Security settings

Settings for corporate network

On this page and the pages linked to it, we have provided a comprehensive list of hosts, IP addresses, and ports used by SpatialChat and our providers to ensure a complete SpatialChat experience.

💡

If you are unable to connect to external services because your private or corporate network has restrictions, you can ask the IT department to add the following addresses to the allow list. If you encounter any issues, please don't hesitate to reach out to support@spatial.chat for assistance.

On this page and the pages linked to it, we have provided a comprehensive list of hosts, IP addresses, and ports used by SpatialChat and our providers to ensure a complete SpatialChat experience.

This does not necessarily mean that you need to add all of these to your allow list. Instead, you should add them to the allow list as needed based on any issues you may be experiencing. For example:

If you are unable to access the website at all, you may want to start by adding AWS to the allow list.
If you are having trouble with SpatialRooms, try adding Twilio Video and LiveKit to the allow list.
If you are experiencing issues with Stage, consider adding Agora to the allow list.

💡

Note that some rules may need to be set based on the host, as the IP addresses may be dynamic.

List of hosts, IP addresses, and ports

spatial.chat
*.spatial.chat

AWS Ireland region

https://docs.aws.amazon.com/general/latest/gr/aws-ip-ranges.html

Twilio Video

https://www.twilio.com/docs/video/ip-addresses

https://www.twilio.com/docs/stun-turn/regions

Our recommendation would also be to allow the domains *.millicast.com and *.xirsys.com.

In case needed, our cloud vendor is Oracle Cloud.

IP ranges of Oracle Cloud: https://docs.oracle.com/en-us/iaas/Content/General/Concepts/addressranges.htm

Firewall settings to Agora service

Ports

TCP (allow) - 80; 443; 3433; 4700 - 5000; 5668; 5669; 6080; 6443; 8667; 9667; 30011 - 30013 (for RTMP converter)

UDP (allow) - 3478; 4700 - 5000

For Agora cloud proxy support (TCP fallback) use the following settings:

https://docs-preprod.agora.io/en/Video/cloud_proxy_na_web_ng?platform=Web

Firewall settings to LiveKit service:

HOST	PORT
*.livekit.cloud	TCP: 443
*.turn.livekit.cloud	TCP: 443
all hosts (optional)	UDP: 3478
all hosts (optional)	UDP: 50000-60000

Additionally, please ensure UDP hole-punching is enabled (or disable symmetric NAT). This helps machines behind the firewall to establish a direct connection to a LiveKit Cloud media server.

If wildcard hostnames are not allowed by your firewall or security policy, the following are the mimimum set of hostnames required to connect to LiveKit Cloud:

spatialchat-prod.livekit.cloud

spatialchat-prod.sfo3.production.livekit.cloud

spatialchat-prod.nyc3.production.livekit.cloud

spatialchat-prod.fra1.production.livekit.cloud

spatialchat-prod.sgp1.production.livekit.cloud

spatialchat-prod.gapnortheasta.production.livekit.cloud

spatialchat-prod.gapsoutha.production.livekit.cloud

spatialchat-prod.gapsoutheasta.production.livekit.cloud

spatialchat-prod.gapwesta.production.livekit.cloud

spatialchat-prod.gcacentrala.production.livekit.cloud

spatialchat-prod.geuwesta.production.livekit.cloud

spatialchat-prod.geucentrala.production.livekit.cloud

spatialchat-prod.guswesta.production.livekit.cloud

spatialchat-prod.guscentrala.production.livekit.cloud

spatialchat-prod.gussoutheasta.production.livekit.cloud

spatialchat-prod.guseasta.production.livekit.cloud

sfo3.turn.livekit.cloud

nyc3.turn.livekit.cloud

fra1.turn.livekit.cloud

sgp1.turn.livekit.cloudgapnortheasta.turn.livekit.cloud

gapsoutha.turn.livekit.cloud

gapsoutheasta.turn.livekit.cloud

gapwesta.turn.livekit.cloud

gcacentrala.turn.livekit.cloud

geuwesta.turn.livekit.cloud

geucentrala.turn.livekit.cloud

guswesta.turn.livekit.cloud

guscentrala.turn.livekit.cloud

gussoutheasta.turn.livekit.cloud

guseasta.turn.livekit.cloud

💡

The list of domains is subject to change.

Account settings