If you are on a work network or any network behind a firewall, you may need to speak with your IT department or network administrator to ensure you have the best setup to enjoy your Hopin event. When you do, please give them the websites below to whitelist, and the ports to open.
Websites
*.hopin.com
hopin.to
assets.hopin.to
app.hopin.com
prod.live.hopin.to
analytics.hopin.com
*.streamyard.com
studio.streamyard.com
player.live-video.net
cdn.segment.com
pusher.com
*.mux.com
*.live-video.net
*.stream-io-api.com
Note: analytics.hopin.com has been recently added to this list. To test that it is working correctly, you can ask your system administrator to perform a ping to analytics.hopin.com/health/check and verify that there is a response.
Ports
Minimum Requirement:
The minimum requirement is that TCP port 443 is open. Some firewall/proxy rules only allow for SSL traffic over port 443. You will need to make sure that non-web traffic can also pass over this port.
STUN is a network protocol used primarily for realtime voice/video and messaging and it may impact video and chat feeds, we recommend not to block STUN traffic over port 443.
Better Experience:
In addition to the minimum requirements being met, we also recommend that UDP port 3478 is open. This port is used by a piece of hardware called STUN server that helps establish the connection between the participants in the call with a firewall in the middle.
Best Experience:
For the best possible experience, we recommend that UDP ports 1025 - 65535 be open. Once these ports are open, there is no need for intermediary STUN/TURN servers which removes a hop from the media traffic.
Affects audio/video on: Backstage, Sessions, and Networking.
Since all segments affected make use of UDP to deliver the best video quality via media streams. When the ports are blocked, the audio/video quality will be impacted and result in: drops in quality, freezes of the stream, downscaling resolution or even audio/video being completely inaccessible as a result of very restrictive firewalls that don’t allow even TCP traffic unless whitelisted.
Note:
-
In case the UDP ranges are blocked, real-time communications (i.e. video/audio in Sessions / Networking / Backstage) will fallback to TCP.
TCP is not recommended for media transfer (plus causes more loads on the internet bandwidth and CPU time) because it requires the receiver to acknowledge the data has been received and the sender tries to send again if there is no acknowledge within the certain window.
Since media data that failed to be delivered a second ago is not that relevant especially when the following seconds of media were delivered seamlessly. -
QUIC is a protocol introduced by Google to make the web faster and more efficient. It’s on by default in Google Chrome and used by a growing list of websites. Unfortunately, most, if not all, firewalls do not currently recognise QUIC traffic as ‘web’ traffic, therefore it is not inspected, logged or reported on, leaving a hole in a network’s security.
Blocking QUIC at the firewall will force the browser and server to fall back to standard HTTP or HTTPS, allowing the traffic to be inspected, protected and reported on as usual.
The advice from most firewall vendors is to block QUIC until support is officially added to their products. This recommended method will vary from firewall to firewall. Some firewalls allow QUIC by default while others block it by default, but all firewalls are able to allow or block it. It shouldn't affect Hopin's functionality if QUIC traffic is blocked. More info here: https://en.wikipedia.org/wiki/QUIC and here: https://www.chromium.org/quic/. -
Due to hopin.com being behind the Cloudflare network which means the IP addresses are continuously changing for security purposes. You will need to allow Cloudflare IP ranges through your firewall. The list can be found here.
Email Whitelisting
The IP addresses to whitelist for emails related to Hopin events and other products such as Session are:
- 149.72.91.86
- 159.183.101.101
- 167.89.79.244
- 168.245.124.113
- 168.245.2.229
We also recommend to allow no-reply@hopin.com and no-reply@session.com email addresses through email spam filters as well as the following domains:
- hopin.com
- hopin.to
- session.com
Note:
If you don't use our Session product at session.com the related email address and domain do not need to be allowed.