TOP

AT&T Office@Hand

Learn how to use features from AT&T Office@Hand. Access our self-help options to set up and use this application to communicate with customers.

Back to Product Page
Use the dropdown to get support, or purchase this product

AT&T Office@Hand Network Updates
Article #12242

  1. IP supernets
  2. Common cloud services
  3. Endpoint guidelines
  4. AT&T App – web, desktop, and mobile
  5. AT&T Video App – web, desktop, and mobile
  6. AT&T Webinar
  7. AT&T Video Rooms
  8. AT&T Video with Room Connector
  9. AT&T Phones – desk, conference, and cordless
  10. AT&T Softphone App – desktop
  11. AT&T Softphone App – mobile
  12. AT&T SMS
  13. AT&T Archiver
  14. Application Programming Interface
  15. SIP trunks
  16. Communication integration services
  17. AT&T cloud IP addresses for on-premises Microsoft Exchange server
  18. Domain Name Service (DNS)
  19. Network Address Translation (NAT)
  20. Security software
  21. Quality of Service guidelines
  22. VLAN configuration guidelines

 

There are incoming updates to the AT&T Office@Hand networking requirements which may require adjusting the Access Control List rules of your network firewall. In order to maintain service please ensure the following Fully Qualified Domain Names (FQDNs) and hostnames/IP addresses are whitelisted for the indicated Office@Hand devices, applications, and services (unless not used).   

Addresses are highlighted to indicate updates.   

This document only shows partial information of AT&T Office@Hand Network requirements. For the complete details, go to AT&T Office@Hand Network Requirements.

 

1. IP Supernets  

The supernets (concatenated subnets) in Table 1.1 are advertised by the AT&T Office@Hand cloud using the BGP routing protocol to support Unified Communication Services over the internet. These networks can be used to connect to the AT&T cloud over the internet:

 

Table 1.1 – IP Supernets
Advertised IP Supernets
  • 66.81.240.0/20
  • 80.81.128.0/20
  • 103.44.68.0/22
  • 103.129.102.0/23
  • 104.245.56.0/21
  • 185.23.248.0/22
  • 192.209.24.0/21
  • 199.68.212.0/22
  • 199.255.120.0/22
  • 208.87.40.0/22

Additional requirements apply for enterprises with private connections to the AT&T cloud. Contact AT&T Support for more information.

 

To ensure that unified communication services operate correctly, your enterprise network must accept the supernets at all locations where unified communication services are used.

The enterprise network must use the supernets for:

  • Configuring firewall rules for signaling and media ports.
  • Configuring DSCP markings in IP packet headers according to the Quality of Service Guidelines.
  • Selectively disabling Layer 7 device functions, such as Deep Packet Inspection for UDP traffic to and from the unified communication cloud.

 

2. Common cloud services

You may need to whitelist the destination ports in Table 2.1 for all of your enterprise firewalls and web proxies. Whitelisting these ports allows devices and applications to access supporting cloud services, domain names, and IP addresses.

You should whitelist only the set of services that you need. For example, if you don’t use the Analytics portal in Europe, you need not whitelist the analytics.ringcentral.eu domain.

The domains that resolve to supernet addresses (indicated as yes in column 3 of Table 2.1) do not need to be whitelisted, provided that the supernets are whitelisted in the tables in the endpoint section.

You must always whitelist the following domains:

  • The AT&T company website, which provides general information about RingCentral and its products, and does not require sign in.
  • The Service status portal, which provides an overview of AT&T’s unified communication service availability.
  • The customer support domain, which provides access to resources for phone and app installation and configuration, release notes, community discussions, and escalations.
  • AT&T Discovery service API, which:
    • Allows client applications to dynamically discover the correct .com and .biz API domains before users log in.
    • Points to the login process service. After the Login service authenticates an administrator or user, the Discovery service API uses configured account data to determine the appropriate API domain.
  • The Account federation management portal, which is only used when a customer has multiple accounts that are federated.
  • Service Web portal, which provides access to unified communication administration services.
  • The AT&T Administrator/User Account portal, which authenticates administrator and user access to underlying communication and administration services.
  • The Analytics portals, which provide account administrators with unified communication service performance data. This data can help administrators understand the current state of the system and troubleshoot specific issues.
  • The Administrator/User account portal, Service Web portal, and Analytics portals may be country- or region-specific for compliance purposes. For example, domains that end in .eu refer to non-UK Europe.

