This article outlines configuration changes that may be required on your corporate network to allow Coviu to work. Typically, your IT Network Administrator would undertake these activities.
Last Updated: March 2024
Note:
- US customers: Are you looking for information regarding Coviu implementations in the US? Click here for more information.
- For more IP address information on our Group Rooms workflow and calls made through our partnership with Twilio, click here.
On this page:
- Table 1: Firewall port requirements for making a Coviu video call
- Table 2: Firewall port requirements for making a Coviu phone call
- For Network Administrators: Test as you go!
- Troubleshooting Issue 1: You can't get to coviu.com
- Troubleshooting Issue 2: When trying to connect to another person, they never appear in your Coviu video room
- Troubleshooting Issue 3: When trying to connect to another person, it just says 'is being connected', but it never connects
- More support options
Who is this help article for?
This article is aimed at your IT Network Administrator, IT Security Manager, Cyber Security manager or similar titles. You may need to log a ticket with your IT Service Desk to have their action the below.
Table 1: Firewall port requirements needed to make a Coviu video call
The table below lists the port-related protocols and hosts that are required or recommended to make a Coviu video call.
|
|
Port |
Protocol |
Hosts |
Description |
|
1 |
443 |
TCP |
coviu.com |
Required - allows you to use the Coviu platform. This must also include subdomains. |
|
2 |
443 |
TCP |
covi.io |
Required - establishes call connection on the Coviu platform. This must also include subdomains. |
|
3 |
49152-65535 |
UDP |
any |
Recommended - allows for peer-to-peer connections between guests on a call. If you are unable to allow this, you MUST allow the TURN servers listed below. |
|
4 |
3478, 19302 |
TCP, UDP |
turn1.coviu.com, turn2.coviu.com |
Required - TURN servers are used to proxy call connections in the event a peer-to-peer connection cannot be established. |
|
5 |
443, 3478 |
TCP, UDP |
global.turn.twilio.com |
Required - TURN servers are used to proxy call connections in the event a peer-to-peer connection cannot be established. |
|
6 |
443 |
WSS |
global.vss.twilio.com |
Required - Signaling Communication for usage of the Group Rooms workflow. Location: Global Low Latency (default) |
|
7 |
443 |
WSS |
au1.vss.twilio.com |
Required - Signaling Communication for usage of the Group Rooms workflow. Location: Australia |
|
8 |
443 |
WSS |
sdkgw.us1.twilio.com |
Required - for usage of the Group Rooms workflow. |
|
9 |
443,3478 |
TLS, UDP |
13.210.2.128/27 (13.210.2.128 - 13.210.2.159) |
Required - for usage of the Group Rooms workflow. Twilio region: Australia. Region ID: AU1 |
|
10 |
443 |
TCP |
use.typekit.net |
Recommended - used for loading correct fonts. |
|
11 |
443 |
TCP |
www.google-analytics.com |
Optional - used for capturing usage analytics. |
Table 2: Firewall port requirements needed to make a Coviu phone call
The table below lists the port-related protocols and hosts that are required to make a Coviu phone call:
| Port | Protocol | Hosts | Description | |
| 1 | 10,000 - 20,000 | UDP | any | Required - allows the transfer of voice/audio between the caller and callee. |
|
2 |
3478, 19302 |
TCP, UDP |
turn1.coviu.com, turn2.coviu.com |
Required - TURN servers are used to proxy call connections in the event a peer-to-peer connection cannot be established. |
|
3 |
443, 3478 |
TCP, UDP |
global.turn.twilio.com |
Required - TURN servers are used to proxy call connections in the event a peer-to-peer connection cannot be established. |
For Network Administrators: Test as you go!
Anyone can use the below Pre-call Test to see if they are ready to use Coviu. However, Network Administrators can use the Pre-call Test to see if Coviu will work on their corporate network. If the test shows failures on UDP, TCP or STUN, then use the below scenarios to troubleshoot and make changes where necessary.
Tip: Network Administrators can use our Pre-call Test to test as they go.
Troubleshooting Issue 1: You can't get to coviu.com
If you can view other websites e.g. youtube.com without issue, then read on. If you cannot view any other websites, then you may wish to consult your IT Support staff.
Analysis:
Your network has a very tight Web proxy that filters out Websites it does not know.
Remedy:
Ask your IT Network Administrator to allow access to the following domains:
- CUSTOMER-SUBDOMAIN.coviu.com:443(required)
- coviu.com:443 (required)
- static.coviu.com:443 (required - provides static resources)
- app-images.coviu.com:443 (required - provides application images)
- burger.coviu.com:443 (required - provides the video calling rooms)
- plugins.coviu.com:443 (required - to load special in-call functionality)
- monitor-listener.coviu.com:443 (advisable - we use this to debug any call issues you're reporting)
- use.typekit.net:443 (advised - this provides the right fonts)
- d37gvrvc0wt4s1.cloudfront.net:443 (optional - this allows us to capture application issues)
- www.google-analytics.com:443 (optional - this allows us to capture usage analytics)
- Make sure the Web proxy can do a Websocket upgrade on nexus-websocket-a.intercom.io and nexus-websocket-b.intercom.io port 443.
Troubleshooting Issue 2: When trying to connect to another person, they never appear in your Coviu video room
Analysis:
you are not connecting to the Coviu signalling server, which is connecting up the endpoints to each other via Websockets.
Remedy:
ask your network administrators to open up the following ports.
These ports are necessary so we get to our ICE/STUN servers to deal with the NAT:
- TCP/19302
- UDP/19302
- TCP/3478
- UDP/3478
Make sure you also have these accessible in your proxy server:
- witchcraft.covi.io:443 (required - to reach ICE/STUN servers)
- *.covi.io:443 (required - to reach signalling servers)
- *.coviu.com:443 (required - to reach signalling servers)
- *.twilio.com:443 (required - to reach our backup TURN servers)
- The Web proxy will need to be able to do a Websocket upgrade on all of the above.
Troubleshooting Issue 3: When trying to connect to another person, it just says 'is being connected', but it never connects
If adding the TURN servers to the proxy is not sufficient, you are likely using deep packet inspections and throwing away the video packets on port 443. Therefore, you will need to add the TURN IP addresses to the bypass list on your proxy:
-
13.236.71.37
-
52.63.56.4
-
54.206.0.125
-
54.79.78.201
-
Twilio TURN IP ranges can be found here: https://www.twilio.com/docs/stun-turn/regions
Tip: This list may need to be refreshed if the TURN servers change IP addresses. But at least you don't have to open up the UDP ports.
More support options
You have completed another Coviu help article. You now know the firewall requirements required to use Coviu.
If this is not what you were looking for, explore our knowledge base and search for another article from here.
If you still require any assistance, please do not hesitate to get in touch with our friendly Customer Success team using any of the contact methods available here.