The Cyara product comprises 3 main components: Web and UI, Voice, and Omni Channel. Components interact with each other using Universal Message Bus, which means that all the Cyara components must have access to the Universal Message Bus.
Preface
This article provides general recommendations on how to configure firewall rules for Cyara applications. The tables in the following sections follow the most common firewall rules structure: source host, destination host, and destination port.
These tables were created keeping the following in mind:
- TCP connections are bidirectional;
- TCP connections rules define only Client-Server direction;
- Please make sure that firewall doesn't restrict connections from server to its clients;
- Cyara DFT protocol is built on top of HTTP protocol which uses TCP for transport, and, therefore, is bidirectional.
We will keep this article updated with changes in the latest Cyara releases. If you find that information is missing or is incorrect, please contact us at https://support.cyara.com or send us a message on support@cyara.com.
Cyara Web/Core Components
Cyara Web Components include Web Portal, authentication services, and reporting engine.
Cyara Web/Core Components require the following ports to be vacant on the target OS for normal operation:
- Cyara Web Portal: 80/443 HTTP(s)/TCP, 9006 TCP
- Message Bus: 5672 TCP
- MSSQL: 1433 TCP **
The table below defines which ports need to be whitelisted on the firewall:
Component |
From Host |
To Host |
To Port |
Protocol |
Cyara Web Portal |
Cyara Web Portal Server |
Cyara Storage Server |
9001 |
HTTP/DFT |
Cyara Web Portal |
Cyara Storage Server |
Cyara Web Portal Server |
9006 |
HTTP/DFT |
Cyara Web Portal |
Cyara Web Portal Server |
Message Bus |
5672 |
TCP |
Cyara Web Portal |
Cyara Web Portal Server |
Cyara Voice Scheduler Server |
8001 |
TCP |
Cyara Web Portal |
Cyara Web Portal Servers |
Cyara Call Engine Servers |
9005 |
HTTP/DFT |
Cyara Web Portal |
Cyara Web Portal Server |
MSSQL |
1433** |
TCP |
Cyara Dashboard Feed |
Cyara Dashboard Feed Server |
Message Bus |
5672 |
TCP |
Cyara Dashboard Feed |
Cyara Dashboard Feed Server |
MSSQL |
1433 |
TCP |
Cyara Dashboard Notification |
Cyara Dashboard Notification Server |
Message Bus |
5672 |
TCP |
Cyara Dashboard Notification |
Cyara Dashboard Notification Server |
MSSQL |
1433 |
TCP |
** MSSQL Server port may be different, and depends on local database configuration.
Cyara Voice Components
Cyara Voice components include call generations software, speech recognition, voice quality measurement, and text to speech components.
Cyara Voice Components require the following ports to be vacant on the target OS for normal operation:
- Voice Scheduler: 8001 TCP
- Call Engine: 9005 TCP, 5060 TCP/UDP, 30000-65535*** UDP
- Storage: 9001 TCP
The table below defines which ports need to be whitelisted on the firewall:
Component |
From Host |
To Host |
To Port |
Protocol |
Cyara Voice Scheduler |
Cyara Voice Scheduler |
MSSQL |
1433** |
TCP |
Cyara Voice Scheduler |
Cyara Voice Scheduler |
Message Bus |
5672 |
TCP |
Cyara Call Engine |
Cyara Call Engine Server |
Cyara Voice Scheduler Server |
8001 |
TCP |
Cyara Call Engine |
Cyara Call Engine Server |
Message Bus |
5672 |
TCP |
Cyara Call Engine |
Cyara Call Engine Server |
Cyara Storage Server |
9001 |
HTTP/DFT |
Cyara Call Engine |
Cyara Call Engine Server |
SIP or Media Gateway |
5060,30000-65535*** |
TCP,UDP |
Cyara Call Engine |
Cyara Call Engine Server |
Cyara Web Server |
80/443 |
HTTP/HTTPS |
Cyara ASR |
Cyara ASR Server |
Message Bus |
5672 |
TCP |
Cyara ASR |
Cyara ASR Server |
Cyara Call Engine Servers |
9005 |
HTTP/DFT |
Cyara ASR |
Cyara ASR Server |
