Allowlist Domains #
Allow Outbound Traffic #
You must add the following domains to your allowlist for outbound traffic. These domains are also found on the spreadsheet attached to this article and summarized in the tables below. There is no additional action needed if you do not restrict outbound traffic.
Gladly Basics #
| Destination | Destination Port(s)/Protocol(s) | Transmission (https, etc.) | Transmission TLS 1.2 or Greater (no SSL or early TLS) | Public Certificate (Identify Issuer) | Business Justification | Notes |
| *.gladly.com | 443/TCP | https | Yes | DigiCert SHA2 Secure Server CA | Gladly web application | Gladly won’t work without this. |
| *.gladly.qa | 443/TCP | https | Yes | DigiCert SHA2 Secure Server CA | Gladly sandbox | Gladly QA won’t work without this. |
| app.getsentry.com | 443/TCP | https | Yes | DigiCert SHA2 Secure Server CA | Error reporting and issue debugging | Critically important for product development. We use this to alert us on unexpected errors within the application, which we use to fix and improve the product. The app will continue to work without this, but it’s recommended that it be allowed. |
| cdn.gladly.com | 443/TCP | https | Yes | Amazon | Gladly resources | Gladly won’t work without this. |
| cdn.gladly.qa | 443/TCP | https | Yes | Amazon | Gladly resources for sandbox environment | Gladly QA won’t work without this. |
| *.amazonaws.com | 443/TCP | https | Yes | DigiCert Baltimore CA-2 G2 | Attachments/voice recordings | Gladly Production and QA won’t work without this. |
| fonts.googleapis.com | 443/TCP | https | Yes | Google Internet Authority | Fonts used in Gladly | Gladly UI won’t display as intended without this. |
Gladly Glad App #
Add the IP addresses below to your allowlist to use Glad App.
Gladly Sidekick #
Add the IP addresses below to your allowlist to use Gladly Sidekick.
Gladly Voice #
You will need to allow the Basic components below and region-specific IP addresses.
For all clients in North America, {region} corresponds to us1. Please work with your implementations team if you are unsure what region you fall under.
Basic Allowlist #
| Component | Address | Server-side port used | Protocol |
| Signaling – GLL (Global Low Latency) | chunderw-gll.twilio.com chunderw-vpc-gll.twilio.com | 443 | TCP |
| Signaling – Regional | chunderw-vpc-gll{region}.twilio.com (Regions: au1, br1, de1, ie1, jp1, sg1, us1) | 443 | TCP |
| RTP | Static IP Range* | 10,000 – 20,000, 3478 | UDP |
| Insights | eventgw.twilio.com | 443 | TCP |
| Voice Public Media* | 168.86.128.0/18 | 10000 – 60000 | UDP |
Region Specific IP Addresses #
Please review Voice Media Servers Connectivity Requirements to review IPs to allowlist.
- Note – We suggest allowing all the IPs listed in Voice Media Servers Connectivity Requirements unless you decide to pin calls to a given region.
Other
If your router includes SIP Application Level Gateway (ALG) function or Stateful Packet Inspection (SPI), disable both these functions.
User Analytics #
| Destination (IP or hostname) | Destination Port(s)/Protocol(s) | Transmission (https, etc.) | Transmission TLS 1.2 or Greater (No SSL or early TLS) | Public Certificate (Identify Issuer) | Business Justification | Notes |
| cdn.segment.com, api.segment.io | 443/TCP | https | Yes | DigiCert SHA2 Secure Server CA | User analytics | Used for product analytics. It acts as a single interface for product errors. With other analytics destinations allowed, it helps us understand how customers are using Gladly and we can improve. Necessary for analytics; however, it is useless by itself. |
| google-analytics.com | 443/TCP | https | Yes | Google Internet Authority G3 | User analytics | Used for product analytics to understand where people spend time Gladly and how any are using it. Coarse grained metrics. Lower priority on being included. Requires segment as well. |
| api.amplitude.com | 443/TCP | https | Yes | COMODO RSA Domain Validation Securt Server CA | User analytics, issue debugging | Used for product analytics to understand where people spend time in Gladly, how many people are using it, and the workflows they take. Medium-high importance for improving the product, ut the product will continue to work without this. Requires segment as well. |
| fullstory.com, rs.fullstory.com | 443/TCP | https | Yes | RapidSSL SHA256 CA | User analytics, issue debugging | Allows us to replay user sessions with proper redaction. We use this to replay bugs, allowing us to replicate them more easily. Highly important for improving the product, but the product will continue to work without this. Requires a segment as well. |
| gladly-staging.sinter-collect.com, gladly-production.sinter-collect.com | 443/TCP | https | Yes | Amazon SHA 256 with RSA Encryption | User analytics | Same as api.amplitude.com |
Check Firewall #
After completing the above requirements, we recommend checking your firewall against a tool. To check your overall firewall and port configuration, we recommend:
- http://www.netscan.co/ for a general scan
- https://pentest-tools.com/discovery-probing/udp-port-scanner-online-nmap for a UDP port scan
- http://netalyzr.icsi.berkeley.edu/ for a much more detailed network scan, including testing for buffer bloat.
Allow Inbound Traffic #
Integrations #
Allow traffic from the addresses below for Lookup API requests and webhooks.
Production
34.201.115.230 (added in 2021)
34.224.73.189 (added in 2021)
34.226.104.158 (added in 2021)
52.44.26.29 (added in 2021)
Sandbox (if you have access to one)
34.226.187.43 (added in 2021)
34.227.54.194 (added in 2021)
34.207.12.67 (added in 2021)
34.225.229.172 (added in 2021)
Allow Email From #
We send emails from three dedicated IP addresses listed below. In case you filter on sender IP addresses, you will need to allow emails from your domain to be received from these IP addresses:
- 143.55.235.42
- 192.237.158.181
- 198.244.49.44
Allow emails from @gladly.com domain, and we suggest allowing the email addresses listed below:
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
Verify Bandwidth #
If you are using Gladly Voice over the web, you must have at least 100 kb/s per online voice Agent at any given time. For example, if you have 25 online voice Agents, you must have 2500 kb/s. See our infrastructure requirements for more information.
Network Testing #
At the beginning of your implementation, we will ask you to test your network under the following scenarios to verify you are set up as needed:
- Timing: Daily, for one week, at the beginning, middle, and end of your customer support hours.
- Hardware: Must be tested using a customer support agent’s actual machine and setup (e.g., plugged into ethernet).
- Network: Must be tested on the same network that agents use for their work.
To test your network, follow this link: https://networktest.twilio.com/. We are looking for you to pass only the following tests:
- UDP: Makes sure you can communicate voice packets over the internet
- TURN TCP: Allows Gladly voice to communicate back-and-forth with you over webRTC
- TURN UDP: Allows Gladly voice to communicate back-and-forth with you over webRTC
- Bandwidth: Tests how much available bandwidth there is for webRTC communication
- Test Call: Tests that you can do a test call with the Gladly Voice provider
Upon completion of each test run:
- Take a screenshot of your output.
- Send it to your implementation team.
