Please allow access to the following addresses and exclude them from filtering and HTTPS inspection for any connection type (authenticated/unauthenticated).

 

Port

Protocol

Hostname

Function

443

WSS, HTTPS

*.senso.cloud

Services on these addresses provide front-end and back-end functionality.

443

WSS, HTTPS

*.service.signalr.net

Required for client communication.

443

HTTPS

sensoeugeneral.blob.core.windows.net

Required for general storage functionality.

443

HTTPS

sensoeustorage.blob.core.windows.net

Required for downloading modules.

443

HTTPS

sensologarchivestorage.blob.core.windows.net

Required to view archived logging data.

443/3478

UDP, STUN, TURN, HTTPS

ne-turn.senso.cloud
uks-turn.senso.cloud

North America Customers:


scus-turn.senso.cloud
scus-1-ce.service.signalr.net
scus-2.senso.cloud

Required for live thumbnails and module feedback.

 

If you network does not support wildcards, you will need to include the following also:

 

443

WSS, HTTPS

api.senso.cloud

Main API

443

WSS, HTTPS

portal.senso.cloud

Primary Portal URL

443

WSS, HTTPS

!REPLACEME!.senso.cloud

Replace bold text with your server - example ne-1.senso.cloud

443

WSS, HTTPS

!REPLACEME!.service.signalr.net

Replace bold text with server - example ne-1.service.signalr.net

443

WSS, HTTPS 

api-!REPLACEME!.senso.cloud

Replace bold text with server - example api-ne-1.senso.cloud

 

 For a full list of DNS IP Addresses, please click here


How can I specify a proxy server for the Senso client to use?

 

The Senso client will make every effort to detect the correct proxy settings to use, however, it may occasionally be required to override these. To do this please follow the instructions in the article here -  Manually Configure Proxy

How does the Senso client route traffic?

 

The Senso client uses 3 methods for making a secure connection between the client and the console. 

  

METHOD 1:

 

The Senso client tries to establish a direct peer to peer connection internally on your network. This allows your network traffic to stay local and only use your broadband line to establish the initial connection between client and the console. In theory this method should always work if you are on the same VLAN, Switch, Access Point.  If the Senso client is unable to make a direct peer connection, then it tries Method 2. 

 

METHOD 2:

 

Where possible WebRTC will attempt to connect using host candidates, which will keep traffic local to the network. In scenarios where this is not possible; restrictive VLANs, guest networks, over the Internet, etc... then it will attempt to connect using server reflexive candidates. To do this WebRTC makes use of UDP hole punching as a method of establishing connections between clients and as such outbound UDP ports are required to be accessible, if they are not then server reflexive candidates will fail to connect and relay candidates will be attempted. However, as these are routed through the TURN server (Method 3) they will be much slower. Please see RFC 5389 for a detailed explanation of the STUN protocol - https://tools.ietf.org/html/rfc5389. This protocol is used with SIP as well, so if you have a VoIP system, you may already have exclusions in place for other STUN servers.
  

Port: 0-65535

Direction: Outbound

Destination: (ANY) To limit the destinations, please specify the IP addresses, subnets (host) or public IPs (srflx) of the clients you are trying to connect to.  

Protocol: UDP

 

METHOD 3:

 

The Senso client tries to establish a connection by using the Senso relay servers.    
  

Port: 49152-65535

Direction: Outbound

Destination: ne-turn.senso.cloud

Destination: scus-1-turn.senso.cloud (North American Customers Only)

Protocol: UDP