Our remote agents are reporting that their WebRTC phones completely drop calls when they are working from our corporate office behind the strict firewall. Our network team says the TURN server fallback isn’t activating.
As a QM supervisor, this is a massive problem. I evaluate over 200 interactions a week, and lately, I’ve been seeing an influx of ‘silent recordings’ or calls that abruptly end after 2 seconds. The agents are getting penalized for call avoidance, but they swear it is a technical issue. Does the TURN failure cause the call to actually connect and record silence before dropping?
I can’t speak to the technical firewall rules or TURN servers, but I can confirm this is destroying our metrics on the workforce management side.
We have a 5,000-agent BPO operation, and when this started happening last week, we saw an immediate and massive spike in ‘Shrinkage’. Agents were sitting in the queue, but because their WebRTC clients couldn’t negotiate the audio path, the system automatically bumped them into an ‘Offline’ or ‘Not Responding’ state. This threw our entire intraday forecast off by 15%. Whatever the fix is, please deploy it soon because our real-time adherence scores are tanking.
I spent hours systematically debugging this last month, assuming it was a SAML assertion timeout causing the desktop app to silently lose its token and drop the media path.
It turns out our corporate firewall’s Deep Packet Inspection (DPI) was blocking the STUN/TURN fallback. Genesys Cloud requires outbound UDP/TCP on ports 3478, 80, and 443 for TURN. Our IdP (Okta) was passing the authentication perfectly, but the firewall was selectively dropping the UDP packets required for the ICE candidate negotiation. Check your firewall logs for dropped packets on those specific ports.
From the Salesforce side of things, this firewall issue manifests in a really specific way.
When our agents click-to-dial from a Contact record, the GC+SFDC managed package CTI widget just sits there spinning with a ‘Connecting…’ status. The Apex logs show the interaction was created successfully, but because the underlying WebRTC path is blocked and TURN fails, the screen pop happens but the audio never connects. The agent is forced to refresh the entire Salesforce tab to clear the phantom call.
For our outbound predictive campaigns, this is completely unacceptable.
If the TURN server fails to connect the agent’s audio, the dialer still thinks the agent is reserved. The system connects the customer, but the agent’s WebRTC hasn’t established media. This results in dead air, and the customer hangs up. Our abandonment rates skyrocketed from a healthy 2% to over 12% in a single day, putting us at serious risk of violating telemarketing compliance laws. We had to pause all pacing until the network team whitelisted the TURN IPs.
To get ahead of this, I built an automated ServiceNow integration.
We ingest the Genesys Cloud operational logs via an AWS EventBridge webhook. Whenever we see an ice-connection-failed event in the payload, I use the ServiceNow REST API to automatically generate an INC ticket and assign it to the network team with the agent’s IP address.
According to the Resource Center, you can subscribe to the v2.users.{id}.conversations topic to catch these WebRTC failures programmatically.