KUDO Firewall rules
Quick links:
DOMAINS
Depending on your company's firewall or endpoint security settings, you might have to whitelist the following domains:
- *.kudoway.com (if your account is in the USA region)
- *.kudoway.eu (if your account is in the Europe region)
- *.kudoway.ca (if your account is in the Canadian region)
- *.tokbox.com
- *.opentok.com
If your firewall doesn’t allow wildcard whitelisting or your company’s policy prevents you from doing wildcard whitelisting, you can narrow it down using specific sub-domains:
USA region
- https://live.kudoway.com
- https://api.kudoway.com
- https://session-console.kudoway.com
Europe region
- https://live.kudoway.eu
- https://api.kudoway.eu
- https://session-console.kudoway.eu
Canada region
- https://live.kudoway.ca
- https://api.kudoway.ca
- https://session-console.kudoway.ca
PORTS
All media (audio and video) traffic will go through STUN servers, and the recommended protocol is UDP (3478). However, if your company’s security policy is blocking UDP, our system will fallback the media traffic to TCP on SSL (443). All traffic is bi-directional.
Required TCP port: 443
Recommended UDP port: 3478 (UDP traffic is recommended because of its low overhead, leading to better video quality in most cases).
Using KUDO with a proxy
If the only way to access the Internet from your network is through a proxy then it must be a transparent proxy or it must be configured in the browser for HTTPS connections.
We do not support proxies requiring authentication.
Firewall behaviors
In some cases, we have seen users experiencing issues with media (audio and video) after a short period of usage. This might be related to their firewall or endpoint security settings where stateful packet inspection or flood control will deprioritize or throttle media streams, hence reducing the quality or, in some cases, blocking the stream. In these extreme cases, we recommend you contact your company’s IT security.
Microsoft Teams
If you are using KUDO with Microsoft Teams, while all the above security considerations apply, you will need to allow or whitelist the following sub-domains and ports:
- https://teams-bot.kudoway.com
- https://teams-web.kudoway.com
- TCP port: 8445
- TCP port: 9444
IP ranges
KUDO is using dynamic IP and elastic load balancing; hence we cannot guarantee the exact IPs used for your meetings. However, we can provide you with a range. For technical and security reasons, we do change these ranges periodically. If your company is whitelisting these ranges, you can explicitly ask KUDO to add you to our mailing list to get an updated range. We do notify customers three weeks ahead of the changes.
IP version support
KUDO platforms support IPv4. The support for IPv6 will be available in Q2 2022.
IP Range
You might have to whitelist two sections, depending on your firewall security settings and policies:
- Account region related
- KUDO Media Services
Updated IP range as of March 2022
USA Server (Mandatory if the account is in the US region)
44.194.123.245
54.183.2.235
Europe Server (Mandatory if the account is in the European region)
3.125.64.235
34.247.171.240
Canada Server (Mandatory if the account is in the Canadian region)
3.97.146.187
CHINA Server (Mandatory if the account is in the China region)
47.52.44.158
47.52.109.58
KUDO Media Services (Mandatory)
{
"ipv4": [
"3.123.12.128/28",
"3.127.48.224/28",
"3.214.145.96/27",
"3.234.232.160/27",
"3.234.248.80/28",
"3.235.255.176/28",
"3.248.234.48/28",
"3.248.243.144/28",
"3.248.244.96/27",
"3.25.48.192/28",
"3.38.113.0/24",
"3.38.114.0/24",
"3.38.91.128/25",
"3.7.161.0/26",
"3.7.161.48/28",
"13.251.158.0/28",
"15.228.1.16/28",
"18.139.118.176/28",
"18.141.165.128/27",
"18.156.18.0/27",
"18.157.71.112/28",
"18.179.48.208/28",
"18.180.159.224/27",
"18.202.216.0/28",
"34.218.216.144/28",
"34.222.66.96/28",
"34.223.51.192/27",
"34.223.51.224/27",
"35.158.127.224/28",
"44.232.236.96/27",
"44.234.90.64/28",
"52.200.60.16/28",
"52.213.63.176/28",
"52.41.63.240/28",
"52.51.63.16/28",
"52.65.127.192/27",
"52.66.255.192/27",
"54.233.127.224/29",
"54.250.250.208/28",
"54.69.125.241/32",
"54.89.253.64/28",
"99.79.160.16/28",
"99.80.88.240/28",
"168.100.64.0/18"
]
}