To ensure stable call quality and consistent application performance, Aircall requires specific ports, domains, and IP ranges to be allowlisted in your firewall, anti virus software, and any content filtering tools such as web proxies or IDS/IPS systems. Aircall applications initiate all traffic through outbound connections to the destinations listed below, and any related inbound traffic is permitted automatically once a session is established.

General configuration requirements

All Aircall applications rely on the following ports and domains. Make sure these are allowlisted in your environment.

Required ports (allow outbound traffic)

ProtocolPort or rangeFunction or notes
TCP443Secure signaling and API traffic over HTTPS
TCP3478, 5349, 10194Signaling and SIP sessions
UDP443, 3478Signaling and STUN traffic
UDP10000 to 60000RTP media traffic for voice

Required domains and URLs (allowlist)

Allowlist the following domains in your firewall, web proxy, and any content filters. The asterisk symbol covers all subdomains.

Domain or URLPurpose
*.aircall.ioPrimary Aircall services
*.twilio.comPrimary voice infrastructure provider
media.twiliocdn.comTwilio CDN
static.intercomcdn.comIntercom CDN for in app chat or support
*.intercom.ioIntercom service
ws.pusherapp.comReal time event communication
*.pusher.comReal time event communication
*.us-west-2.amazonaws.comVoicemails and recordings stored in AWS S3
*.eu-central-1.amazonaws.comVoicemails and recordings stored in AWS S3
*.ap-southeast-2.amazonaws.comVoicemails and recordings stored in AWS S3

Server specific IP addresses

Aircall infrastructure is hosted on AWS. While you may restrict traffic to specific IP addresses for tighter security, AWS ranges can change at any time. Relying on domain allowlisting is the most reliable option.

Important: AWS IP ranges change without prior notice. If you must use static IP ranges, consult the official Amazon Public IP Ranges documentation for the most current information.

Public IP addresses for Aircall integrations

Some network environments require IP allowlisting to allow external services to communicate with internal systems. If your organization restricts inbound traffic, you may allowlist the static public IPs used by Aircall integrations in the production environment.

Aircall integration public IPs (Production VPC)

44.239.147.27
54.200.88.37
44.237.249.17
52.40.81.129

Note: Allowlist these IPs only if your organization requires inbound traffic restrictions and uses Aircall integrations that must communicate with internal systems.

Worldwide media (RTP) and WebRTC (STUN) servers

These servers handle media streaming and NAT traversal for real time communication.

Media servers (RTP)

PurposeIP address or CIDRUDP portsTCP ports
Media Server (RTP)168.86.128.0/1810000 to 600005061 (mobile apps), 443
18.98.22.160/2710000 to 600005061, 443
18.97.39.0/2810000 to 600005061, 443
18.99.45.192/2710000 to 600005061, 443
18.98.197.224/2710000 to 600005061, 443
18.96.66.224/2810000 to 600005061, 443
18.96.42.96/2810000 to 600005061, 443
18.97.201.32/2810000 to 600005061, 443
18.98.67.32/2810000 to 600005061, 443
5.60.128.16/2810000 to 600005061, 443
15.197.181.910000 to 600005061, 443
35.71.143.17710000 to 600005061, 443

WebRTC servers (STUN)

PurposeIP address or CIDRUDP portsTCP ports
WebRTC Server (STUN)168.86.128.0/1810000 to 60000, 443, 3478443, 3478, 5349
18.98.22.160/27Same as aboveSame as above
18.97.39.0/28Same as aboveSame as above
18.99.45.192/27Same as aboveSame as above
18.98.197.224/27Same as aboveSame as above
18.96.66.224/28Same as aboveSame as above
18.96.42.96/28Same as aboveSame as above
18.97.201.32/28Same as aboveSame as above
18.98.67.32/28Same as aboveSame as above

Regional WebRTC TURN servers (Roaming feature)

These servers relay media when STUN is not possible. They are especially relevant when using the Roaming feature to connect to the closest available server. For more information, refer to Understanding Roaming feature.

Region (code)IP addressesUDP portsTCP or UDP ports
Texas (US2)18.88.10.37, 18.88.10.4110000 to 60000, 443, 3478443, 3478, 5349
South Africa (IE1)13.247.45.53, 13.244.44.255, 13.247.0.15110000 to 60000, 443, 3478443, 3478, 5349
Middle East (DE1)3.29.101.45, 51.112.137.60, 3.29.187.1510000 to 60000, 443, 3478443, 3478, 5349
India (SP1)3.111.134.78, 13.200.73.207, 52.66.31.6510000 to 60000, 443, 3478443, 3478, 5349
Paris (EU West 3)15.197.78.4, 166.117.135.18710000 to 60000, 443, 3478443, 3478, 5349
Oregon (US West 2)166.117.69.13, 166.117.132.17310000 to 60000, 443, 3478443, 3478, 5349
Sydney (AP Southeast 2)52.223.56.33, 99.83.147.15410000 to 60000, 443, 3478443, 3478, 5349
Singapore (AP Southeast 1)166.117.49.49, 166.117.226.17610000 to 60000, 443, 3478443, 3478, 5349

Critical call quality and troubleshooting

Adjusting UDP session timeout

VoIP traffic depends heavily on UDP. Since UDP does not use a handshake to close connections, firewalls may terminate an active call session too early. Increasing UDP session timeout helps prevent interruptions.

ACTION:
Increase UDP session timeout on your firewall or router. The recommended value is at least 90 seconds.
Tip: If possible, apply the extended timeout only to Aircall destinations to avoid unnecessary changes to unrelated traffic.

Gateway features that affect VoIP quality

Certain gateway features can disrupt real time media traffic and cause one way audio, choppy calls, or dropped connections. If you experience call quality issues, try disabling or bypassing the following features specifically for Aircall traffic:

  • Deep Packet Inspection or Stateful Packet Inspection
  • Intrusion Detection or Intrusion Prevention Systems
  • Web proxies or web filters
  • WAN optimization devices
  • Port filtering that exceeds the required ports listed above
  • Packet by packet load balancing across multiple ISPs since this can reorder RTP packets

Configuring your network according to these guidelines ensures the best possible performance when using Aircall.