Cyara Comprehensive Network and Firewall Advisory

The Cyara product comprises 3 main components: Web and UI, Voice, and Omni Channel. Components interact with each other using Universal Message Bus, which means that all the Cyara components must have access to the Universal Message Bus.

Preface

This article provides general recommendations on how to configure firewall rules for Cyara applications. The tables in the following sections follow the most common firewall rules structure: source host, destination host, and destination port.

These tables were created keeping the following in mind:

  1. TCP connections are bidirectional;
  2. TCP connections rules define only Client-Server direction;
  3. Please make sure that firewall doesn't restrict connections from server to its clients;
  4. Cyara DFT protocol is built on top of HTTP protocol which uses TCP for transport, and, therefore, is bidirectional.

We will keep this article updated with changes in the latest Cyara releases. If you find that information is missing or is incorrect, please contact us at https://support.cyara.com or send us a message on support@cyara.com.

Cyara Web/Core Components

Cyara Web Components include Web Portal, authentication services, and reporting engine.  

Cyara Web/Core Components require the following ports to be vacant on the target OS for normal operation:

  • Cyara Web Portal: 80/443 HTTP(s)/TCP, 9006 TCP
  • Message Bus: 5672 TCP
  • MSSQL: 1433 TCP **

The table below defines which ports need to be whitelisted on the firewall:

Component

From Host

To Host

To Port

Protocol

Cyara Web Portal

Cyara Web Portal Server

Cyara Storage Server

9001

HTTP/DFT

Cyara Web Portal

Cyara Storage Server

Cyara Web Portal Server

9006

HTTP/DFT

Cyara Web Portal

Cyara Web Portal Server

Message Bus

5672

TCP

Cyara Web Portal

Cyara Web Portal Server

Cyara Voice Scheduler Server

8001

TCP

Cyara Web Portal

Cyara Web Portal Servers

Cyara Call Engine Servers

9005

HTTP/DFT

Cyara Web Portal

Cyara Web Portal Server

MSSQL

1433**

TCP

Cyara Dashboard Feed

Cyara Dashboard Feed Server

Message Bus

5672

TCP

Cyara Dashboard Feed

Cyara Dashboard Feed Server

MSSQL

1433

TCP

Cyara Dashboard Notification

Cyara Dashboard Notification Server

Message Bus

5672

TCP

Cyara Dashboard Notification

Cyara Dashboard Notification Server

MSSQL

1433

TCP

** MSSQL Server port may be different, and depends on local database configuration.

Cyara Voice Components

Cyara Voice components include call generations software, speech recognition, voice quality measurement, and text to speech components.

Cyara Voice Components require the following ports to be vacant on the target OS for normal operation:

  • Voice Scheduler: 8001 TCP
  • Call Engine: 9005 TCP, 5060 TCP/UDP, 30000-65535*** UDP
  • Storage: 9001 TCP

The table below defines which ports need to be whitelisted on the firewall:

