Firewall Requirements
Firewall requirements
TokBox services require access to specific ports. At a minimum the following requirements must be met:
- Open TCP port 443
- Whitelist the following domains:
Please also Whitelist the following:
Along with the minimum requirements, opening UDP Port 3478 will give you a better experience. UDP is highly recommended over TCP for better quality audio and video. The protocol favors timeliness over reliability which is consistent with the human perceptive preferences; where we can fill in gaps but are sensitive to time-based delays.
This port only accepts inbound traffic after an outbound request is sent. The connection is bidirectional but is always initiated from the corporate network/client so it is not possible for an external entity to send malicious traffic in the opposite direction. For the best possible experience, we recommend opening UDP ports 1025 - 65535.
Whitelist the following HTTPS verification servers for our HTTPS certificate. Not doing so may cause console warnings, but should not affect the session.
This port only accepts inbound traffic after an outbound request is sent. The connection is bidirectional but is always initiated from the corporate network/client so it is not possible for an external entity to send malicious traffic in the opposite direction. For the best possible experience, we recommend opening UDP ports 1025 - 65535.
Whitelist the following HTTPS verification servers for our HTTPS certificate. Not doing so may cause console warnings, but should not affect the session.
Proxy requirements
As a general rule, using the latest versions of TokBox and browsers will produce the best results. Most proxies are supported in browsers and mobile apps today. If the only way to access the Internet from your network is through a proxy then it must be a transparent proxy or it must be configured in the browser for HTTPS connections. WebRTC does not work with proxies requiring authentication. Along with these requirements, clients may have the following rules:
- Chrome
- although not every option has been tested, recent versions have full support for authentication
- pre-58 version support NTLM authentication
- we've found a forwarding proxy setup with Kerberos does not work
- Firefox does not support proxies that inspect packets to validate that connections are real TLS connections, because Firefox does not support TURN over TLS
- Internet Explorer requires the installation of a plugin. Use the latest version of the IE browser when possible.
- supports basic authentication, and NTLM
- other authentication algorithms like Kerberos have not been fully tested
- iOS does not support proxy configurations that use .pac files
Whitelisting the follow IP address 149.72.180.241 will allow emails to be sent to attendees for important functions such as reset password and user registration emails.
Also here is our Browser Tester which will be useful for testing office locations around the globe:
https://browsertest.eventfinity.co/
https://browsertest.eventfinity.co/
Updated 11/15/2021
NEW- (ADDED MARCH 18TH 2022)
WE have a small update with the IP addresses that would need to be whitelisted for 3rd party imports that have that enabled (some of our clients using Cvent). These new IPs are for our new Google servers. If your client doesn't use IP whitelisting you don't have to do anything! (You would know because you had to give them the list of IPs initially to enable it.) Also anything currently on AWS production won't be affected.
52.1.102.31 54.197.175.99 24.185.114.132 34.148.209.148 34.145.218.121