Skip to content
English
Contact us
  • There are no suggestions because the search field is empty.

Convo Call Firewall Requirements

Make sure your network is ready for Convo Call

Asset 767

697c1e9fe42a435f446ed3c6_1c2794b625403e3f28ec600ba835a87813cf9a4b (1)-p-1600

To make sure that all Convo Call apps work correctly on high-security networks, please review this PDF document or share it with your IT team.

Convo Call Applications Firewall Requirements

To ensure that all Convo Call applications (Mobile and Web) function properly and deliver high-quality audio and video calls, the Convo Call platform requires specific network configurations.

If these "digital doors" (ports) are not opened by IT, users may experience dropped calls, one-way audio, or connection failures.

Service Status Current Recommendation
Standard Office/Home Fully supported with minor IT whitelist updates.
Strict Environments Issues may occur in Hotels, Hospitals, and Universities.


Whitelisting/Allow Components Access Requirements
Ideally, all *.convo.io UDP & TCP traffic should be allowed/whitelisted. Below is a split of
hostnames & ports that need to be accessible, split per component.

Services Hostname / IPs Protocol Ports
Convo Call Web Application call.convo.io TCP 443
Convo User Account Service ums.convo.io TCP 443
Convo Authentication Service ums-auth.convo.io TCP 443
Convo Videomail Service *.amazonaws.com TCP 443
Convo Call Web Application FCM
(Firebase Cloud Messaging)		 *.gstatic.com TCP 443
OpenSIPS sip-proxy.convo.io TCP 443
RTPEngine/Freeswitch

fs-0.convo.io

fs-1.convo.io

fs-2.convo.io

rtpengine-0.convo.io

 TCP 10000–65535
STUN stun.l.google.om TCP 19302
Public DNS Access 1.1.1.1
8.8.8.8
8.8.4.4		 TCP 53
HTTP Connectivity Check 1.1.1.1 TCP 443
Sentry *.sentry.io TCP 443
Pendo *.pendo.io TCP 443
Apple Push Notification Service Ideally the entire 17.0.0.0/8 address block (which is assigned to Apple), if not possible:

IPv4
• 17.249.0.0/16
• 17.252.0.0/16
• 17.57.144.0/22
• 17.188.128.0/18
• 17.188.20.0/23

IPv6
• 2620:149:a44::/48
• 2403:300:a42::/48
• 2403:300:a51::/48
• 2a01:b740:a42::/48		 TCP 5223, 443
Android FCM (Firebase Cloud
Messaging)

Filtering based on hostnames:
• mtalk.google.com
• mtalk4.google.com
mtalk-staging.google.com
• mtalk-dev.google.com
alt1-
mtalk.google.com
• alt2-mtalk.google.com
• alt3-mtalk.google.com
• alt4-mtalk.google.com
• alt5-mtalk.google.com
• alt6-mtalk.google.com
• alt7-mtalk.google.com
• alt8-mtalk.google.com
• android.apis.google. com
• device-provisioning.google
apis.com
•firebaseinstallations.
googleapis.com

Filtering based on IP:
Itʼs not recommended since the IP list changes every month and youʼd have to update the firewallʼs rules accordingly. But in case you need it, youʼd have to allow all IPʼs indicated in goog.json

 TCP 5228
5229
5230
443

Currently Unsupported Networks
Convo Call may face connectivity issues on the following "Strict" networks.

For context review the table below:

Business Environment Technical Reason (For IT/Tech) Expected Symptom
High Security Enterprise Symmetric NAT (Changes port
mappings per session)
  • Call connect but has black video
  • One-way video
Mobile Data (4G/5G) Carrier-Grade NAT (CGNAT)
(Shared public IPs)
  • Call connect but has intermittent black video
  • One-way video
Strict VPNs & Hotels UDP Port Filtering (Blocks ports
10000–65535)
  • Call connect but has intermittent black video
  • One-way video
Universities/Campuses Dynamic UDP Blocking
(Restricts non-web traffic)
  • Call connect but has intermittent black video
  • One-way video