 

AT&T Office@Hand Domains and IP Addresses  

AT&T Office@Hand uses these networks globally for call servers, media services, route announcements, and auxiliary services, like telephone provisioning and network time. It is highly recommended to permit all these networks at all enterprise locations for the specific regions.

 

Table 2.1 – Common cloud services
Purpose Application Protocol Domain name/IP address Resolves to Supernet address? (Yes/No) Destination Ports
Company Website HTTPS www.business.att.com No TCP\443
Service status portal HTTPS status-officeathand.att.com No TCP\443
Customer support HTTPS www.business.att.com/support No TCP\443
Discovery service API HTTPS discovery.ringcentral.biz Yes TCP\443
Account federation management portal HTTPS accounts-officeathand.att.com Yes TCP\443
Service Web portal HTTPS service-officeathand.att.com Yes TCP\443
Administrator/User account login portal HTTPS login-officeathand.att.com Yes TCP\443
Analytics portal HTTPS analytics-officeathand.att.com No TCP\443

 

3. Endpoint guidelines

The next sections provide endpoint-specific tables for domain names, supernets, and a range of cloud destination ports for various AT&T endpoints (e.g. app, hardphones, etc.). These tables must be administered in an enterprise firewall to allow endpoint access to AT&T’s unified communication services.

 

Note the following endpoint table guidelines for firewall and web proxy configuration:

  • The AT&T cloud does not initiate any session toward customer endpoints. All sessions are initiated from an endpoint toward AT&T’s cloud communication services. For this reason, destination ports are indicated in each section’s endpoint tables. These tables do not specify source ports, since source ports are dynamically selected by the operating system, and their ranges are operating system-dependent.
  • Each section’s tables provide modular sets of requirements for firewall control to support different deployment combinations of AT&T endpoints. For this reason, a table is provided for each type of endpoint. Consequently, some rows may be duplicated across different tables in various sections. For example, in the AT&T app and the AT&T Video app section’s tables. In principle, firewall rules need to be applied only once for deployed endpoints that have the same row content.
  • In creating your firewall configurations, you need only apply the tables for the endpoints that you actually use. For example, if you don’t use hardphones, you may ignore the hardphone section. Similarly, if you don’t use an app’s desktop or mobile version, you need not whitelist it.
  • Rows in the port table are generally ordered from highest QoS traffic priority (media) to lowest QoS traffic priority (supporting data service).
  • You may use the mobile version of the AT&T app on a mobile operator network or a private or public WiFi network. On a mobile operator network or a public WiFI network, traffic does not traverse a private enterprise network to AT&T communication services, so firewall configuration is irrelevant. The appropriate tables must be administered in the enterprise firewall on a private WiFi network (such as a private wired enterprise network).

 

4. AT&T App – web, desktop, and mobile

 

Table 4.1 – AT&T App – web, desktop, and mobile
Purpose Application Protocol Domain name/IP address E5F1F6

