All Categories ​>​ ​General ​>​ Firewall Configuration: Vonage Tokbox

Firewall Configuration: Vonage Tokbox

InEvent author Updated 1 month ago by Chioma Okenwa

If the Virtual Lobby stays in a connecting state or you can’t join a session due to a Network Error, it could mean that your networking is blocking our IP addresses through a Firewall, a Gateway, or a VPN.

If you or your company uses a firewall whitelist to restrict network access to only specific websites or software, you can use the information below to ensure that your service can connect.

You can always test if your connection is going through by running a system check.

As an EventHub client or account holder, you have the option to enable a dedicated IP range for WebRTC video conferencing. For more information, click here.

Set up your Firewall

Vonage Tokbox services require access to specific ports, so if you have selected Tokbox as your WebRTC provider, check the following requirements that must be met:

Protocol

Ports

Source

Destination

TCP

80, 443

All InEvent Users

*.inevent.com

TCP

80, 443

All InEvent Users

*.inevent.us

TCP

80, 443

All InEvent Users

*.inevent.uk

TCP

443

Virtual Lobby Users

inevent-virtual-lobby.firebaseapp.com

Open TCP port 443

Whitelist the following domains:

  • *.tokbox.com
  • *.opentok.com

Along with the minimum requirements, opening UDP Port 3478 will give you a better experience. UDP is highly recommended over TCP for better quality audio and video. The protocol favors timeliness over reliability which is consistent with the human perceptive preferences; where we can fill in gaps but are sensitive to time-based delays.

This port only accepts inbound traffic after an outbound request is sent. The connection is bidirectional but is always initiated from the corporate network/client so it is not possible for an external entity to send malicious traffic in the opposite direction. For the best possible experience, we recommend opening UDP ports 1025 - 65535.

Whitelist the following HTTPS verification servers for our HTTPS certificate. Not doing so may cause console warnings, but should not affect the session.

  • ocsp.godaddy.com
  • crl.godaddy.com

Proxy requirements

As a general rule, using the latest versions of TokBox and browsers will produce the best results. Most proxies are supported in browsers and mobile apps today. If the only way to access the Internet from your network is through a proxy then it must be a transparent proxy or it must be configured in the browser for HTTPS connections. To learn more about transparent proxy, read this section.

WebRTC does not work with proxies requiring authentication. Along with these requirements, clients may have the following rules:

  1. Chrome
  • although not every option has been tested, recent versions have full support for authentication
  • pre-58 version support NTLM authentication
  • we've found a forwarding proxy setup with Kerberos does not work
  1. Firefox does not support proxies that inspect packets to validate that connections are real TLS connections, because Firefox does not support TURN over TLS
  2. Internet Explorer requires the installation of a plugin. Use the latest version of the IE browser when possible.
  • supports basic authentication, and NTLM
  • other authentication algorithms like Kerberos have not been fully tested
  1. iOS does not support proxy configurations that use .pac files
How do I know if my proxy is transparent?
Transparent proxy
A transparent proxy which is also known as an inline proxy or intercepting proxy, is a server that intercepts the connection between a user's device and the website they are trying to access. It is called transparent because it does so without modifying requests and responses - the users do not know that their requests are being intercepted through a firewall before being sent to the intended destination.

Some key factors to know whether you are behind a transparent proxy are as follows:

  • Authentication: Transparent proxies are usually used to authenticate users on a network. Whenever you are redirected to a web page other than the one you were trying to access and are asked for authentication information, you are interfacing with a transparent proxy. The proxy first intercepts your request and then, before allowing you to proceed, verifies your right to do so.
  • Gateway: When accessing a website and you are required to first agree to terms of service, log in with your email or watch an ad before it gives you access to the web page, then you are interfacing with a transparent proxy. Transparent proxies modify or block traffics based on certain rules that must be met first before gaining access.
  • Filtering or Censoring Content: Transparent proxies are used for censoring and blocking harmful information. When you try to access information that may be considered harmful and you see an error message, you are interfacing with a transparent proxy on the internet.
  • Caching: Transparent proxies are used to cache information on the web so as to reduce the amount of bandwidth your ISP has to provide when you try to access any information on the internet.
    If your proxy service does not meet the criteria above, it is possible that the proxy service is not transparent.

How Did We Do?

Ready to deliver INNOVATIVE event driven results?

Achieve outstanding customer experiences - InEvent is you successful ROI!

Book a meeting with us
Powered by HelpDocs (opens in a new tab)