RingCentral Composite Application Signatures

  All connections are initiated from customer endpoint TO RingCentral.   Please note: SIP ALG must be DISABLED in all cases.   Definition of Address List RC-ALLNETS:   80.81.128.0/20,103.44.68.0/22,104.245.56.0/21,185.23.248.0/22,192.209.24.0/21,199.255.120.0/22,199.68.212.0/22,208.87.40.0/22   80.81.128.0 255.255.240.0    (/20) 103.44.68.0 255.255.252.0    (/22) 104.245.56.0 255.255.248.0   (/21) 185.23.248.0 255.255.252.0   (/22) 192.209.24.0 255.255.248.0   (/21) 199.68.212.0 255.255.252.0   (/22) 199.255.120.0 255.255.252.0  (/22) 208.87.40.0 255.255.252.0    (/22) The following rulesets are combined from all RingCentral applications and simplified to the most compact form.   Rules for traffic from endpoint to RingCentral evaluated in this order, exit on first match:   Real-time Audio Traffic ! Audio Real-time Traffic If (Destination RC-ALLNETS and     (Match (DSCP in (EF, CS5) or DestPort in (UDP\20000-64999, UDP\8803))) Then (Remark as DSCP EF) Real-time Video Traffic ! Video Real-time Traffic & Collaboration If (Destination RC-ALLNETS and (Match (DSCP in (AF41 or CS4) or DestPort in (UDP\10000-19999, UDP\8810-8829, UDP\8801-8802, TCP\8801-8802, TCP\5060-5061, TCP\3000-4000, UDP\3478-3479, UDP\8801-8810, UDP\3000-4000, UDP\5060, TCP\1720, UDP\9000-10000))) Then (Remark as DSCP AF41) ! PtP Video Links If (Destination ANY and Match DestPort in (UDP\8850-8869)) Then (Remark as DSCP AF41) Signaling Traffic ! SIP/WebRTC Signaling If (Destination RC-ALLNETS and     (Match (DSCP in (AF31, CS3) or      DestPort in (TCP\5090-5099, UDP\5090-5099, TCP\8083))) Then (Remark as DSCP AF31) Directory Traffic If (Destination ANY and Match DestPort in (TCP\636, TCP\3269)) Then (Remark as DSCP AF21)   Presence Traffic If ((Destination in (*.pubnub.com,*.pubnub.net,*.pndsn.com) and Match DestPort in (443,80)) or (Destination ANY and Match DestPort in (TCP\6182))) Then (Remark as DSCP AF21) Provisioning Traffic (Omit unless you specifically need to identity/allow) If (Destination in (104.245.57.85,104.245.57.60,104.245.57.61, 199.255.120.234,199.255.120.237,199.255.120.239) and Match DestPort == 443) Then (Remark as DSCP AF21) Other RingCentral Traffic If (Destination RC-ALLNETS) Then (Remark as DSCP AF21)         Rules for traffic from RingCentral to endpoint evaluated in this order, exit on first match: (Only needed if device is not session based and does not automatically treat return traffic identically to outbound traffic. Routers and L3 switches will need this unless they have a session based Firewall which has been implemented. Most firewalls do not need it.) Real-time Audio Traffic ! Audio Real-time Traffic If (Source RC-ALLNETS and Match SrcPort in (UDP\20000-64999, UDP\8803)) Then (Remark as DSCP EF) Real-time Video Traffic ! Video Real-time Traffic & Collaboration If (Source RC-ALLNETS and Match SrcPort in (UDP\10000-19999, UDP\8810-8829, UDP\8801-8802, TCP\8801-8802, TCP\5060-5061, TCP\3000-4000, UDP\3478-3479, UDP\8801-8810, UDP\3000-4000, UDP\5060, TCP\1720, UDP\9000-10000)) Then (Remark as DSCP AF41) ! PtP Video Links If (Source ANY and SrcPort in (UDP\8850-8869)) Then (Remark as DSCP AF41) Signaling Traffic ! SIP/WebRTC Signaling If (Source RC-ALLNETS and     Match SrcPort in (TCP\5090-5099, UDP\5090-5099, TCP\8083)) Then (Remark as DSCP AF31) Directory Traffic If (Source ANY and Match SrcPort in (TCP\636, TCP\3269)) Then (Remark as DSCP AF21)   Presence Traffic If ((Source in (*.pubnub.com,*.pubnub.net,*.pndsn.com) and Match SrcPort in (443,80)) or (Source ANY and Match SrcPort in (TCP\6182))) Then (Remark as DSCP AF21) Provisioning Traffic (Omit unless you specifically need to identity/allow) If (Source in (104.245.57.85,104.245.57.60,104.245.57.61, 199.255.120.234,199.255.120.237,199.255.120.239) and Match SrcPort == 443) Then (Remark as DSCP AF21) Other RingCentral Traffic If (Source RC-ALLNETS) Then (Remark as DSCP AF21)