Media/media secured

and media access control

RTP/SRTP (DTLS)
and STUN
IP supernets

UDP\20000-64999

and UDP\19302

Signaling – mobile app SIP/TCP IP supernets TCP\5091
Signaling secured – mobile app SIP/TLS IP supernets TCP\5097
Signaling secured – mobile app SIP/WSS/TLS IP supernets TCP\443
Signaling secured desktop and web app SIP/WSS/DTLS IP supernets TCP\8083
IOVATION SDK for two-factor login HTTPS

mpsnare.iesnare.com

ringcentral.112.2o7.net

TCP\443
Application file upload and download HTTPS glip-prod-biz-us-east-1-core-data.s3.amazonaws.com glip-prod-biz-us-east-1-core-data.s3-accelerate.amazonaws.com TCP\443
Log file upload HTTPS www.filestackapi.com TCP\443
Application service API HTTPS *.ringcentral.biz TCP\443
Messaging service API HTTPS glip.ringcentral.biz TCP\443
Messaging content support HTTPS

api.giphy.com

media0.giphy.com

media1.giphy.com

media2.giphy.com

media3.giphy.com

media4.giphy.com

i.embed.ly

TCP\443
Presence status, call log notifications, and voicemail notifications HTTPS

ringcentral.pubnubapi.com
ringcentral-0.pubnubapi.com

ringcentral-1.pubnubapi.com

ringcentral-2.pubnubapi.com

ringcentral-3.pubnubapi.com

ringcentral-4.pubnubapi.com

ringcentral-5.pubnubapi.com

ringcentral-6.pubnubapi.com

ringcentral-7.pubnubapi.com

ringcentral-8.pubnubapi.com

ringcentral-9.pubnubapi.com

TCP\443

Android app push notifications –

mobile app*

HTTPS mtalk.google.com TCP\443, 5228, 5229, 5230

iOS app push notifications –

mobile app

HTTPS api.push.apple.com TCP\443, 2197, 5223
Software and provisioning updates HTTPS *.cloudfront.net TCP\443
Help
(lower left corner of the app, covers help and video content)
HTTPS

community.ringcentral.com

*.demdex.net

*.coveo.com

*.vimeo.com

*.akamaized.net

www.youtube.com

js-agent.newrelic.com

bam.nr-data.net

cdn.cookielaw.org

TCP\443
RingCentral Video App – web, desktop, and mobile Refer to Table 5.1

 

* For reliable connectivity and reduction of battery consumption, implement a 30-minute or larger timeout for Network Address Translation (NAT) or Stateful Packet Inspection (SPI) for connections over ports 5228-5230.

 

5. AT&T Video App – web, desktop, and mobile

  • Read the Endpoints guidelines about the duplicated rows you’ll find in AT&T App Table 4.1 and the AT&T Video App Table 5.1.
  • The statistics collector publishes detailed statistics about calls. The Analytics Portal Table 2.1 uses a subset of the data extracted by the statistics collector.
  • You don’t need to whitelist the RCV web client application if you’re only using the desktop and mobile versions of the RCV app.
  • You should whitelist the network connectivity test application to allow Video App users to test their network connections.

 

Table 5.1 – AT&T Video App – web, desktop, and mobile
Purpose Application protocol Domain name/IP address Detonation port
Media secured SRTP IP supernets

UDP\10001-10010

(default)


TCP\443  (when UDP is not available – should not be used regularly, as it can affect voice quality)

Signaling secured HTTPS/WSS/TLS IP supernets TCP\443
Application service API HTTPS v.ringcentral.com TCP\443
Parser configuration for meeting link verification for mobile phones HTTPS media.ringcentral.biz TCP\443
Connect platform API HTTPS api-meet.ringcentral.biz TCP\443
Statistics collector HTTPS edr.ringcentral.biz TCP\443
Presence status, call log notifications, and voicemail notifications HTTPS

ringcentral.pubnubapi.com
ringcentral-0.pubnubapi.com

ringcentral-1.pubnubapi.com

ringcentral-2.pubnubapi.com

ringcentral-3.pubnubapi.com

ringcentral-4.pubnubapi.com

ringcentral-5.pubnubapi.com

ringcentral-6.pubnubapi.com

ringcentral-7.pubnubapi.com

ringcentral-8.pubnubapi.com

ringcentral-9.pubnubapi.com

TCP\443
Application configuration HTTPS downloads.ringcentral.biz TCP\443
Application download and update HTTPS app.ringcentral.biz TCP\443
Feature enablement control HTTPS

