1. Overview
  2. Types of Traffic
  3. Hosts and Ports Whitelist
  4. Troubleshoot

1 Overview

The document describes the network access requirements for Avaya Spaces, with the intention of providing seamless connection for Avaya Spaces users operating behind corporate security measures. This document is intended for network administrators, particularly firewall and security administrators.

2 Types of Traffic

Avaya Spaces endpoints use the following types of traffic:

  • HTTPS and WSS (https://en.wikipedia.org/wiki/WebSocket)
  • WebRTC (https://en.wikipedia.org/wiki/WebRTC)

TLS traffic is used for both HTTPS and WSS, any TLS-inspection should support these protocols or have an exception for Spaces’ hosts.

WebRTC media (audio and video) is secured and encrypted with DTLS-SRTP and is transported using UDP.

Important: TCP and HTTP tunneling are not supported for Audio and Video at this time. To ensure media traverses your network firewall securely, we recommend configuring an address restricted dynamic cone NAT, or a port restricted dynamic cone NAT for the UDP port range specified below. Use of a symmetric NAT is not supported and may result in audio/video connection failures.
For more information on network address translation methods, refer to this article:https://en.wikipedia.org/wiki/Network_address_translation#Methods_of_translation

For Push Notification, please refer to this document for more information.

3 Hosts and Ports Whitelist

The following hosts and protocols should be unrestricted for all Avaya Spaces features to work as intended. Whitelisting based on IP address is not recommended since these may change dynamically. In addition, HTTP headers such at Authorization should be left intact.

HostsPortsProtocolDescription
*.zang.io80, 443HTTPS, WSSMandatory for any Spaces features (e.g.: chat, presence, video, etc.)
3000-3999UDPAudio/Video
*.googleapis.com80, 443HTTPSScreen sharing, file sharing
*.onesna.com80, 443WSSPresence
3000-3999UDPAudio/Video
*.esna.com80, 443HTTPSMobile app authentication
ASN of 151695228, 5229, 5230TCPPush notification
accounts.google.com80, 443HTTPSSSO
login.microsoftonline.com80, 443HTTPSSSO
login.salesforce.com80, 443HTTPSSSO
*.avaya.com80, 443HTTPSSSO
*.gstatic.com80, 443HTTPSCDN

4 Troubleshoot

The following are tools that can be used to test WebRTC connection to Avaya Spaces:

  • https://wcs-production1.onesna.com/wcs/confservice/index.html
  • https://test.webrtc.org/?turnURI=wcs-production2.onesna.com