Firewall Allowlist
Required domains and ports for Vrex
This page lists all domains that need to be allowed through your firewall for Vrex to function.
Required Ports
| Port | Protocol | Purpose |
|---|---|---|
| 443 | HTTPS/TCP | All Vrex traffic |
| 80 | HTTP/TCP | Certificate revocation only |
All traffic uses HTTPS on port 443. HTTP (port 80) is only needed for some CRL endpoints.
Core Domains
These domains are required for all Vrex functionality:
# Main application
*.vrex.no
# Authentication
*.auth0.com
*.cloudflare.com
# Cloud infrastructure
*.amazonaws.com
*.cloudfront.net
Streaming Domains
Required for VR Streaming (Quest via Portal):
# Streaming service
*.innoactive.io
*.innoactive.de
# Video streaming
*.twilio.com
Update Domains
Required for application updates:
# Launcher updates
vrex-launcher-releases.s3.eu-north-1.amazonaws.com
# Application updates
vrex-releases.s3.eu-north-1.amazonaws.com
Certificate Revocation
Allow access to CA endpoints for certificate validation:
# DigiCert
*.digicert.com
ocsp.digicert.com
crl3.digicert.com
crl4.digicert.com
# Sectigo
*.sectigo.com
ocsp.sectigo.com
# GlobalSign
*.globalsign.com
ocsp.globalsign.com
# Let's Encrypt
ocsp.pki.goog
*.lencr.org
Complete Allowlist
Copy this full list for your firewall configuration:
# === Core Services ===
*.vrex.no
*.auth0.com
*.amazonaws.com
*.cloudfront.net
*.cloudflare.com
# === VR Streaming ===
*.innoactive.io
*.innoactive.de
*.twilio.com
# === Updates ===
vrex-launcher-releases.s3.eu-north-1.amazonaws.com
vrex-releases.s3.eu-north-1.amazonaws.com
# === Certificate Revocation ===
*.digicert.com
*.sectigo.com
*.globalsign.com
ocsp.pki.goog
*.lencr.org
IP Ranges
If your firewall requires IP addresses instead of domains, note that Vrex uses:
- AWS (eu-north-1 region primarily)
- Cloudflare CDN
- Auth0 (various regions)
These IP ranges change frequently. Domain-based rules are strongly recommended.
Verification
After configuring your firewall, test connectivity:
Test-NetConnection -ComputerName api.vrex.no -Port 443
Test-NetConnection -ComputerName auth.vrex.no -Port 443
Test-NetConnection -ComputerName cdn.vrex.no -Port 443
All tests should show TcpTestSucceeded: True.
Common Issues
| Symptom | Cause | Solution |
|---|---|---|
| Login fails | auth0.com blocked | Allow *.auth0.com |
| Models don’t load | cloudfront.net blocked | Allow *.cloudfront.net |
| Updates fail | S3 blocked | Allow specific S3 URLs |
| Streaming fails | innoactive blocked | Allow *.innoactive.io |