Component

From Host

To Host

To Port

Protocol

Cyara Voice Scheduler

Cyara Voice Scheduler

MSSQL

1433**

TCP

Cyara Voice Scheduler

Cyara Voice Scheduler

Message Bus

5672

TCP

Cyara Call Engine

Cyara Call Engine Server

Cyara Voice Scheduler Server

8001

TCP

Cyara Call Engine

Cyara Call Engine Server

Message Bus

5672

TCP

Cyara Call Engine

Cyara Call Engine Server

Cyara Storage Server

9001

HTTP/DFT

Cyara Call Engine

Cyara Call Engine Server

SIP or Media Gateway

5060,30000-65535***

TCP,UDP

Cyara Call Engine

Cyara Call Engine Server

Cyara Web Server

80/443

HTTP/HTTPS

Cyara ASR

Cyara ASR Server

Message Bus

5672

TCP

Cyara ASR

Cyara ASR Server

Cyara Call Engine Servers

9005

HTTP/DFT

Cyara ASR

Cyara ASR Server

Nuance License Server

27000,27001****,40000-65535

TCP

Cyara TTS

Cyara TTS Server

Cyara Call Engine Servers

9005

HTTP/DFT

Cyara TTS

Cyara TTS Server

Nuance License Server

27000,27001**,40000-65535

TCP

Cyara TTS

Cyara TTS Server

Message Bus

5672

TCP

Cyara Voice Quality

Cyara Voice Quality Server

Cyara Call Engine Servers

9005

HTTP/DFT

Cyara Voice Quality

Cyara Voice Quality Server

Message Bus

5672

TCP

Cyara Voice Quality

Cyara Voice Quality Server

Cyara Web Server

443/80

HTTPS/HTTP

Cyara Storage Service

Cyara Storage Server

Message Bus

5672

TCP

Cyara Storage Service Cyara Storage Server Cyara Call Engine Servers 9005 HTTP/DFT
Cyara Storage Service Cyara Storage Server MSSQL 1433** TCP
Cyara Voice Gateway
Cyara Voice Gateway
Avaya CM
1718/UDP, 1719/UDP,1720TCP,30000-65535*** RTP
TCP/UDP
Cyara Voice Gateway

Avaya CM

Cyara Voice Gateway
1718/UDP, 1719/UDP,1720TCP,30000-65535*** RTP
TCP/UDP
Cyara Voice Gateway
Cyara Voice Gateway Cyara Call Engine
5060*****
TCP/UDP
Cyara Voice Gateway
Cyara Call Engine Server
Cyara Voice Gateway
5060*****

TCP/UDP

Cyara Voice Gateway Cyara Call Engine Server Cyara Voice Gateway 5060 TCP/UDP, 30000-65535*** UDP

TCP/UDP

 

** MSSQL Server port may be different, and depends on local database configuration.

*** Here we list a standard SIP port and RTP port range. It may vary and depends on local configuration and security requirements.

**** License port depends on the license file configuration.

***** Only needed if Voice Gateway and Call Engine are installed on separate servers

Cyara Omni Channel

Cyara Omni Channel components include CTI integration software, Web Chat components, and email.

The table below defines which ports need to be whitelisted on the firewall:

Component

From Host

To Host

To Port

Protocol

Cyara Omni Scheduler

Cyara Omni Scheduler Server

MSSQL

1433

TCP

Cyara Omni Scheduler

Cyara Omni Scheduler Server

Message Bus

5672

TCP

Cyara Virtual Agent

Cyara Virtual Agent Server

Message Bus

5672

TCP

Cyara Virtual Agent

Cyara Virtual Agent Server

Genesys CTI TServer

7001*****

TCP

Cyara Virtual Agent (Chat)

Cyara Virtual Agent Server

Genesys IXN TServer

7002*****

TCP

Cyara Virtual Agent (Chat)

Cyara Virtual Agent Server

Genesys Chat TServer

7003*****

TCP

Cyara Virtual Agent

Cyara Virtual Agent Server

Avaya AES Server

450

TSAPI/TCP

Cyara Virtual Agent

Cyara Virtual Agent Server

Cisco CTIOS

42027 

TCP

Cyara Virtual Agent

Cyara Virtual Agent Server

Cisco Finesse

5222,5223,42027,43027

TCP

Cyara Virtual Agent

Storage Service, Web Portal Server (for live agents monitoring)

Cyara Virtual Agent

                                   9014

HTTP/TCP

Cyara Chat Coordinator

Cyara Chat Coordinator Server

Web Servers

80, 443

TCP

Cyara Chat Coordinator

Cyara Chat Coordinator Server

Message Bus

5672

TCP

Cyara Email Coordinator

Cyara Email Coordinator Server

Message Bus

5672

TCP

Cyara Email Coordinator

Cyara Email Coordinator Server

Mail Server

25, 143, 993

TCP

Cyara Virtual Agent

CVA server

Cyara portal

443

HTTP/HTTPS

Cisco call Manager

Cyara Call Engine (Endpoint CE Server/Outbound CE) Server

Cisco Call Manager (Primary/Backup)

5060
30000-65535

TCP,UDP
RTP (Bidirectional)

***** Genesys Server ports depend on the local Genesys configuration. Check with your Genesys administrators for the correct ports.

Was this article helpful?

1 out of 2 found this helpful