*.launchdarkly.com

app.launchdarkly.com

events.launchdarkly.com

clientstream.launchdarkly.com

mobile.launchdarkly.com

TCP\443
Network connectivity test application – part of RCV App HTTPS

rcv.testrtc.com
which uses:

api.nettest.testrtc.com

kong.testrtc.com

*.turn.testrtc.com

*.speed.testrtc.com

TCP\443

UDP\443

 

6. AT&T Webinar

AT&T Webinar relies on two clients:

  • Webinar host client: Used by a webinar session’s host, cohosts, and panelists.
  • Webinar attendee client: Used only by webinar attendees.

For both clients, apply the whitelistings from Table 6.1 when configuring your enterprise firewall.

Note:

  • AT&T Webinar is based on AT&T Video.
  • If you’ve already whitelisted Cloudfront for the AT&T App – web, desktop, and mobile, you need not whitelist it again.

 

Table 6.1 – AT&T Webinar host client and attendee client
Purpose Application protocol Domain name/IP address Destination Ports
AT&T Video Refer to Table 5.1
Fetch webinar session live streaming media segments HTTPS *.cloudfront.net TCP\443

 

7. AT&T Video Rooms

 

Table 7.1 – AT&T Video Rooms
Purpose Application Protocol Domain name/IP address Destination ports
Media secured

SRTP


SRTP

IP supernets


IP supernets

 

UDP\10001-10010 (default)


TCP\443 (Use only if UDP is not available. Should not be used regularly, as it affects voice quality.)

Signaling secured HTTPS IP supernets TCP\443
SIP registration service HTTPS/TLS *.ringcentral.biz TCP\8085-8090
Rooms host device HTTPS Internal enterprise assigned private IP address
(no WAN firewall traversal)
TCP\9520-9530
Login portal HTTPS meetings.officeathand.att.com TCP\443
Notifications HTTPS

ringcentral.pubnubapi.com

ringcentral-0.pubnubapi.com

ringcentral-1.pubnubapi.com

ringcentral-2.pubnubapi.com

ringcentral-3.pubnubapi.com

ringcentral-4.pubnubapi.com

ringcentral-5.pubnubapi.com

ringcentral-6.pubnubapi.com

ringcentral-7.pubnubapi.com

ringcentral-8.pubnubapi.com

ringcentral-9.pubnubapi.com

TCP\443
Software and provisioning updates HTTPS *.ringcentral.biz TCP\443

 

8. AT&T Video with Room Connector

You must whitelist the relevant region-independent domain name. Domain names need only be whitelisted when a Room Connector is used in the indicated region.

 

Table 8.1 – AT&T Video with Room Connector
Purpose* Application protocol Domain name/IP address Destination ports
Media RTP/SRTP IP supernets UDP\10001-10010
Signaling SIP

rcvsip.biz

att.rcvsip.biz

UDP\5060 or

TCP\5060

Signaling secured SIP/TLS

rcvsip.biz

att.rcvsip.biz

TCP\5061

*Customer video devices determine whether connectivity is secured or unsecured.

 

9. AT&T Phones – desk, conference, and cordless

  • Some third-party devices, such as the Poly IP7000 speakerphone, do not support signaling or media encryption. Such devices should be avoided in a deployment that requires complete security.
  • No separate ports are specified for Busy Lamp Appearance (BLA) since BLA uses the signaling ports and standard SIP NOTIFY packets.

