Firewall Settings
An overview of firewall settings required for your copy of VCC Live to communicate seamlessly with our servers.
Table of Contents
- Settings for VCC Live
- Settings for IP Phone Users
- Settings for VCC Live Archiver
- Data Center IP Ranges
- Example of using hu1 hosting
- Split-Tunnel VPN Setup
- Example (Windows Firewall):
Settings for VCC Live
| source | destination(1) | port | protocol |
|---|---|---|---|
| any | data center IP range | 443/TCP | HTTPS, WebRTC |
| any | data center IP range | 10000-20000/UDP | RTP / SRTP |
(1) Use a data center IP range.
Settings for IP Phone Users
| source | destination(1) | port | protocol |
|---|---|---|---|
| any | data center IP range | 5060/TCP, UDP | SIP(2) |
| any | data center IP range | 5061/TCP | SIP-TLS(3) |
| any | data center IP range | 10000-20000/UDP | RTP / SRTP |
(1) Use a data center IP range.
(2) Unsecured SIP communication, use a SIP-TLS instead.
(3) If you use a restricted VoIP connection, the 5061 TCP connections need to be opened.
Settings for VCC Live Archiver
| source | destination(1) | port | protocol |
|---|---|---|---|
| any | data center IP range | 443/TCP | HTTPS |
(1) Use a data center IP range.
Data Center IP Ranges
| data center | IP range |
|---|---|
| hu1 | 194.38.106.64/26 |
| hu2 | 193.68.62.192/26 |
| sg3 | 139.180.222.6 |
| us3 | 45.77.199.76, 144.202.45.186, 104.207.146.167 |
| za1 | 169.150.246.96, 169.150.246.109, 169.150.246.98 |
Example of using hu1 hosting
| source | destination | port |
|---|---|---|
| any | 194.38.106.64/26 | 443/TCP |
| any | 194.38.106.64/26 | 5060/TCP, UDP |
| any | 194.38.106.64/26 | 5061/TCP |
| any | 194.38.106.64/26 | 10000-20000/UDP |
Split-Tunnel VPN Setup
In some customer setups using split-tunnel VPNs, WebRTC media traffic may be incorrectly routed through the VPN. This can cause ICE negotiation delays of several seconds and result in poor call setup performance.
To ensure stable media connections, we recommend blocking STUN traffic inside the VPN tunnel. By doing so, VPN-routed ICE candidates will fail, and direct WAN candidates will be selected instead.
Example (Windows Firewall):
You can add outbound firewall rules to block UDP traffic in the port range 10000–20000 for STUN packets when routed through the VPN. For example:
- Open Windows Defender Firewall with Advanced Security.
- Create a new Outbound Rule.
- Rule type: Port, Protocol: UDP, Ports: 10000–20000.
- Action: Block the connection.
- Apply to the relevant profiles (Domain/Private/Public).
This ensures ICE negotiation always succeeds over the direct WAN path instead of the VPN.
Note: While the example above shows Windows, the same principle applies to other platforms (Linux iptables, macOS pf, or network-level firewall rules).
Related articles
There's always more to learn. Discover similar features by visiting related articles:
Comments
Can’t find what you need? Use the comment section below to connect with others, get answers from our experts, or share your ideas with us.
There are no comments yet.