Vocera Platform External IP Ports

Keep the following ports open for effective communications between the source and destination processes.

Firewall Requirements

The following table describes the firewall requirements which should be configured to successfully install, update, and support the Vocera Platform and its operating system.

Port Protocol Source Destination Notes
22 TCP Vocera Platform gw.tools.vocera.io
  • Remote Support and Proactive Monitoring
  • Establish SSH tunnel via port 22 to pass the traffic
  • The Destination IP addresses are: 34.198.242.61, 54.82.202.24, 52.2.127.189, 54.144.178.22
22 TCP Vocera Platform svc.ext-inc.com
  • Remote Support
  • Destination IP address is: 199.180.201.227
  • Connectivity to svc.ext-inc.com is required for Vocera Platform 6.6.0 and under. For Platform 6.6.1 and above, disregard this entry.
22 TCP Vocera Platform asl.vocera.com
  • Outbound communication with the destination server, asl.vocera.com, for sending logs
  • Destination IP address is 38.108.178.34
443 TCP Vocera Platform api.tools.vocera.io
  • Remote support
  • Establish control connection (WebSocket)
  • Upload and download files (HTTPs)
  • The destination IP addresses are: 52.223.19.172, 35.71.158.251, 15.197.145.129, 3.33.150.211
443 TCP Vocera Platform svc.ext-inc.com
  • Provisioning (licensing).
  • APNS certificate retrieval.
  • The destination IP address is 199.180.201.227
  • Connectivity to svc.ext-inc.com is required for Vocera Platform 6.6.0 and under. For Platform 6.6.1 and above, disregard this entry.
443 TCP Vocera Platform box.voceracommunications.com
  • Software Update.
  • Repository access for installing Redhat and Vocera software updates.
  • The Destination IP address is subject to change. Or for legacy installations, the destination is yum.ext-inc.com and the IP address is 38.99.68.43
443 TCP Vocera Platform portal.tools.vocera.io
  • Remote Support, Provisioning, and APNS Certificate retrieval
  • The destination IP addresses are: 75.2.62.171, 99.83.128.202, 75.2.104.130, 99.83.136.195

Optional External Ports

The following table lists optional external ports that may be needed depending on the configured software and desired functionality.

Port Protocol Source Destination Notes
123 UDP Vocera Platform NTP Server Ensure connection to the NTP server of the user's choice to mitigate time synchronization issues that could adversely impact time-sensitive functionality.
Note: The NTP server is listed as an optional external port for implementations where no internal NTP server is available.
443 TCP Vocera Platform APNS
  • XMPP feature.
  • The destination is api.push.apple.com Apple requests that firewalls allow all outbound connections in the subnet range of 17.0.0.0/8.
  • Send notifications for data and calls through the Apple Push Notification Service (APNS).
443 TCP Vocera Platform Google's ASN of 15169
  • XMPP feature.
  • Send notifications for data and calls through Firebase Cloud Messaging (FCM)

See Firebase firewall configuration

and AS15169 Google LLC.
443 TCP External browser access (all networks)

Customer-owned DMZ network appliance

Firewall pinhole-Vocera Platform

Port forwarder-Vocera Platform

  • When workflow page access for browsers outside the network is desired using a customer-owned network appliance in a DMZ, traffic from any address to the proxy on port 443 must be open.
  • Customer-owned DMZ network appliance is required for external Vocera Vina users
  • For more information, see Off-Premise Support for Vocera Vina in the Vocera Platform Administration Guide.
443 TCP Vocera Platform www.amion.com
  • Amion Adapter feature.
  • Download Amion schedule updates from the Amion cloud service.
443 TCP Vocera Platform api.qgenda.com
  • Qgenda Adapter feature.
  • Download Qgenda schedule updates from the Qgenda cloud service.
443 TCP Vocera Platform s3.suki.ai Enhanced Voice/Suki
5222 TCP Vina

Customer-owned DMZ network appliance

Firewall pinhole-Vocera Platform

Port forwarder-Vocera Platform

  • XMPP feature.
  • External XMPP traffic communicates with Vocera Platform through the customer-owned DMZ network appliance .
  • For more information, see Off-Premise Support for Vocera Vina in the Vocera Platform Administration Guide.
5223 TCP Vina (iOS only) APNS
  • XMPP feature.
  • The destination is api.push.apple.com. Apple requests that firewalls allow all outbound connections in the subnet range of 17.0.0.0/8.

    The APNS servers use load balancing, so your devices do not always connect to the same public IP address for notifications. It is best to let your device access these ports on the entire 17.0.0.0/8 address block assigned to Apple.

    If you can't allow access to the entire 17.0.0.0/8 address block refer to https://support.apple.com/en-us/HT203609

  • The installer can choose a different port when configuring the adapter.
  • Receive push notifications on iOS device. According to Apple, the iOS device is using Wi-Fi, port 5223 must be open outbound to the Wi-Fi.
5228, 5229, 5230 TCP Vina (Android only) Firebase, Google's ASN of 15169
  • XMPP feature.
  • Receive push notifications on Android device.
See Firebase firewall configuration and AS15169 Google LLC.