Network Requirements

To view ports, protocols, and FQDN requirements for your contact center, use the Port, Domain, Voice, and IP Address Requirements page.

TLS Cipher Requirements

For clarity in discussing ports, outbound is defined as from your initiation point to NICE CXone. Inbound is defined as the NICE CXone initiation point to your servers.

The following are TLS cipher requirements for all CXone systems:

To ensure that you have a secure, encrypted connection, NICE CXone requires at least TLS 1.2 compliance and the following ciphers as noted.

Inbound Traffic (from CXone to your servers)

You must support at least one of these ciphers from any source that communicates with CXone such as browsers and back-end integrations. It is recommended that you support both of these ciphers if possible.

  • 0xC02F, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
  • 0xC030, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

Outbound Traffic (from your servers to CXone)

You must support at least one of the following ciphers on servers that CXone communicates with such as IVR scripts or other integrations. It is recommended that you support multiples of these ciphers if possible. If you are trying to integrate with other service providers, you are responsible for ensuring that those providers also meet these requirements.

  • 0x009E, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
  • 0xC013, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
  • 0xC02B, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
  • 0xC02C, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384

About FQDNs

Rather than provide an exhaustive list of all fully qualified domain names (FQDN), NICE CXone uses templates based on several variables. If you are unsure how these variables apply to your business unit, contact your CXone Account Representative for clarification.

The following variables are used:

  • {cluster} refers to the assigned cluster for a customer.
  • {custom} corresponds to a custom hostname requested by a customer. The custom variable can be assigned through several different CXone product features.
  • {num} corresponds to a Engage QM Integrated host assignment.

NICE CXone uses platform-as-a-service (PaaS) cloud services for its clusters. Because of this, the IP address lists we specify are not comprehensive and only shows addresses with fixed assignments. We recommend you configure your firewall rules for filtering using hostnames in order not to block valid traffic. Also note that AWS/cloudfront IP addresses are subject to change without notice. Take precautions to ensure reach-ability of said FQDNs.

About IP Voice Phone Numbers

The phone numbers on the ports page correspond to data centers maintained either by NICE CXone or partners like AWS. These data centers exist globally and typically are paired to support failover. You must allow communication with the appropriate ranges, or risk a network outage during fail-over events.