Firewall Settings

as a general security best practice, you should minimize the amount of ports that are opened on the firewall the initiating side can be behind an nat, and doesn’t need to be publicly reachable the zixi broadcaster should have a publicly reachable address source ip address may be filtered to come only from certain allowed sources make sure to open outgoing tcp 80 to license zixi com and udp 53 to your dns server network settings for zixi broadcaster as streaming server port type direction description protocol 2088/7088 udp inbound push input from a zixi enabled feeding software zixi 2077/7077 udp inbound pull output by zixi enabled receiving software zixi 2088/7088 udp outbound push output to a zixi broadcaster or aws mediaconnect zixi 2077/7077 udp outbound pull input from a zixi broadcaster or aws mediaconnect zixi 1935 tcp inbound push input from rtmp enabled software rtmp 1935 tcp outbound push output to cdn origin server or rtmp enabled software rtmp 7777 tcp inbound pull output from html5 video player or cdn caching software hls or dash 4444 tcp inbound web management ui http 80/443 tcp outbound communication to zixi license server http //license zixi com/ , http //license zixi com/ 52 72 218 41 34 195 97 223 3 140 62 221 3 137 16 26 zen master backend servers 18 210 103 157 23 20 44 73 34 200 88 233 34 238 1 65 35 170 111 151 52 4 9 203 http/https 53 tcp & udp outbound communication to domain name server return traffic must be enabled the maximum recommended throughput per port is 1gbps if more throughput is expected through the broadcaster, additional ports for the zixi protocol can be defined on the https //zixidocumentation atlassian net/wiki/spaces/116/pages/4775778220/general page under the settings tab 7077 and 7088 use dtls encryption for zec operating as a feeder device to a remote zixi broadcaster or aws mediaconnect, the following ports must be opened on your firewall(s) as described below network settings for zec as a feeder device port type direction description protocol 2088/7088 udp outbound push output to a zixi broadcaster or aws mediaconnect zixi 1935 tcp inbound push input from rtmp enabled software rtmp 4444 tcp inbound web management ui http 80/443 tcp outbound communication to zixi license server http //license zixi com/ , http //license zixi com/ 52 72 218 41 34 195 97 223 3 140 62 221 3 137 16 26 zen master backend servers 18 210 103 157 23 20 44 73 34 200 88 233 34 238 1 65 35 170 111 151 52 4 9 203 http/https 53 tcp & udp outbound communication to domain name server return traffic must be enabled the maximum recommended throughput per port is 1gbps if more throughput is expected through the broadcaster, additional ports for the zixi protocol can be defined on the https //zixidocumentation atlassian net/wiki/spaces/116/pages/4775778220/general page under the settings tab 7077 and 7088 use dtls encryption for the zec operating as a receiver device, the following ports must be opened on your firewall(s) as described below network settings for zec as a receiver device port type direction description protocol 2077/7077 udp outbound pull input from a zixi broadcaster or aws mediaconnect zixi 1935 tcp inbound push output to cdn origin server or rtmp enabled software rtmp 7777 tcp inbound pull output from html5 video player or cdn caching software hls or dash 4444 tcp inbound web management ui http 80/443 tcp outbound communication to zixi license server http //license zixi com/ , http //license zixi com/ 52 72 218 41 34 195 97 223 3 140 62 221 3 137 16 26 zen master backend servers 18 210 103 157 23 20 44 73 34 200 88 233 34 238 1 65 35 170 111 151 52 4 9 203 http/https 53 tcp & udp outbound communication to domain name server 22 ssh outbound zen master to customer's io zixi com server note this is an outbound only, private key authenticated, ssh tunnel no inbound rules are required return traffic must be enabled the maximum recommended throughput per port is 1gbps if more throughput is expected through the broadcaster, additional ports for the zixi protocol can be defined on the https //zixidocumentation atlassian net/wiki/spaces/116/pages/4775778220/general page under the settings tab 7077 and 7088 use dtls encryption iptables example rules when the listening port is udp 2088 iptables a input p udp dport 2088 j accept iptables a output p udp sport 2088 m state state established j accept iptables rules example, with target port 2088 iptables a output p udp dport 2088 j accept iptables a input p udp sport 2088 m state state established j accept