In order to work well, Wire needs to have access to the following domain names:
wire.com, www.wire.com, prod-nginz-https.wire.com, prod-nginz-ssl.wire.com, prod-assets.wire.com, wire-app.wire.com, clientblacklist.wire.com
Wire uses load balancers that return dynamic IP addresses for these domain names, which means that potential whitelisting has to be based on domain names rather than IP addresses. All of these domain names need to be reachable on TCP port 443.
If IP-to-IP connections are not possible, Wire uses TURN servers to relay calls. The list of TURN servers can be obtained by looking up the SRV record of the domain name _turn._udp.prod.wire.com.
To get the SRV record use "dig" command - "dig _turn._udp.prod.wire.com SRV". Use Ping command on the domain names from SRV records to get IP addresses: "ping -c 1 <domain name>"
TURN servers need to be reachable on all UDP ports for the highest reliability. Should that not be possible, TURN servers will be contacted on port 3478 via UDP or TCP, or port 5349 via TLS. For a more robust calling experience, outbound UDP connections to all IP addresses should be allowed.
For conference calls, SFT conferencing servers need to be reachable. The highest call quality will be achieved when clients can reach SFT servers directly. If that is not possible TURN servers will be used to relay calls. In the same way as for TURN servers, the list of SFT servers can be obtained by looking up the SRV record of the domain name _sft._tcp.prod.wire.com.
Also, some firewalls may require enabling of WebRTC and SRTP Audio/Video protocols in the application control. Further, firewalls may have traffic shaping for UDP traffic enabled to limit the packet throughput. Those rules should be applied very carefully or removed as the number of UDP packets might be quite high, especially for conference calls (up to 1800 packets per second for a large-size conference).
Additionally, Wire might connect to other domain names, for example when link previews are generated, or when media like YouTube, Vimeo, SoundCloud, etc. are shared.