Nuance License Server |
27000,27001****,40000-65535 |
TCP |
Cyara TTS |
Cyara TTS Server |
Cyara Call Engine Servers |
9005 |
HTTP/DFT |
Cyara TTS |
Cyara TTS Server |
Nuance License Server |
27000,27001**,40000-65535 |
TCP |
Cyara TTS |
Cyara TTS Server |
Message Bus |
5672 |
TCP |
Cyara Voice Quality |
Cyara Voice Quality Server |
Cyara Call Engine Servers |
9005 |
HTTP/DFT |
Cyara Voice Quality |
Cyara Voice Quality Server |
Message Bus |
5672 |
TCP |
Cyara Voice Quality |
Cyara Voice Quality Server |
Cyara Web Server |
443/80 |
HTTPS/HTTP |
Cyara Storage Service |
Cyara Storage Server |
Message Bus |
5672 |
TCP |
Cyara Storage Service | Cyara Storage Server | Cyara Call Engine Servers | 9005 | HTTP/DFT |
Cyara Storage Service | Cyara Storage Server | MSSQL | 1433** | TCP |
Cyara Voice Gateway |
Cyara Voice Gateway |
Avaya CM |
1718/UDP, 1719/UDP,1720TCP,30000-65535*** RTP |
TCP/UDP |
Cyara Voice Gateway |
Avaya CM |
Cyara Voice Gateway |
1718/UDP, 1719/UDP,1720TCP,30000-65535*** RTP |
TCP/UDP |
Cyara Voice Gateway |
Cyara Voice Gateway | Cyara Call Engine |
5060***** |
TCP/UDP |
Cyara Voice Gateway |
Cyara Call Engine Server |
Cyara Voice Gateway |
5060***** |
TCP/UDP |
Cyara Voice Gateway | Cyara Call Engine Server | Cyara Voice Gateway | 5060 TCP/UDP, 30000-65535*** UDP |
TCP/UDP |
** MSSQL Server port may be different, and depends on local database configuration.
*** Here we list a standard SIP port and RTP port range. It may vary and depends on local configuration and security requirements.
**** License port depends on the license file configuration.
***** Only needed if Voice Gateway and Call Engine are installed on separate servers
Cyara Omni Channel
Cyara Omni Channel components include CTI integration software, Web Chat components, and email.
The table below defines which ports need to be whitelisted on the firewall:
Component |
From Host |
To Host |
To Port |
Protocol |
Cyara Omni Scheduler |
Cyara Omni Scheduler Server |
MSSQL |
1433 |
TCP |
Cyara Omni Scheduler |
Cyara Omni Scheduler Server |
Message Bus |
5672 |
TCP |
Cyara Virtual Agent |
Cyara Virtual Agent Server |
Message Bus |
5672 |
TCP |
Cyara Virtual Agent |
Cyara Virtual Agent Server |
Genesys CTI TServer |
7001***** |
TCP |
Cyara Virtual Agent (Chat) |
Cyara Virtual Agent Server |
Genesys IXN TServer |
7002***** |
TCP |
Cyara Virtual Agent (Chat) |
Cyara Virtual Agent Server |
Genesys Chat TServer |
7003***** |
TCP |
Cyara Virtual Agent |
Cyara Virtual Agent Server |
Avaya AES Server |
450 |
TSAPI/TCP |
Cyara Virtual Agent |
Cyara Virtual Agent Server |
Cisco CTIOS |
42027 |
TCP |
Cyara Virtual Agent |
Cyara Virtual Agent Server |
5222,5223,42027,43027 |
TCP |
|
Cyara Virtual Agent |
Storage Service, Web Portal Server (for live agents monitoring) |
Cyara Virtual Agent |
9014 |
HTTP/TCP |
Cyara Chat Coordinator |
Cyara Chat Coordinator Server |
Web Servers |
80, 443 |
TCP |
Cyara Chat Coordinator |
Cyara Chat Coordinator Server |
Message Bus |
5672 |
TCP |
Cyara Email Coordinator |
Cyara Email Coordinator Server |
Message Bus |
5672 |
TCP |
Cyara Email Coordinator |
Cyara Email Coordinator Server |
Mail Server |
25, 143, 993 |
TCP |
Cyara Virtual Agent |
CVA server |
Cyara portal |
443 |
HTTP/HTTPS |
Cisco call Manager |
Cyara Call Engine (Endpoint CE Server/Outbound CE) Server |
Cisco Call Manager (Primary/Backup) |
5060 |
TCP,UDP |
***** Genesys Server ports depend on the local Genesys configuration. Check with your Genesys administrators for the correct ports.
Comments
1 comment
Hi Cyara Team,
Can you please update this document to reflect the latest version and keep it in sync with Cyara's latest releases.
Please sign in to leave a comment.