 

Table 9.1 – AT&T Phones – desk, conference, and cordless
Purpose Application protocol Domain name/IP address Destination port
Media and media secured RTP/SRTP IP supernets UDP\20000-64999
Signaling SIP IP supernets

TCP\5090, TCP\5099**

UDP\5090, UDP\5099**

Signaling secured SIP/TLS IP supernets TCP\5096, TCP\5098**
Network time service NTP ntp1.ringcentral.biz and ntp2.ringcentral.biz
(within the supernets)
UDP\123
LDAP directory service LDAP cd.ringcentral.biz
(within the supernets)
TCP\636
Poly phone API and provisioning and firmware update HTTPS

API: pp.api.ringcentral.com

Provisioning:

pp.ringcentral.biz

pp-pre.ringcentral.biz

Firmware update:

pp.s3.ringcentral.biz

pp.fw.ringcentral.biz

Platform API:

pp.api.ringcentral.biz

TCP\443
Cisco phone API and provisioning and firmware update HTTPS

API: NA

Provisioning:

cp.ringcentral.com

Firmware update:

cp.s3.ringcentral.com

TCP\443
Yealink phone API and provisioning and firmware update HTTPS

API: yp.api.ringcentral.com

Provisioning:

yp.ringcentral.biz

yp-pre.ringcentral.biz

Firmware Update:

yp.s3.ringcentral.biz

yp.fw.ringcentral.biz

yp.api.ringcentral.biz

TCP\443
Avaya phone API and provisioning and firmware update HTTPS

API: avaya.api.ringcentral.biz

Provisioning:

av.ringcentral.biz

av-pre.ringcentral.biz       

Firmware:

av.s3.ringcentral.com

TCP\443
Unify phone API and provisioning and firmware update HTTPS

API: unf.api.ringcentral.biz

Provisioning:

unf.ringcentral.biz

unf-pre.ringcentral.biz

Provisioning:
TCP\18443

Firmware update:
TCP\443

Mitel phone API and provisioning and firmware update HTTPS

API: mtl.api.ringcentral.com

Provisioning:

mtl.ringcentral.biz

mtl-pre.ringcentral.biz

Firmware Update:

mtl.s3.ringcentral.biz

mtl.fw.ringcentral.biz

Platform API:

mtl.api.ringcentral.biz

TCP\443
SNOM phone API and provisioning and firmware update HTTPS

API: NA

Provisioning:

snm.ringcentral.biz

snm-pre.ringcentral.biz

Firmware Update:

snm.s3.ringcentral.biz

snm.fw.ringcentral.biz

TCP\443

**Ports 5098 and 5099 should be opened for Busy Lamp Appearance only when you’re using line sharing.

 

10. AT&T Softphone App – desktop

 

Table 10.1 – AT&T Softphone App – desktop
Purpose Application protocol Domain name/IP address Destination ports
Media and media secured RTP/SRTP IP supernets UDP\20000-64999
Signaling SIP IP supernets TCP\5091
Signaling secured SIP/TLS IP supernets TCP\5097
Presence status, call log notifications, and voicemail notifications HTTPS

ringcentral.pubnubapi.com

ringcentral-0.pubnubapi.com

ringcentral-1.pubnubapi.com

ringcentral-2.pubnubapi.com

ringcentral-3.pubnubapi.com

ringcentral-4.pubnubapi.com

ringcentral-5.pubnubapi.com

ringcentral-6.pubnubapi.com

ringcentral-7.pubnubapi.com

ringcentral-8.pubnubapi.com

ringcentral-9.pubnubapi.com

TCP\443
Software and provisioning updates HTTP/HTTPS *.ringcentral.biz

TCP\80

TCP\443

Platform API for user authentication and call features HTTPS api-sp.ringcentral.biz TCP\443

Platform API for media services

(for transferring media files: voice recordings, faxes, transcriptions, profile and contact information)

HTTPS media.ringcentral.biz TCP\443
Google services (contacts and calendar) HTTPS

accounts.google.com

www.google.com

www.googleapis.com

TCP\443

 

11. AT&T Softphone App – mobile

Note: Table 11.1 pertains to the use of the AT&T mobile softphone app on a WiFi network.

