Video: Network Requirements for Firewalls and Web-Filters
If your school or Local Authority has a firewall, or teachers are remotely using the school's network at home via a proxy, you may need to make changes to allow the video call connection. This article explains the hostnames, IP address ranges and ports that are needed for a successful video call. The video call connection is made directly between the teacher and the parent.
Endpoints to Whitelist
Last updated: 5th October, 2020
Please allow access outbound to all the following hostnames and IP address ranges and ensure inbound traffic is allowed in response to the outbound connections.
Ensure HTTPS inspection is bypassed for the following hostnames
and traffic allowed over TCP 443:
Also allow outbound traffic to the following IP address ranges
over TCP 443 + UDP 3478 + UDP 10,000 - 60,000:
22.214.171.124 - 126.96.36.199
188.8.131.52 - 184.108.40.206
220.127.116.11 - 18.104.22.168
22.214.171.124 - 126.96.36.199
188.8.131.52 - 184.108.40.206
220.127.116.11 - 18.104.22.168
22.214.171.124 - 126.96.36.199
188.8.131.52 - 184.108.40.206
220.127.116.11 - 18.104.22.168
22.214.171.124 - 126.96.36.199
188.8.131.52 - 184.108.40.206
220.127.116.11 - 18.104.22.168
22.214.171.124 - 126.96.36.199
188.8.131.52 - 184.108.40.206
220.127.116.11 - 18.104.22.168
22.214.171.124 - 126.96.36.199
188.8.131.52 - 184.108.40.206
220.127.116.11 - 18.104.22.168
22.214.171.124 - 126.96.36.199
188.8.131.52 - 184.108.40.206
220.127.116.11 - 18.104.22.168
22.214.171.124 - 126.96.36.199
188.8.131.52 - 184.108.40.206
220.127.116.11 - 18.104.22.168
22.214.171.124 - 126.96.36.199
188.8.131.52 - 184.108.40.206
220.127.116.11 - 18.104.22.168
22.214.171.124 - 126.96.36.199
Running a Test
- At least one (or more) of the following must pass:
- NTS: TURN UDP Connectivity - this is recommended for optimal quality
- NTS: TURN TCP Connectivity
- NTS: TURN TLS Connectivity
- This test must pass:
- Video: Test Group Room with TURN
If any of the above tests fail, please verify the above endpoints have been whitelisted and there's no HTTPS inspection enabled on the two hostnames before attempting the test again.
If you find the test stalls on "Voice" and never proceeds to the rest, temporarily whitelist *.twilio.com and ensure HTTPS inspection is off for *.twilio.com, then retry the test. If you then see a successful test result as per the above required passing tests, you can safely remove the whitelist and HTTPS inspection bypass for *.twilio.com, assuming the two specific hostnames have been whitelisted and are bypassed for HTTPS inspection.
Video calling should adapt to the available bandwidth. The recommended bandwidth for video calls for popular video conferencing solutions tends to be around 1-3 Mbps in/out per call, and we would recommend considering this as a guide.
For example: with 50 simultaneous video calls being made on the school's network, you could expect to use 50-150 Mbps bandwidth in/out.
Points of Note
As media traffic flows over UDP, we STRONGLY RECOMMEND that you ensure any policies which would drop UDP packets, such as UDP flood prevention, are turned off. Any network device which drops UDP packets would cause the video and/or audio to stutter.