Technical Support
      Back to home
      1. Support Garden
      2. Living Security Departments
      3. Technical Support

      Whitelisting for Teams: CyberEscape Online

      The following domains should be whitelisted for the best experience.

      The tests found in this article can help diagnose if any compatibility tests are still failing, indicating that further whitelisting may need to be done. 

      Do you use Zscaler or Forcepoint, or have SSL inspection turned on in your network tool? If so, you might need to add an SSL bypass rule for some of these domains. Scroll to the end of this article for more information. 

       

      Note: If you have participants in China, please take a look at our documentation here as some services are blocked: https://www.livingsecurity.com/support/how-to-use-teams-cyberescape-online-in-china

      Session Calendar Invites and Authentication (emailed) 

      From Address: training@app.livingsecurity.com

      Our sending IPs:

      • 198.37.157.57
      • 198.37.157.99
      • 167.89.96.129
      • 149.72.82.76

      Living Security General

      *.livingsecurity.com 

      Participant Audio & Video Conferencing

      Twilio RTC (Real-Time Communication) services are architected in two layers:

      • Signaling Plane: This deals with the control information. The communicating entities typically exchange signaling messages for agreeing on what’s to be communicated (e.g. audio, video, etc) and how’s to be communicated (e.g. codecs, formats, etc.)
      • Media Plane: It deals with the media information itself. Media packets typically transport encoded and encrypted audio and video bits.

      Both of these components must be whitelisted in order for CyberEscape Online to work.

      🔢 Steps

      1. From the table in this guide make exceptions for the Global Low Latency (default) region and any other region(s) where your organization operates on port and protocol 443 WSS.

      2. From the table here, make exceptions for the region(s) where your organization operates using any of the following port methods:

      • 10,000 - 60,000 UDP/SRTP/SRTCP
      • TLS/443
      • UDP/3478

      Example:

      Akaromi BioCorp is headquartered in Japan with satellite offices in Los Angeles and Hamburg. They are unable to make exceptions on the ports of 10,000 - 60,000 UDP/SRTP/SRTCP or UDP/3478 for the media servers so they settle on TLS/443.

      Signaling Exceptions:

      Region ID Location Host Name Port and Protocol
      gll Global Low Latency (default) global.vss.twilio.com 443 WSS
      jp1 Japan jp1.vss.twilio.com "
      de1 Germany de1.vss.twilio.com "
      us2 US West Coast (Oregon) us2.vss.twilio.com "


      Media Server Exceptions:

      Region ID Location Server IPv4 Address Range Port
      jp1 Japan 13.115.244.0/27
      54.65.63.192/26
      18.180.220.128/25      		 TLS/443
      de1 Germany 52.59.186.0/27
      18.195.48.224/27
      18.156.18.128/25      		 "
      us2 US West Coast (Oregon) 34.216.110.128/27
      54.244.51.0/24
      44.234.69.0/25      		 "

       

       

      Websocket & Database Connection

      • firestore.googleapis.com
      • firebaseio.com

      Gameplay CMS & Puzzles

      • cdn.contentful.com
      • images.ctfassets.net
      • assets.ctfassets.net


      LaunchDarkly
      events.launchdarkly.com
      app.launchdarkly.com


      Whitelisting the following domains will create the most optimal experience, and will allow us to help with troubleshooting, provide chat support if needed, and give you access to our accessibility tool.  


      Hubspot Chat Widget (optional)
      api.hubspot.com
      forms.hubspot.com

      Debugging and Error Tracking (optional)
      rum-http-intake.logs.datadoghq.com
      *.ingest.sentry.io

      Instructions & Help Tooltips (optional)
      js.userpilot.io
      find.userpilot.io
      analytex.userpilot.io

      Living Security Support Portal (optional)
      livingsecurity.com/support
      app.hubspot.com

      Accessibility Widget (optional)
      cdn.acsbapp.com

      Fonts (optional)
      fonts.googleapis.com
      fonts.gstatic.com
      Oss.maxcdn.com

      SSL Bypass

      Security tools like ZScaler, Netskope, and Forcepoint have an optional setting that can make them act as an SSL Proxy. Some services (like Firebase) don’t like SSL Proxies sitting between them and users. If you use either of these network security tools and are having trouble getting tests to pass, adding an SSL bypass rule will likely resolve blocking issues. You can find more detailed information on what this means and how to do this in the following articles: 

      https://help.zscaler.com/zia/controlling-access-google-consumer-apps

      https://help.zscaler.com/zia/about-ssl-inspection

      https://help.zscaler.com/zia/configuring-ssl-inspection-policy 

      Also helpful is configuring SSL Certificate Pinning for Google Shared Services as outlined here:

      https://help.zscaler.com/zia/certificate-pinning-and-ssl-inspection

      The following domains are what we have observed some of our customers having the most frequent errors with. They have successfully resolved these by adding an SSL decryption bypass rule. 

      firestore.googleapis.com (or *.googleapis.com) 
      *.twilio.com
      *.livingsecurity.com (if your videos or puzzles are loading slowly, adding a bypass for this domain might help) 

      Other Network Security Software

      If you don't use Zscaler or Forcepoint but are still having trouble with whitelisting and getting the compatibility tests to pass, we recommend following the same tips in the Zscaler support docs. Customers have reported the most success by adding an SSL decryption bypass rule for firestore.googleapis.com (or for googleapis.com in general).

       

      Questions? Contact Us!