 

Table 11.1 – AT&T Softphone App – mobile
Purpose Application protocol Domain name/IP address Destination Ports
Media RTP/SRTP IP supernets UDP\20000-64999
Signaling SIP IP supernets

TCP\5091

UDP\5091

Signaling secured SIP/TLS IP supernets TCP\5097
TCP\443
Signaling (IPv6 client) SIP/TLS IP supernets TCP\5090-5098
TCP\443
SIP registration service HTTPS *.ringcentral.biz TCP\443
Application presence status, call log notifications, and voicemail notifications – used in Android, not in iOS HTTPS

ringcentral.pubnubapi.com

ringcentral-0.pubnubapi.com

ringcentral-1.pubnubapi.com

ringcentral-2.pubnubapi.com

ringcentral-3.pubnubapi.com

ringcentral-4.pubnubapi.com

ringcentral-5.pubnubapi.com

ringcentral-6.pubnubapi.com

ringcentral-7.pubnubapi.com

ringcentral-8.pubnubapi.com

ringcentral-9.pubnubapi.com

TCP\443

Data synchronization with cloud

(e.g., call log info, presence, and voicemails)

HTTPS api-mob.ringcentral.biz TCP\443
Soft clients software and provisioning updates HTTPS *.cloudfront.net TCP\443

 

12. AT&T SMS

The network requirements in Table 12.1 apply to all AT&T apps and the SMS API. AT&T encrypts SMS traffic from the app to the SMS servers and from the servers to the SMS carrier used by AT&T does not encrypt SMS at rest. Note that SMS is not considered a secure communication medium since it is not encrypted in transit by carriers, from a carrier to a recipient device, and on those devices.

 

Table 12.1 – AT&T SMS
Purpose Application protocol Domain name/IP address Destination ports
SMS communication HTTPS, TLS 1.2 or greater platform.ringcentral.com TCP\443

 

13. AT&T Archiver

AT&T Archiver is a cloud-side integration that allows administrators to copy call content to a long-term, enterprise-owned repository. Copied content includes recordings, voicemail, fax, and text messages. Archiver ensures that data is retained for a long time, and that it meets local data residency and regulatory retention requirements. Learn more

 

Table 13.1 – AT&T Archiver
Purpose Application protocol Domain name/IP address Destination ports
Content archiving

HTTPS


SFTP

For Box, Dropbox, Google Drive, and Smarsh archiving systems


For archiving to an enterprise SFTP server, the following SFTP client IP addresses must be whitelisted:

3.211.163.136

3.223.170.110

34.225.218.68

34.226.29.169

34.234.210.244

34.236.210.8

34.239.13.99

35.172.123.110

52.87.7.127

54.80.51.95
54.147.91.15

 

Any of these IP addresses may dynamically be selected by the AT&T SFTP client to connect to an enterprise SFTP server.

TCP\443
(does not traverse enterprise network)


TCP\22

 

14. Application Programming Interface
The Application Programming Interface (API) allows control of AT&T unified communications system applications. Some of the APIs are used by endpoints and therefore included in the corresponding tables.

 

All .com domains resolve to the 66.81.240.0/20 supernet. All .biz domains resolve to the 80.81.128.0/20 supernet.

 

Table 14.1 – Application Programming Interface
Purpose Application protocol Domain name/IP address Destination ports
Discovery service API HTTPS discovery.ringcentral.biz TCP\443
Connect platform API HTTPS api.ringcentral.biz TCP\443
SMS communication HTTPS platform.ringcentral.biz TCP\443

Platform API for media services

(for transferring media files: voice recordings, faxes, transcriptions, profile and contact information)

HTTPS media.ringcentral.biz v
Softphone app HTTPS api-sp.ringcentral.biz TCP\443
Softphone app (legacy, to be decommissioned) NA NA NA
Mobile app HTTPS api-mob.ringcentral.biz TCP\443
RC Meeting/RC Rooms app HTTPS api-rcapps.ringcentral.biz TCP\443
Communication integration services HTTPS api-rcapps.ringcentral.biz TCP\443
AT&T app – web and desktop HTTPS api-rcapps.ringcentral.biz TCP\443
AT&T app – mobile HTTPS api-rcapps.ringcentral.biz TCP\443
AT&T Video app – web and desktop HTTPS api-rcapps.ringcentral.biz TCP\443

 

15. SIP trunks

 

Table 15.1 – SIP trunks
Purpose Application protocol IP address Destination ports
Media


Signaling

RTP


SIP

Public IP addresses to be provided by AT&T during project definition

UDP\1024-65535


UDP\5060

TCP\5061-5065

 

16. Communication integration services
Enterprises can use integration services to develop soft-endpoint communication clients.

