Information for school and university IT Departments
This document is for network admins.
Network configuration is the most likely reason if users cannot login, or if there are issues with audio/video streaming or file uploads/downloads.
Please go through the steps in this document to solve the issues.
Sanako Connect uses WebSocket and WebRTC technology for real-time communication. Please configure your browser policies, bandwidth usage policies, firewalls, and proxies accordingly.
1) Test your network
You can use our diagnostics tool to test how Sanako Connect works in your network.
USA and Americas: https://us.connect.sanako.com/diagnostics/
Europe and rest of the world: https://eu.connect.sanako.com/diagnostics/
If there are no errors, it’s highly likely that Sanako Connect works as intended.
If you see any error messages, proceed to step 2.
2) Configure your network and retest
The following domains and ports should be allowed to ensure that Sanako Connect works properly.
|
Essential domains |
|
|
*.sanako.com |
|
|
*.connect.sanako.com |
The application itself. Note: WebSocket connections are used with this domain and the app will not work if they are blocked. |
|
*.daily.co |
Audio/video streaming. |
|
*.wss.daily.co |
Audio/video streaming. Note: WebSocket connections are used with this domain and the app will not work if they are blocked. |
|
prod-ks.pluot.blue |
Audio/video streaming |
|
*.twilio.com |
Audio/video streaming |
|
*.xirsys.com |
Audio/video streaming |
|
sanako-connect-eu-production-beta.s3-accelerate.amazonaws.com |
File transfer |
|
sanako-connect-us-production-beta.s3-accelerate.amazonaws.com |
File transfer |
|
*.clientstream.launchdarkly.com |
|
|
*.launchdarkly.com |
|
|
Non-essential domains |
|
|
api.rollbar.com |
|
|
fonts.gstatic.com |
|
|
fonts.googleapis.com |
|
Protocol |
Source Port |
Destination Port |
Description |
|
Essential ports: |
|||
|
TCP |
1024-65535 |
80 |
HTTP,WS,TURN |
|
TCP |
1024-65535 |
443 |
HTTPS,WSS, TURNS, STUN |
|
Highly recommended to enable: |
|||
|
TCP |
1024-65535 |
3478 |
TURN, TURNS, STUN |
|
UDP |
1024-65535 |
3478 |
TURN, TURNS, STUN |
|
UDP |
1024-65535 |
40000-65535 |
Media port range |
If you have a VPN, audio/video streaming will have much better quality if you can configure streaming related traffic to bypass it. You can usually do that by configuring split tunneling. You’ll at least want to exempt port 443 for the Twilio IP ranges listed below, and possibly for the Xirsys IPs as well. If you can exempt UDP traffic altogether, that’s even better.
Twilio’s IP ranges: https://www.twilio.com/docs/stun-turn/regions
Xirsys’s IP ranges: https://docs.xirsys.com/?pg=ip-whitelist
If you have a firewall, you should allow UDP hole punching, which is essentially the standard behavior for most firewalls. If you’re explicitly allowing or denying UDP ports, you’ll definitely need to open port 3478 for signaling and media tunneling. You’ll also need to open UDP ports 40000-65534 for all hosts in order for peer-to-peer calls to work correctly.