This document outlines the network requirements for enterprise applications built on the Kanda SDK, focusing on environments with restrictive firewalls. The application relies on several services that require specific network configurations to operate properly.
Protocol Requirements
UDP Support
UDP is recommended for optimal performance of network features. However, fallback options are available:
- Internet-based sessions can operate over Secure WebSockets (TCP)
- Voice chat requires UDP by default through Vivox
- If UDP is not permitted, an alternative TCP-based voice solutions can be used
Required Services
Kanda Cloud
- Persistent data storage
- User file management
- Lobby system
- Uses standard HTTPS (TCP 443)
Unity Multiplay Hosting
- Handles server hosted sessions
- Uses dynamic IP addresses
- Supports UDP with Secure WebSockets (WSS) fallback
- Port range 8100-65355 when connecting via UDP
- Port range 37000-37100 when connecting via WSS
Unity Relay Server
- Enables client hosted sessions
- Supports both UDP with Secure WebSockets (WSS) fallback
- Port range 37000-37100 for both WSS and UDP options
Unity Vivox
- Provides voice chat capabilities
- Requires UDP for media transport
- Can be replaced with TCP-based alternatives if UDP is not available
Domain Whitelist
Kanda Services
The following domains must be accessible:
*.login.kanda.dk*.api.kanda.dk*.app.kanda.dk
Email Services
For proper email delivery:
- Production:
mail.kanda.dk
- Pre-production:
stage.mail.kanda.dk
Port Requirements
Multiplay Hosting
- Protocol: TCP or UDP
- Port Range (UDP): 8100-65355
- Port Range (TCP): 37000-37100
- Direction: Outbound
Relay Service
- Protocol: TCP or UDP
- Port Range: 37000-37100
- Direction: Outbound
Vivox Voice Chat
- HTTPS: TCP 443
- RTP (Media): UDP 12000-52000
- Direction: Outbound initiation with inbound responses on same port
Firewall Configuration
Required Outbound Rules
For networks operating under implicit-deny policies:
- General Services Rule
Direction: Outbound
Ports: 80, 443
Protocol: TCP
Destination: Any
- Relay Service Rule
Direction: Outbound
Ports: 37000-37100
Protocol: TCP/UDP
Destination: Any
- Voice Chat Rule
Direction: Outbound
Ports: 12000-52000
Protocol: UDP
Destination: Vivox Subnets
Vivox Subnet Whitelist
Current as of October 29, 2024:
- 85.236.96.0/21
- 188.42.95.0/24
- 188.42.147.0/24
Note: Vivox backend components may change IPs without notice. Ensure subnet masks are correctly applied.
Special Considerations
Dynamic IP Addresses
Unity services (Multiplay Hosting, Relay, Vivox) use dynamic IP addresses. Firewall rules should be configured based on port ranges and protocols rather than specific IPs where possible.
SSL/TLS Inspection
Some corporate firewalls perform SSL/TLS inspection which can interfere with XMPP communications used by voice chat. Ensure appropriate exceptions are configured if SSL/TLS inspection is active.
Cross-Platform Considerations
Network access should be verified separately for each platform type (PC, VR, etc.) as different security policies may apply to different device types.
Troubleshooting
Common Issues
- Voice chat works on some devices but not others
- Verify firewall rules are applied consistently across all device types
- Check for platform-specific security policies
- Connection failures after firewall maintenance
- Verify all port ranges are still properly configured
- Check for new SSL/TLS inspection rules that might affect service connections
Verification Steps
- Test HTTPS connectivity to Kanda domains
- Verify UDP/TCP connectivity to session servers
- Test voice chat functionality across all required platforms
- Confirm email delivery from Kanda domains
Support
For additional assistance with network configuration, contact Kanda support at suppo.nosp@m.rt@k.nosp@m.anda..nosp@m.dk