If you have verified that your network meets Highfive's minimum requirements, but you are encountering connectivity issues or degraded call quality, this article provides more detailed technical requirements and best practices that a network administrator can perform to improve your Highfive experience.
Important: Please consult with your IT team or network administrator before making any changes to the network settings to ensure you are not violating any organizational or regulatory policies.
Contents
- Allow the Highfive-Related URLs
- Enable Flow Control
- Enable QoS
- Assign Highfive to a Dedicated VLAN
- Resolve Potential Traffic Management Restrictions
Allow the Highfive-Related URLs
Some networks have firewalls, proxies or other rules that require Allow rules to be set for Highfive's servers so proper communication with the Highfive services will happen.
We recommend setting Allow rules Highfive's services by domain. All of the following destinations must be accessible in order to join a Highfive meeting:
Protocol | Port | Destination | Purpose | Static IPs Available |
UDP | 5005 | *.highfive.com | Meeting Control | No |
TCP | 443 | *.highfive.com | Meeting Control | No |
HTTP | 80 | *.highfive.com | Meeting Control | No |
TCP | 443 | *.highfive.services | Meeting Telemetry | No |
UDP | 5005 | *.media.highfive.services | Meeting Signaling and Content | Yes |
TCP | 5005 | *.media.highfive.services | Meeting Signaling and Content | Yes |
TCP | 443 | *.media.highfive.services | Meeting Signaling and Content | Yes |
TCP | 443 | dvwx47tzn54nr.cloudfront.net | Geographic Content Delivery | No |
TCP | 443 | d1hz5g3vh01yrm.cloudfront.net | Geographic Content Delivery | No |
HTTP | 80 | d1hz5g3vh01yrm.cloudfront.net | Geographic Content Delivery | No |
Allow Rules for Highfive Devices
If you are using Highfive meeting room devices, you must also allow the following destinations for the networks where the rooms are located:
Protocol | Port | Destination | Purpose | Static IPs Available |
TCP | 443 | *.dolbyvoice.com | Dolby Conference Phone Provisioning | No |
TCP | 443 | highfive.link | Wireless Screen Sharing | No |
HTTP | 80 | highfive.link | Wireless Screen Sharing | No |
For Highfive's services, UDP on port 5005 is preferred and results in the best real-time media experience. When UDP port 5005 is not available, TCP port 5005 is used. When TCP port 5005 is not available, TCP port 443 is used.
IP Ranges
For Highfive's primary media traffic, specific IP address ranges are available for setting Allow rules, and network optimization instead of domains. These can be used when firewall capabilities or security policies do not allow whitelisting, in place of the corresponding domains above:
Protocol | Port | Destinations | Purpose |
UDP | 5005 | 44.232.236.128/26 3.248.243.64/26 3.24.133.32/27 3.235.12.0/24 |
Meeting Signaling and Content |
TCP | 5005 | 44.232.236.128/26 3.248.243.64/26 3.24.133.32/27 3.235.12.0/24 |
Meeting Signaling and Content |
TCP | 443 | 44.232.236.128/26 3.248.243.64/26 3.24.133.32/27 3.235.12.0/24 |
Meeting Signaling and Content |
Note - The Highfive Meeting Connector and Room Connector do not use the IP address ranges published above. At this time, setting Allow rules must be done by domain name in order to use these features.
Check Point Software Technologies Firewall users - You can search for Highfive and enable all Highfive network traffic without having to explicitly Allow the domains above. Here is a tool you can use to search Check Point's database for supported applications: Check Point AppWiki.
Enable Flow Control
We recommend enabling flow control for 100 Mbps connections.
Enable QoS
Highfive supports the DSCP tag AF41 for all video, audio and STUN traffic on the LAN. The packets are always tagged with AF41, and enabling QoS support for computers running macOS, Linux, ChromeOS, and for Windows configurations where the client machines are part of a domain, will work as soon as the configuration is complete.
Assign Highfive to a Dedicated VLAN
For simplified setup, consider assigning your Highfive equipment to a dedicated VLAN, and have that VLAN configured with unrestricted access to external services and other devices on the same VLAN.
Highfive does not require that local users be able to directly access our devices: All meeting-related transmissions are direct to the meeting servers.
Having Highfive on a dedicated VLAN means you can keep your existing network configuration and security rules without negatively affecting the network traffic throughput that comes with using a real-time video conferencing service like Highfive.
Resolve Potential Traffic Management Restrictions
Applying the following network recommendations can help to eliminate problems with realtime video conferencing traffic.
Routing Priorities. Wherever possible, set the routing priority for Highfive traffic to real-time in your network.
Traffic-shaping and bandwidth-shaping rules. Set Highfive traffic at the highest available priority to ensure it gets routed most efficiently.
Deep-packet inspection rules and devices (DPI). Exclude Highfive traffic from passing through any DPI process to help ensure a smooth link between client devices and the meeting servers. DPI devices can interrupt real-time traffic flow in a way that leads to higher latency, data bursts, and more retransmission.
Application Layer Firewalls. If Highfive traffic is being monitored by an application layer firewall, this can harm the real-time traffic needs of video conferencing by adding lag, causing packet timeouts, and contributing to jitter.