Traffic White-list
Service providers may choose either Option 1 or Option 2 configurations below.
Option 1. FQDN White-listing
Where it is possible to white-list Fully Qualified Domain Names (FQDN), all of the below three domains need to be allowed for platform communication and automation functions to work:
FQDN | Protocol | Ports |
*.frontm.ai | TCP | 443 |
*.frontm.com | TCP | 443 |
onship.app | TCP | 443 |
stn-live.akamaized.net | TCP | 443 |
Some routers might not be fully compatible with wildcard subdomain whitelisting and not all subdomains would be allowed. If this is the case, please whitelist the following subdomains:
- Instead of *.frontm.ai: Whitelist frontm.ai, gw.frontm.ai, loft.frontm.ai, telemed.frontm.ai, stn-live.akamaized.net and pstn-prod.frontm.ai.
- Instead of *.frontm.com: Whitelist app.frontm.com
Option 2. IP-Address and Ports White-listing
For those who cannot white list FQDN, below are the IP addresses and ports used by FrontM communications platforms to white-list.
IP Addresses | Protocol | Ports |
18.207.34.30 (frontm.ai) 34.236.247.246 (frontm.ai) 54.163.147.210 (frontm.ai) 44.208.62.62 (Gateways) 52.4.4.61 (Gateways) 54.235.123.27 (Gateways) |
TCP | 443 |
35.173.108.83 (resources) 3.227.118.201 (resources) |
TCP | 443 |
3.215.234.16 (onship.app) 184.73.245.130 (onship.app) |
TCP | 4443 and 443 |
35.169.158.147 (video conferencing) |
TCP | 443 and 5349 |
35.169.158.147 (video conferencing) |
UDP | 10000 and 3478 |
34.194.175.207(Telemedicine) |
TCP | 443 and 5349 |
34.194.175.207(Telemedicine) 54.144.222.172 (Telemedicine) |
UDP |
10000 and 3478 |
3.225.201.214 (PSTN calls)
|
TCP | 5060, 7089 and 8089 |
3.225.201.214 (PSTN calls) | UDP |
5060, 6000 to 20000 |
34.231.233.168 (Network transversal Service) | TCP |
443, 3478, 5349 |
34.231.233.168 (Network transversal Service) | UDP |
3478 |
stn-live.akamaized.net (Multiplex) | TCP |
443 |
In order to receive push notifications on closed networks, the following IPs and ports need to be opened for INCOMING traffic:
System | IP Addresses | Ports |
Apple | 17.249.0.0/16 17.252.0.0/16 17.57.144.0/22 17.188.128.0/18 17.188.20.0/23 |
5223, 443 and 2197 |
No IP restrictions since Google changes them very often | 5228, 5229,5230 and 443 |
Cookies
To fully utilize FrontM web applications, such as onship, it's essential to enable third-party cookies in your web browser settings. This is because FrontM employs multiple domains to segregate and execute diverse functions. Please note, despite our use of third-party cookies, we strictly avoid incorporating third-party trackers in our infrastructure for privacy reasons.
Digital Certificates
FrontM relies on certificates issued by Sectigo to ensure secure interactions. If your IT policies require specific whitelisting of individual certificates, we kindly ask that you include the following URLs associated with our certificates in your whitelist:
*.sectigo.com
*.comodoca.com
*.usertrust.com
By doing so, you will ensure seamless operation and security compliance with FrontM's services
Testing The Configuration
To verify if you have access to FrontM from your network follow the below steps
- Launch the below URL from a browser on a computer connected to the network on the remote site: https://onship.app/status
- Click on the “Run all tests” button
For any additional support, please do not hesitate to write to support@frontm.com for assistance.
Thank you for referring to the FrontM documentation.
Comments
0 comments
Please sign in to leave a comment.