In order for senso to operate correctly it might be necessary to add some rules to your firewall, filter and or proxy.
Please allow access to the following addresses and exclude them from filtering and packet inspection for any connection (authenticated/unauthenticated).
IMPORTANT! If experiencing any connection issues please ensure no SSL inspections are occurring for the Signalr service connected to Senso or any of the listed URls or IP Addresses.
|443||WSS, HTTPS||*.senso.cloud||Services on these addresses provide front-end and back-end functionality.|
|443||WSS, HTTPS||*.service.signalr.net||Required for client communication.|
|443||HTTPS||sensoeustorage.blob.core.windows.net||Required for downloading modules.|
|443||HTTPS||sensologarchivestorage.blob.core.windows.net||Required to view archived logging data.|
|443, 3478||UDP, STUN, TURN, HTTPS||senso-sturn-northeu.cloudapp.net||Required for live thumbnails and module feedback.|
|North American Customers Only|
|443, 3478||UDP, STUN, TURN, HTTPS||senso-sturn-centralusa.cloudapp.net||Required for live thumbnails and module feedback.|
How can I specify a proxy server for the senso client to use?
The senso client will make every effort to detect the correct proxy settings to use, however, it may occasionally be required to override these. To do this please follow the instructions in the article here - How to specify a proxy server for the senso client to use
How does the senso client route traffic?
The senso client uses 3 methods for making a secure connection between the client and the console.
Where possible WebRTC will attempt to connect using host candidates, which will keep traffic local to the network. In scenarios where this is not possible; restrictive VLANs, guest networks, over the Internet, etc... then it will attempt to connect using server reflexive candidates. To do this WebRTC makes use of UDP hole punching as a method of establishing connections between clients and as such outbound UDP ports are required to be accessible, if they are not then server reflexive candidates will fail to connect and relay candidates will be attempted. However, as these are routed through the TURN server (Method 3) they will be much slower.
Please see RFC 5389 for a detailed explanation of the STUN protocol - https://tools.ietf.org/html/rfc5389. This protocol is used with SIP as well, so if you have an VoIP system, you may already have exclusions in place for other STUN servers.
Destination: (ANY) To limit the destinations, please specify the IP addresses, subnets (host) or public IPs (srflx) of the clients you are trying to connect to.
The senso client tries to establish a connection by using the senso relay servers.
Destination: senso-sturn-centralusa.cloudapp.net (North American Customers Only)