Our moderated product requires access to specific ports. At a minimum the following requirements must be met:
- Open TCP port 443
- Add/Allow the following domains:
*.tokbox.com
*.opentok.com
Along with the minimum requirements, opening UDP Port 3478 will give you a better experience. UDP is highly recommended over TCP for better quality audio and video. The protocol favors timeliness over reliability which is consistent with the human perceptive preferences; where we can fill in gaps but are sensitive to time-based delays.
This port only accepts inbound traffic after an outbound request is sent. The connection is bidirectional but is always initiated from the corporate network/client so it is not possible for an external entity to send malicious traffic in the opposite direction. For the best possible experience, we recommend opening UDP ports 1025 - 65535.
While Moderated might work without opening any UDP ports, we have seen that not allowing UDP traffic can result in intermittent audio and video issues during a session. If you would need a list of specific IPs for which to allow UDP traffic, please reach out to us.
Make sure your router, firewall or networking device doesn't block incoming and outgoing traffic on the above ports and domains.
Add the following HTTPS verification servers for our HTTPS certificate to the "Allowed" or "Approved" List. Not doing so may cause console warnings, but should not affect the session.
- oscp.godaddy.com
- crl.godaddy.com
Make sure if your company uses a firewall, content router, or another networking device that filters traffic, that it doesn't block any WebRTC traffic. Some networking devices can interpret WebRTC traffic as P2P traffic and actively block that traffic, even if you have the above ports open. We've seen this issue particularly with Meraki routers blocking WebRTC traffic as described.
Open firewall ports in Windows 10
You can manually permit a program to access the internet by opening a firewall port. You will need to know what port it uses and the protocol to make this work.
- Navigate to Control Panel, System and Security and Windows Firewall
- Select Advanced settings and highlight Inbound Rules in the left panel
- Right click Inbound Rules and select New Rule
- Add the port you need to open and click Next
- Add the protocol (TCP or UDP) and the port number into the next window and click Next
- Select Allow the connection in the next window and hit Next
- Select the network type as you see fit and click Next
- Name the rule something meaningful and click Finish
Open firewall ports in MacOS
- Launch System Preferences
- Click "security & privacy”
- Click the Firewall tab
- Click the New button in the Firewall panel
- Choose Other from the Port Name pop-up menu
- Enter the port number you want to open in the TCP Port Number(s) field
- Enter a name that makes sense to you in the Description field
- Click OK
Proxy requirements
As a general rule, using the latest versions of TokBox and browsers will produce the best results. Most proxies are supported in browsers and mobile apps today. If the only way to access the Internet from your network is through a proxy then it must be a transparent proxy or it must be configured in the browser for HTTPS connections.
WebRTC does not work with proxies requiring authentication. Along with these requirements, clients may have the following rules:
- Chrome: although not every option has been tested, recent versions have full support for authentication
- pre-58 version support NTLM authentication
- We've found a forwarding proxy setup with Kerberos does not work