Identifying and Solving VPN, Firewall or Network Restriction Issues
Security is of greatest importance but sometimes secure systems get in the way of safe applications from running effectively. PheedLoop, like any other cloud-based software platform, relies on several systems offered by companies like Amazon, Google, Stripe, Zoom, and more, for example, and Content Delivery Networks (CDN) for full and proper functioning. In some instances, corporate or government Virtual Private Networks (VPN), firewalls, or other security systems may block some of these companies or their services which in turn affects how PheedLoop may be loaded for an attendee. In this article, we recommend some common troubleshooting tips which we've found to work effectively for events and their attendees experiencing issues due to technology restrictions in their environments.
Note: If none of these work or are possible, the surefire fix is to use a different (ideally personal) computer on a different (ideally personal) network.
Note: If you have not already, please also refer to our Recommended System and Internet Requirements as your issue may not be related to security settings, and simply related to using an out of date browser or not meeting some other basic requirement.
We've found Zscaler to be a fairly common security tool customers use, so the following tips should be helpful:
- Zscaler's tenancy restriction feature allows you to restrict access either to personal accounts, business accounts, or both for certain cloud applications. Visit this link to learn more and enable Google Apps for Zscaler.
- Zscaler's certificate pinning is a process in which a desktop/mobile application validates that the TLS certificates presented by the application's backend TLS web servers match a known set of certificates pinned or hardcoded in the application. Visit this link to learn more and bypass Google Shared Services for Zscaler.
Other Security Software
We recommend reaching out to the providers of any other security software you use or exploring their knowledge bases for any information which may restrict access to PheedLoop. PheedLoop relies on Google's Firebase API, so we've found that adding SSL decryption bypass rules for all googleapis.com (use a wildcard for all subdomains of goggleapis.com), and also configuring SSL certificate pinning helps.
If you would like to contact your IT department to help them clear any restrictions for you, use this link to run the test (takes 2-5 minutes) and send them the results, or have them run the test on their own. Based on which tests fail, your IT department should be able to allow access and re-run the test to confirm.
If you cannot solve the security settings yourself, you may want to try using a different network and different computer, ideally a combination of both. This ensures you are bypassing any network and computer level restrictions. If you are currently using an organization issued a device, try using a personal device and network.
Domains and IP Addresses to Whitelist
The following is a list of domains we strongly recommend whitelisting if you believe you are experiencing errors or predict possible issues using PheedLoop. If you do not have any network restrictions or firewalls, you will not need to explicitly whitelist any domains and can ignore the following.
*.pheedloop.com *.s3.amazonaws.com *.googleapis.com *.google-analytics.com *.keen.io *.mux.com *.bugsnag.com *.zoom.us *.chime.aws
Ports to Whitelist
For minimum functionality of the platform, ensure port TCP/443 is open to allow secure traffic and communication to pass through, as PheedLoop does not work over non-encrypted ports. For maximum functionality of the platform, ensure ports UDP/10000 - UDP/65535 are open.