How to: Configure Firewall & Proxy Requirements

Attendee Firewall Settings

The below configurations are required for Brandlive attendees to view page and video content on a corporate network.

Webpage Information:

  • All content from * and * and *

Video Streaming Information:

  • Allow all incoming traffic from and *
  • Outgoing UDP destination port 53 to your name server or any IP for domain name resolution (DNS)
  • Outgoing TCP destination port 80, 443 to any IP (WEB)
  • Outgoing TCP destination port 1935 to any IP (RTMP is used to deliver the stream)

Admin & Presenter Firewall Settings

The below configurations are required for everything admin- and presenter-focused on a corporate network.

Firewall Requirements

Greenroom requires access to specific ports. At a minimum the following requirements must be met:

Along with the minimum requirements, opening UDP Port 3478 will give you a better experience. UDP is highly recommended over TCP for better quality audio and video. The protocol favors timeliness over reliability which is consistent with the human perceptive preferences; where we can fill in gaps but are sensitive to time-based delays.

This port only accepts inbound traffic after an outbound request is sent. The connection is bidirectional but is always initiated from the corporate network/client so an external entity can't send malicious traffic in the opposite direction. For the best possible experience, we recommend opening UDP ports 1025 - 65535.

Whitelist the following HTTPS verification servers for our HTTPS certificate. Not doing so may cause console warnings, but should not affect the session.


Proxy Requirements

As a general rule, using the latest version of Chrome or Edge will produce the best results. If the only way to access the Internet from your network is through a proxy, then it must be a transparent proxy or it must be configured in the browser for HTTPS connections. WebRTC does not work with proxies requiring authentication. Along with these requirements, clients may have the following rules:

  • Chrome
    • Although not every option has been tested, recent versions have full support for authentication.
    • Pre-58 versions support NTLM authentication.
    • We've found a forwarding proxy setup with Kerberos does not work.