Firewall Configuration for Vidyo Desktop, H323/SIP and WebRTC

Configure your firewall for Vidyo Desktop

To have the VidyoDesktop client working properly you need to open the following ports:

NOTE: To get the extensive list of hostnames and IP addresses of all the routers that serve the CERN Vidyo service installed at CERN and at the LCG T1 centers, please send a note requesting it to vidyo-support@cern.ch

  • TCP Port 443 (HTTPS): outbound to vidyoportal.cern.ch and routers
  • TCP 17992 (EMCP): outbound to vidyoportal.cern.ch
  • TCP Port 17990 (SCIP) and UDP Ports 50,000 – 65,535 (RTP/sRTP/RTCP) bidirectional to the Vidyo routers
    • Note about UDP timeouts on firewalls:
      • Some Firewalls have a UDP default timeout. On the Cisco PIX Firewall, for example, if the UDP timeout is not changed then the call will drop in exactly two minutes and the Vidyo client(s) would have to reconnect. You may want to contact your network admin to check this setting and increase the timeout. 

On MacOS, you have to add VidyoDesktop to the list of allowed Apps on the firewall. To do so, you need to go to System Preferences-> Security & Privacy and add /Applications/Vidyo/Vidyo Desktop/VidyoDesktop . 

Configure your firewall for H323 and SIP connections

For H.323/SIP clients, the standard H.323/SIP ports need to be opened to the cluster of VidyoGateways.

If you need to open ports to the specific servers, you have to allow ports for incoming calls to the CERN cluster: 188.184.65.116, 188.184.65.74, 188.184.66.56

and US cluster: 207.75.165.84, 207.75.165.85, 207.75.165.86

For the outgoing calls, you have to open your firewall to the cluster: 188.184.66.169, 188.184.67.151, 188.184.67.253, 188.184.65.133, 188.184.65.96

Please contact vidyo-support@cern.ch, if more information on this subject is needed.

For detailed information about Firewall and NAT configurations please consult the Vidyo Guide for Administrators  page 348. 

Configure your firewall for WebRTC client

For our WebRTC client, you need to open ports for media and for the STUN/ TURN server. 

  • TCP Port 80 and 443 bidirectional to the CERN WebServers
  • UDP and TCP port 3478 bidirectional to the WebRTC servers
  • UDP Ports 60000 - 61000 (SRTP) bidirectional to the WebRTC servers
    • it is optional to open these ports; if blocked media will be proxied using TURN on port 3478.

Please contact vidyo-support@cern.ch, if more information on this subject is needed.

If your firewall cannot be opened (or in the meantime your are waiting for it to be opened)

If the firewall cannot be opened, Vidyo should work if you force the use of the Vidyo proxy. In the VidyoDesktop client (or Mobile client), go to Configuration -> Network and tick "always use vidyo proxy". Please note this option slightly decreases the quality of the connection, and using it by default risks of overloading the available proxy servers. Properly opening the firewall ports should remain the priority option.

You are here