-central-1.amazonaws.com, 443 or another custom secure port (inbound, outbound, TCP)

  • sts.amazonaws.com, 443 or another custom secure port (inbound, outbound, TCP)

  • 3.65.155.111, 443 or another custom secure port (inbound, outbound, TCP)
  • 3.65.155.145, 443 or another custom secure port (inbound, outbound, TCP)
  • kinesis.eu-central-1.amazonaws.com, 443 or another custom secure port (inbound, outbound, TCP)

WebRTC Kite service

Access to external servers:

  • kite.wildix.com, 443 TCP, 5061 TCP, 10000-1500 UDP (outbound)
  • ws2sip.wildix.com, 443 TCP or another custom secure port, 10000-15000 UDP (inbound)

iOS/Android

  • SIP:  TCP 443 
  • XMPP: TCP 443 
  • Configuration: TCP 443 

Incoming:

  • TCP 443 or another external secure port (SIP-RTP page in WMS Settings -> PBX (VM and HW PBXs)
  • Add the port manually on the app login page: Account > Domain, example: pbx.wildixin.com:443 (for iOS works only with public IP)
  • RTP:
    • VM/ HW PBX: e.g. UDP 10000 - 15000 (Note: The range depends on the number and type of licenses on the PBX; check SIP-RTP page for details)
    • Cloud PBX: UDP 10000-59999 

Outgoing:

  • For push notifications: 443 TCP to notifications.wildix.com; PBX must be connected to the internet and be able to communicate with notifications.wildix.com server

    • Android: a direct, unproxied connection to the Google Cloud Messaging server on these ports: TCP 5228; TCP 5229; TCP 5230 and TCP 443
    • iOS: a direct, unproxied connection to the Apple Push Notification servers from smartphone is necessary on ports TCP 5223; TCP 2195; TCP 2196; TCP 443
  • Important: use a transparent port forwarding scheme between the external port on the firewall and the external custom secure port on the PBX, example: 4443 – 4443

    Note: Starting from WMS 6.06.20240425.1, the service used for sending push notifications was changed from push.wildix.com to notifications.wildix.com. Make sure to use notifications.wildix.com for WMS 6.06.20240425.1 and higher. 

Video Conference

WebRTC Wizyconf videoconference

Access to external servers (both on the PBX's and on the Client's side):

  • conference.wildix.com
  • videobridge.wildix.com - no longer needed after May 31, 2021
  • videobridge-it.wildix.com - no longer needed after May 31, 2021
  • videobridge-it2.wildix.com - no longer needed after May 31, 2021
  • videobridge-usa.wildix.com - no longer needed after May 31, 2021
  • videobridge-usa2.wildix.com - no longer needed after May 31, 2021
  • videobridge-de.wildix.com - no longer needed after May 31, 2021

Ports to open (both on the PBX's and on the Client's side):

  • outgoing: TCP 443, TCP 4443, UDP 10000 (to any remote address)
    Note: TCP 4443 and UDP 10000 need to be open on the Client's side only.
  • incoming: TCP 443 or another custom secure port (from any remote address)

For support of SIP access from the PBX, enable the rules specified in this section: WebRTC Kite service.

For file/ image sharing, enable the rules specified in this section: File / image sharing.

Screen sharing

Access to external servers (both PBX and Client):

  • vnc.wildix.com, 443 (outbound, TCP)
  • kite.wildix.com, 443 (outbound, TCP)

Screen sharing

Access to external servers (both PBX and Client):

  • vnc.wildix.com, 443 (outbound, TCP)
  • kite.wildix.com, 443 (outbound, TCP)

Other Services

SMS sending with remote GSM gateway

  • Open the incoming port TCP 7008 on the side of the PBX

Rsyslog

Access to external servers:

  • WMS 6.xx PBXs
    • pbxlogging6-<minor version>.wildix.com (dynamic IP list), 20514 (outbound, TCP)
  • WMS 5.02+ PBXs
    • pbxlogging5-<minor version>.wildix.com (dynamic IP list), 20514 (outbound, TCP) 
  • WMS 4.0 PBXs
    • pbxlogging4-<minor version>.wildix.com (dynamic IP list), 514 (outbound, UDP)

Zabbix monitoring

  • TCP 8099 for IP 63.32.222.64
  • TCP 10050 for local Zabbix

Remote support 

Access to external servers:

  • WMS-4.xx PBXs
    • vpn4.wildix.com, 443 (outbound, TCP)

x-bees 

x-bees also requires the following external servers to be open on your router/ firewall:

  • app.x-bees.com
  • api.x-bees.com
  • login.x-bees.com
  • chat.wildix-chat.com
  • avatars.wildix.com
  • cognito-idp.eu-central-1.amazonaws.com
  • wda.wildix.com
  • wda-ws.wildix.com
  • wim.wildix.com
  • fs.wildix.com

Transcription

  • transcribe.eu-central-1.amazonaws.com, 443 or another custom secure port (inbound, outbound, TCP)

Firewall Checker

Check open ports

Access to external servers:

  • api.wildix.com, 443 (outbound, TCP)
  • api.wildix.com, 443 or another custom secure port (inbound, TCP)

Check External IP

Access to external servers:

  • checkip.wildix.com, 80 and 443 (outbound, TCP)