Whitelisting for Teams: CyberEscape Online

The following domains should be whitelisted for the best experience.

The tests found in this article can help diagnose if any compatibility tests are still failing, indicating that further whitelisting may need to be done. 

Do you use Zscaler or Forcepoint, or have SSL inspection turned on in your network tool? If so, you might need to add an SSL bypass rule for some of these domains. Scroll to the end of this article for more information. 


Note: If you have participants in China, please take a look at our documentation here as some services are blocked: https://www.livingsecurity.com/support/how-to-use-teams-cyberescape-online-in-china

Session Calendar Invites and Authentication (emailed) 

From Address: training@app.livingsecurity.com

Our sending IPs:


Living Security General


Participant Audio & Video Conferencing

Twilio RTC (Real-Time Communication) services are architected in two layers:

  • Signaling Plane: This deals with the control information. The communicating entities typically exchange signaling messages for agreeing on what’s to be communicated (e.g. audio, video, etc) and how’s to be communicated (e.g. codecs, formats, etc.)
  • Media Plane: It deals with the media information itself. Media packets typically transport encoded and encrypted audio and video bits.

Both of these components must be whitelisted in order for CyberEscape Online to work.

🔢 Steps

1. From the table in this guide make exceptions for the Global Low Latency (default) region and any other region(s) where your organization operates on port and protocol 443 WSS.

2. From the table here, make exceptions for the region(s) where your organization operates using any of the following port methods:

  • 10,000 - 60,000 UDP/SRTP/SRTCP
  • TLS/443
  • UDP/3478


Akaromi BioCorp is headquartered in Japan with satellite offices in Los Angeles and Hamburg. They are unable to make exceptions on the ports of 10,000 - 60,000 UDP/SRTP/SRTCP or UDP/3478 for the media servers so they settle on TLS/443.

Signaling Exceptions:

Region ID Location Host Name Port and Protocol
gll Global Low Latency (default) global.vss.twilio.com 443 WSS
jp1 Japan jp1.vss.twilio.com "
de1 Germany de1.vss.twilio.com "
us2 US West Coast (Oregon) us2.vss.twilio.com "

Media Server Exceptions:

Region ID Location Server IPv4 Address Range Port
jp1 Japan
de1 Germany
us2 US West Coast (Oregon)



Websocket & Database Connection

  • firestore.googleapis.com
  • firebaseio.com

Gameplay CMS & Puzzles

  • cdn.contentful.com
  • images.ctfassets.net
  • assets.ctfassets.net


Whitelisting the following domains will create the most optimal experience, and will allow us to help with troubleshooting, provide chat support if needed, and give you access to our accessibility tool.  

Hubspot Chat Widget (optional)

Debugging and Error Tracking (optional)

Instructions & Help Tooltips (optional)

Living Security Support Portal (optional)

Accessibility Widget (optional)

Fonts (optional)

SSL Bypass

Security tools like ZScaler, Netskope, and Forcepoint have an optional setting that can make them act as an SSL Proxy. Some services (like Firebase) don’t like SSL Proxies sitting between them and users. If you use either of these network security tools and are having trouble getting tests to pass, adding an SSL bypass rule will likely resolve blocking issues. You can find more detailed information on what this means and how to do this in the following articles: 




Also helpful is configuring SSL Certificate Pinning for Google Shared Services as outlined here:


The following domains are what we have observed some of our customers having the most frequent errors with. They have successfully resolved these by adding an SSL decryption bypass rule. 

firestore.googleapis.com (or *.googleapis.com) 
*.livingsecurity.com (if your videos or puzzles are loading slowly, adding a bypass for this domain might help) 

Other Network Security Software

If you don't use Zscaler or Forcepoint but are still having trouble with whitelisting and getting the compatibility tests to pass, we recommend following the same tips in the Zscaler support docs. Customers have reported the most success by adding an SSL decryption bypass rule for firestore.googleapis.com (or for googleapis.com in general).


Questions? Contact Us!