Network requirements for Evidenced
Evidenced runs structured interviews in your browser, which means our platform needs to communicate reliably with our cloud infrastructure to handle video, audio and live transcription. This article sets out the firewall rules, domains and proxy configuration your IT team will need so that Evidenced works smoothly on your corporate network.
Firewall Configuration
Allow the following outbound traffic from your network. All connections are initiated by the user's browser, so no inbound firewall rules are required.
Note: Evidenced relies on Twilio for video calling infrastructure.
Traffic type | Protocol | Destination | Ports |
Signalling | WSS (WebSocket Secure) | global.vss.twilio.com | 443 |
STUN | UDP | global.stun.twilio.com | 3478 |
Media servers | UDP | 10,000 - 60,000 | |
TURN relay | UDP | global.turn.twilio.com | 3478 |
Media TLS fallback | TURN-TLS | global.turn.twilio.com | 443 |
Media Servers
Note: For customers conducting video interviews within the UK and Ireland, the ie1 region is the minimum required configuration.
For customers conducting video interviews in other countries within the EU, we'd recommend also including de1 to ensure the best possible experience.
For customers conducting video interviews outside of the EU, please contact your account manager or via email to support@evidenced.app for additional configuration instructions.
Ports used: 10,000 - 60,000 UDP/SRTP/SRTCP and TLS/443 and UDP/3478.
Region ID | Location | Server IPv4 Address Range |
ie1 | Ireland | 52.215.253.0/26 (52.215.253.0 - 52.215.253.63) 54.171.127.192/26 (54.171.127.192 - 54.171.127.255) 52.215.127.0/24 (52.215.127.0 - 52.215.127.255) 3.249.63.128/25 (3.249.63.128 - 3.249.63.255) |
de1 | Germany | 52.59.186.0/27 (52.59.186.0 - 52.59.186.31) 18.195.48.224/27 (18.195.48.224 - 18.195.48.255) 18.156.18.128/25 (18.156.18.128 - 18.156.18.255) |
Opening UDP ports 10,000 β 60,000 gives the best interview quality through a direct media connection. If your security policy doesn't allow that range, opening UDP port 3478 alone still works via a relay with only a small amount of added latency. Falling back to TCP 443 is a last resort and noticeably degrades audio and video quality.
That's it. Once these rules are in place, Evidenced should work reliably across your organisation.
If you have any questions, or if you'd like us to walk through this with your IT team directly, feel free to reach out in our in-app chat or email us at support@evidenced.app
Still having issues? See below for further troubleshooting.
Common configuration issues
Most connectivity problems we see aren't caused by closed ports, they're caused by corporate security tooling interfering with traffic that's already been allowed through. The four most common culprits are below.
TLS / SSL inspection
If your network uses an SSL-decrypting proxy (sometimes called a man-in-the-middle proxy), it will break our video and signalling connections. Please add all domains listed above to your SSL inspection exclusion list. If your proxy supports SNI-based bypass rules, use the same patterns there.
SIP ALG
SIP Application Layer Gateway is switched on by default in many corporate firewalls. It silently corrupts the packets used to establish video connections, which typically shows up as one-way audio or video. Please turn off SIP ALG on any firewalls or routers in the path of Evidenced traffic.
WebSocket idle timeouts
Evidenced uses persistent WebSocket connections to keep your interview running smoothly throughout the call. If your proxy times these out aggressively (defaults are often 60 β 120 seconds), interviewers and candidates can be disconnected mid-call. Please set the WebSocket idle timeout to at least 300 seconds (5 minutes) for the above domains.
VPN split tunnelling
Routing real-time video through a VPN tunnel adds latency and significantly degrades call quality. If your users connect via VPN, please configure split tunnelling so that traffic to Evidenced bypasses the tunnel and goes out directly.
Troubleshooting
Symptom | Likely cause | Resolution |
Can't connect to Room at all. | Signaling blocked: WSS port 443 to above domain isn't allowed. | Allow outbound WSS/443 to signalling domain. |
Connection established but no audio or video. | UDP ports blocked and TURN fallback also blocked. | Allow outbound UDP 3478 (or TCP 443) as per firewall configuration. |
One-way audio or video. | SIP ALG corrupting STUN/TURN packets, or asymmetric firewall rules. | Turn off SIP ALG. Verify firewall allows return UDP traffic on stateful connections. |
Audio or video quality is poor (choppy, pixelated). | TLS inspection proxy or DPI adding latency; VPN tunnel overhead. | Exclude the domains in our firewall configuration from the inspection and configure VPN Split Tunnelling. |
Participants disconnect mid-call. | WebSocket idle timeout terminating signalling connection. | Increase WSS idle timeout to at least 300 seconds. |
Connection works but with noticeable delay. | Falling back to TURN-TLS (TCP 443) instead of direct UDP. | Allow outbound UDP 10,000 - 60,000 or UDP 3478 to media server IP ranges. |
If you have any further questions, or if you'd like us to discuss any issues with your IT team directly, please reach out in our in-app chat or email us at support@evidenced.app. Thanks!