Firewall Configuration
This article is intended for network administrators, particularly firewalls and web security administrators. It will help you configure and test your network to support Blitzz.
Some firewalls will not permit applications such as Blitzz (or any applications you have not specifically allowed) to access the internet and it is necessary to open ports for Blitzz servers in the corporate firewall/proxy. It's necessary that the customer's on-premise infrastructure allows the Transmission Control Protocol (TCP) to flow for incoming and outgoing network traffic for Blitzz.
Required IP Addresses/ports to whitelist
| Domains / IP Address | Protocol | Purpose | |
| 1 | *.blitzz.co (recommended) | (HTTPS/443) | Recommended to recognize any subdomains of blitzz.co. If you have trouble whitelisting the wild card domain, please use rows 2, 3, 4, 5, 6, 7 below. |
| 2 | {company-subdomain}.blitzz.co | (HTTPS/443) | Replace {company-subdomain} with your subdomain. Eg. acme.blitzz.co |
| 3 | services.blitzz.co | (HTTPS/443) | Used to connect to backend services and Push notifications |
| 4 | media.blitzz.co | (HTTPS/443) | Used for uploading media |
| 5 | analyticapi.blitzz.co | (HTTPS/443) | Data analytics |
| 6 | api-ga.blitzz.co | (HTTPS/443) | Used to connect to backend services and Push notifications for new portals |
| 7 | socket-ga.blitzz.co | (WSS/443) | For CoBrowse product |
| 8 | storageapi.blitzz.co | (HTTPS/443) | Accessing and storing media |
| 9 | blitzzmedia.blob.core.windows.net | (HTTPS/443) | Accessing and storing media |
| 10 | *.launchdarkly.com | (HTTPS/443) | Used for Preview of new features and access to premium features. |
| 11 | 159.69.72.82 138.201.23.91 94.130.129.237 | (HTTPS/443) | Localization Strings to support region-specific languages |
| 12 | api.twilio.com | (HTTPS/443) | REST API for Creating rooms |
| 13 | video.twilio.com | (HTTPS/443) | REST API for video-related features |
| 14 | global.vss.twilio.com | (WSS/443) | Signaling Communication |
| 15 | sdkgw.us1.twilio.com | (WSS/443) | Video SDK for Android, iOS, and JavaScript |
| 16 | 54.70.204.128/27 and https://us-west-2.quicksight.aws.amazon.com | (HTTPS/443) | Access to Reports and Dashboards |
For Call Recordings
Following ports are required for audio, data, and video exchange during your Video Calls and for Call Recording features if enabled. By default, Blitzz will pick the closest server to the first participant in the video call. If you prefer your traffic to route through any specific regions only, please contact our support team and we can disable all other regions for your account. This may impact the Quality of your video calls if you intend to have participants globally. Learn more about media regions here.
| Server IP Address Range | Ports | Region | |
| 1 | 34.216.110.128 - 34.216.110.159 54.244.51.0 - 54.244.51.255 44.234.69.0 - 44.234.69.127 | 10,000 - 60,000 UDP/SRTP/SRTCP and TLS/443 or UDP/3478 | US West Coast (Oregon) |
| 2 | 34.203.254.0 - 34.203.254.255 54.172.60.0 - 54.172.61.255 34.203.250.0 - 34.203.251.255 3.235.111.128 - 3.235.111.255 | 10,000 - 60,000 UDP/SRTP/SRTCP and TLS/443 or UDP/3478 | US East Coast (Virginia) |
| 3 | 13.210.2.128 - 13.210.2.159 54.252.254.64 - 54.252.254.127 3.25.42.128 - 3.25.42.255 | 10,000 - 60,000 UDP/SRTP/SRTCP and TLS/443 or UDP/3478 | Australia |
| 4 | 18.231.105.32 - 18.231.105.63 177.71.206.192 - 177.71.206.255 18.230.125.0 - 18.230.125.127 | 10,000 - 60,000 UDP/SRTP/SRTCP and TLS/443 or UDP/3478 | Brazil |
| 5 | 52.59.186.0 - 52.59.186.31 18.195.48.224 - 18.195.48.255 18.156.18.128 - 18.156.18.255 | 10,000 - 60,000 UDP/SRTP/SRTCP and TLS/443 or UDP/3478 | Germany |
| 6 | 52.215.253.0 - 52.215.253.63 54.171.127.192 - 54.171.127.255 52.215.127.0 - 52.215.127.255 3.249.63.128 - 3.249.63.255 | 10,000 - 60,000 UDP/SRTP/SRTCP and TLS/443 or UDP/3478 | Ireland |
| 7 | 52.66.193.96 - 52.66.193.127 52.66.194.0 - 52.66.194.63 3.7.35.128 - 3.7.35.255 | 10,000 - 60,000 UDP/SRTP/SRTCP and TLS/443 or UDP/3478 | India |
| 8 | 13.115.244.0 - 13.115.244.31 54.65.63.192 - 54.65.63.255 18.180.220.128 - 18.180.220.255 | 10,000 - 60,000 UDP/SRTP/SRTCP and TLS/443 or UDP/3478 | Japan |
| 9 | 13.229.255.0 - 13.229.255.31 54.169.127.128 - 54.169.127.191 18.141.157.128 - 18.141.157.255 | 10,000 - 60,000 UDP/SRTP/SRTCP and TLS/443 or UDP/3478 | Singapore |
Ports used: 10,000 - 60,000 UDP/SRTP/SRTCP and TLS/443 or UDP/3478. We highly recommend you enable UDP Protocol for all incoming connections for the listed IP ranges above to the used ports(10000-60000, 3478). Learn more why UDP here.
Logs and debugging (Recommended)
We use Google Firebase for capturing logs when you encounter an issue or need help. We recommend enabling these IP addresses as well:
| * | 5228 (TCP) 5229 (TCP) 5230 (TCP) | If your organization has a firewall that restricts the traffic to or from the Internet, you'll need to configure it to allow connectivity with GCM. The ports to open are 5228, 5229, and 5230. GCM typically only uses 5228, but it sometimes uses 5229 and 5230. GCM doesn't provide specific IPs. It changes IPs frequently. https://firebase.google.com/docs/cloud-messaging/concept-options |
Test your network
Run these diagnostic tests to ensure your network is configured correctly: https://help.blitzz.co/support/solutions/articles/44001950025-diagnostic-tests