Whitelisting for Teams: CyberEscape Online

The following domains should be whitelisted for the best experience.

The tests found in this article can help diagnose if any compatibility tests are still failing, indicating that further whitelisting may need to be done. 

Do you use Zscaler or Forcepoint, or have SSL inspection turned on in your network tool? If so, you might need to add an SSL bypass rule for some of these domains. Scroll to the end of this article for more information. 

Please Note: If you have participants in China, please take a look at our documentation here as some services are blocked: https://www.livingsecurity.com/support/how-to-use-teams-cyberescape-online-in-china


Session Calendar Invites and Authentication (emailed) 

training@app.livingsecurity.com


Living Security

*.livingsecurity.com 


Participant Audio & Video Conferencing

*.twilio.com or refer to this table for specific destinations: https://www.twilio.com/docs/video/ip-addresses

Whitelist your choice of the following ports:

  1. 10,000 - 60,000 UDP/SRTP/SRTCP
  2. TLS/443
  3. UDP/3478
Your firewall should allow outgoing TCP or  UDP traffic to Twilio’s infrastructure, and allow return traffic in response.

If you prefer to whitelist individual IPs based on geographic location, you can use this article for reference: https://www.twilio.com/docs/video/ip-addresses#media-servers


Websocket & Database Connection:

firestore.googleapis.com
firebaseio.com

Gameplay CMS & Puzzles:
cdn.contentful.com
images.ctfassets.net
assets.ctfassets.net

LaunchDarkly
events.launchdarkly.com
app.launchdarkly.com


Whitelisting the following domains will create the most optimal experience, and will allow us to help with troubleshooting, provide chat support if needed, and give you access to our accessibility tool.  


Hubspot Chat Widget (optional)
api.hubspot.com
forms.hubspot.com

Debugging and Error Tracking (optional)
rum-http-intake.logs.datadoghq.com
*.ingest.sentry.io

Instructions & Help Tooltips (optional)
js.userpilot.io
find.userpilot.io
analytex.userpilot.io

Living Security Support Portal (optional)
livingsecurity.com/support
app.hubspot.com

Accessibility Widget (optional)
cdn.acsbapp.com

Fonts (optional)
fonts.googleapis.com
fonts.gstatic.com
Oss.maxcdn.com


SSL Bypass

Security tools like ZScaler, Netskope, and Forcepoint have an optional setting that can make them act as an SSL Proxy. Some services (like Firebase) don’t like SSL Proxies sitting between them and users. If you use either of these network security tools and are having trouble getting tests to pass, adding an SSL bypass rule will likely resolve blocking issues. You can find more detailed information on what this means and how to do this in the following articles: 

https://help.zscaler.com/zia/controlling-access-google-consumer-apps

https://help.zscaler.com/zia/about-ssl-inspection

https://help.zscaler.com/zia/configuring-ssl-inspection-policy 

Also helpful is configuring SSL Certificate Pinning for Google Shared Services as outlined here:

https://help.zscaler.com/zia/certificate-pinning-and-ssl-inspection

The following domains are what we have observed some of our customers having the most frequent errors with. They have successfully resolved these by adding an SSL decryption bypass rule. 

firestore.googleapis.com (or *.googleapis.com) 
*.twilio.com
*.livingsecurity.com (if your videos or puzzles are loading slowly, adding a bypass for this domain might help) 

Other Network Security Software

If you don't use Zscaler or Forcepoint but are still having trouble with whitelisting and getting the compatibility tests to pass, we recommend following the same tips in the Zscaler support docs. Customers have reported the most success by adding an SSL decryption bypass rule for firestore.googleapis.com (or for googleapis.com in general).

 

Questions? Contact Us!