Alignment of firewall addresses on the Pexip Service

Please note that the firewall changes described below, that were announced in December 2020, have now been implemented August 2021.

This article describes changes to the firewall policy on the Pexip Service that were scheduled to come into effect from July 2021, and notification of the deprecation of previous policy addresses. It has also been updated to include the addition of a new address range of 185.124.96.0/22 that was announced in August 2021.

The purpose of these changes is to align the range of addresses used by the service network (which is used to provision and service your video units and apps) with the calling network.

To view all of the new and current rules, see https://pexip.me/test/firewall.

New service network addresses for registered video conferencing hardware (effective July 2021)

On the service network we currently require you to open traffic to TCP 389/443 at 46.137.184.162 for provisioning and phonebook services.

  • From 1 July 2021 the service network will start using the same standard range of addresses (as listed below) that are already in use by the calling network.
  • Some time soon after 1 July 2021 the service network will stop using 46.137.184.162.

To prepare for this switchover please ensure that your firewall policy has the following rules in place by 1 July 2021:

Required Region Network Netmask Transport Ports Rule
New standard range of addresses to be used on the service network — must be in place by 1 July 2021
 
Mandatory
(for all customers)		 Global
(for all 5 segments)		 176.121.88.0 255.255.248.0 (/21) TCP 389, 443 Outgoing, established
91.240.204.0 255.255.252.0 (/22) TCP 389, 443 Outgoing, established
91.240.195.0 255.255.255.0 (/24) TCP 389, 443 Outgoing, established
185.94.240.0 255.255.252.0 (/22) TCP 389, 443 Outgoing, established
185.124.96.0
(new range announced in August 2021)		 255.255.252.0 (/22) TCP 389, 443 Outgoing, established
Required for region Southern Africa 196.34.160.224 255.255.255.224 (/27) TCP 389, 443 Outgoing, established
Existing rule — still required until the end of the transition period (some time after July 2021)
Mandatory
(for all customers)		 Global
(for all 5 segments)		 46.137.184.162 255.255.255.255 (/32) TCP 389, 443 Outgoing, established

Note that in your existing firewall rules you may already have enabled the standard addresses for the service network, as they are the same as those used by the service on its calling network.

The timetable for the switchover is shown in the following diagram:

The Pexip Service continues to mandate access to 46.137.184.162 until 1 July 2021, at which point the service network will switch over to the new addresses. We recommend that you check your existing firewall policies to ensure that the addresses and ports listed above are allowed, so that you are ready for the switchover. These firewall rules for the service network must be in place by 1 July 2021.

Other changes

The requirement for the SNMP Traps service (UDP 162) has been removed.