Firewall Configuration for VidyoConnect, H323/SIP and WebRTC

Configure your firewall for VidyoConnect

To have the VidyoConnect client working properly you need to open the following ports:

NOTE: To get the extensive list of hostnames and IP addresses of all the routers that serve the CERN Vidyo service installed at CERN and at the LCG T1 centers, please send a note requesting it to

  • TCP Port 443 (HTTPS): outbound to and routers
  • TCP 17992 (EMCP): outbound to
  • TCP Port 17990 (SCIP) and UDP Ports 50,000 – 65,535 (RTP/sRTP/RTCP) bidirectional to the Vidyo routers
    • Note about UDP timeouts on firewalls:
      • Some Firewalls have a UDP default timeout. On the Cisco PIX Firewall, for example, if the UDP timeout is not changed then the call will drop in exactly two minutes and the Vidyo client(s) would have to reconnect. You may want to contact your network admin to check this setting and increase the timeout. 

On MacOS, you have to add VidyoConnect to the list of allowed Apps on the firewall. To do so, you need to go to System Preferences-> Security & Privacy and add /Applications/Vidyo/Vidyo Desktop/VidyoDesktop . 

Configure your firewall for H323 and SIP connections

For H.323/SIP clients, the standard H.323/SIP ports need to be opened to the cluster of VidyoGateways.

If you need to open ports to the specific servers, you have to allow ports for incoming calls to the CERN cluster:,,

and US cluster:,,

For the outgoing calls, you have to open your firewall to the cluster:,,,,

Please contact, if more information on this subject is needed.

For detailed information about Firewall and NAT configurations please consult the Vidyo Guide for Administrators  page 348. 

Configure your firewall for WebRTC client

For our WebRTC client, you need to open ports for media and for the STUN/ TURN server. 

  • TCP Port 80 and 443 bidirectional to the CERN WebServers
  • UDP and TCP port 3478 bidirectional to the WebRTC servers
  • UDP Ports 60000 - 61000 (SRTP) bidirectional to the WebRTC servers
    • it is optional to open these ports; if blocked media will be proxied using TURN on port 3478.

Please contact, if more information on this subject is needed.

If your firewall cannot be opened (or in the meantime your are waiting for it to be opened)

If the firewall cannot be opened, Vidyo should work if you force the use of the Vidyo proxy. In the VidyoConnect client (or Mobile client), go to Configuration -> Network and tick "always use vidyo proxy". Please note this option slightly decreases the quality of the connection, and using it by default risks of overloading the available proxy servers. Properly opening the firewall ports should remain the priority option.