Table 16.1 summarizes the programmatic communication integration services that allow enterprises to build their own soft endpoint clients.

Note:

  • You only need to whitelist the set of services that you use. For example, if you don’t use integration services, you need not whitelist that domain.
  • You must whitelist the Integration service API, the foundation API on which all communication integration services rely.
  • You must whitelist the endpoint registration service, which registers all integration service (WebRTC) endpoints with the AT&T Cloud Communication Service.
  • The RCV scheduling service is used for creating and managing RCV meetings.
  • The Microsoft Teams and Slack integration services integrate applications into Teams and Slack, respectively.
  • The platform APIs can be used to develop stand-alone applications (such as an outbound dialer), or applications embedded into existing business applications.
  • You should whitelist the stand-alone platform API and Embeddable platform API only if you implement applications based on these APIs.

 

Table 16.1 – Communication integration services
Purpose Application protocol Domain name/IP addresses Destination ports
Integration service API HTTPS api-rcapps.ringcentral.biz TCP\443
Endpoint registration service HTTPS sip*.ringcentral.biz TCP\8083
Video scheduling service HTTPS api-meet.ringcentral.biz TCP\443
Microsoft Teams integration service HTTPS teams.ringcentral.biz TCP\443
Slack integration service HTTPS slack.ringcentral.biz TCP\443
Stand-alone platform API HTTPS platform.ringcentral.biz TCP\443
Embeddable platform API HTTPS platform.ringcentral.biz TCP\443

 

17. AT&T cloud IP addresses for on-premises Microsoft Exchange server

Enterprises may connect their on-premises Microsoft Exchange server to the AT&T cloud to synchronize contacts with AT&T apps. To do so, the enterprise firewall must whitelist AT&T cloud IP addresses according to Table 17.1.

 

Table 17.1 AT&T cloud IP addresses for on-premisis Microsoft Exchange Server
Region Domain name/IP address
North America

3.223.170.110

54.147.91.15

3.211.163.136

Europe

18.196.95.223

3.122.161.21

3.122.122.53

BIZ

54.205.95.23

54.165.132.103

34.234.133.3

 

18. Domain Name Service (DNS)
To function properly, all endpoints and services require access to a public DNS. Endpoints rely on a DNS service to resolve the provisioning service domain name (e.g., pp.ringcentral.com).

If you use a private DNS, it must perform forward lookups to an internet-based DNS.

 

19. Network Address Translation (NAT)
Network Address Translation/Port Address Translation functionality (generically referred to as NAT) is applied at the border between two networks to translate between address spaces, or to prevent the collision of IP address spaces.

You must configure a minimum NAT timeout to ensure the proper operation of hardphones:

  • Cisco phones send a follow-up REGISTER refresh message every four minutes.
  • Poly phones re-register every five minutes. For these phones, you must set the NAT entry expiration timeout to more than five minutes.

 

20. Security software
You may need to configure your cloud-based security software (network firewalls and web proxies) to whitelist the domains listed in the tables in this document.

 

21. Quality of Service guidelines
You must follow the Quality of Service guidelines to ensure the proper prioritization of your traffic. Otherwise, either or both parties may experience intermittent issues with call control or media quality.

 

22. VLAN configuration guidelines
Follow the VLAN configuration guidelines to ensure that your VLANs are properly configured for hardphones. Review section 9: AT&T Phones.