Pandora CloudCover

Network Security - explicitly allowing services

Some networks have security restrictions on outbound (egress) internet traffic using firewalls, proxy servers or switches.  In this case, the firewall or proxy server will need to be configured to explicitly allow the streaming devices on the network to access the following Pandora CloudCover and Amazon Web Service hostnames/domains on port 443 only (TLS 1.2, TLS 1.3):

<a href="https://cloudcovermusic.com" rel="nofollow noopener noreferrer" target="_blank">https://cloudcovermusic.com</a>

<a href="https://connect.cloudcovermusic.com" rel="nofollow noopener noreferrer" target="_blank">https://connect.cloudcovermusic.com</a>

<a href="https://tune.cloudcovermusic.com" rel="nofollow noopener noreferrer" target="_blank">https://tune.cloudcovermusic.com</a>

<a href="https://api.cloudcovermusic.com" rel="nofollow noopener noreferrer" target="_blank">https://api.cloudcovermusic.com</a>

<a href="https://api2.cloudcovermusic.com" rel="nofollow noopener noreferrer" target="_blank">https://api2.cloudcovermusic.com</a>

<a href="https://api3.cloudcovermusic.com" rel="nofollow noopener noreferrer" target="_blank">https://api3.cloudcovermusic.com</a>

<a href="https://api-sonos.cloudcovermusic.com" rel="nofollow noopener noreferrer" target="_blank">https://api-sonos.cloudcovermusic.com</a>

<a href="https://api5.cloudcovermusic.com" rel="nofollow noopener noreferrer" target="_blank">https://api5.cloudcovermusic.com</a>

<a href="https://media.cloudcovermusic.com" rel="nofollow noopener noreferrer" target="_blank">https://media.cloudcovermusic.com</a>

<a href="https://media2.cloudcovermusic.com" rel="nofollow noopener noreferrer" target="_blank">https://media2.cloudcovermusic.com</a>

<a href="https://sqs.us-east-1.amazonaws.com" rel="nofollow noopener noreferrer" target="_blank">https://sqs.us-east-1.amazonaws.com</a>

<a href="https://queue.amazonaws.com" rel="nofollow noopener noreferrer" target="_blank">https://queue.amazonaws.com</a>

<a href="https://cognito-identity.us-east-1.amazonaws.com" rel="nofollow noopener noreferrer" target="_blank">https://cognito-identity.us-east-1.amazonaws.com</a>

- <a href="https://cloudcovermusic.com" rel="nofollow noopener noreferrer" target="_blank">https://cloudcovermusic.com</a>
- <a href="https://connect.cloudcovermusic.com" rel="nofollow noopener noreferrer" target="_blank">https://connect.cloudcovermusic.com</a>
- <a href="https://tune.cloudcovermusic.com" rel="nofollow noopener noreferrer" target="_blank">https://tune.cloudcovermusic.com</a>
- <a href="https://api.cloudcovermusic.com" rel="nofollow noopener noreferrer" target="_blank">https://api.cloudcovermusic.com</a>
- <a href="https://api2.cloudcovermusic.com" rel="nofollow noopener noreferrer" target="_blank">https://api2.cloudcovermusic.com</a>
- <a href="https://api3.cloudcovermusic.com" rel="nofollow noopener noreferrer" target="_blank">https://api3.cloudcovermusic.com</a>
- <a href="https://api-sonos.cloudcovermusic.com" rel="nofollow noopener noreferrer" target="_blank">https://api-sonos.cloudcovermusic.com</a>
- <a href="https://api5.cloudcovermusic.com" rel="nofollow noopener noreferrer" target="_blank">https://api5.cloudcovermusic.com</a>
- <a href="https://media.cloudcovermusic.com" rel="nofollow noopener noreferrer" target="_blank">https://media.cloudcovermusic.com</a>
- <a href="https://media2.cloudcovermusic.com" rel="nofollow noopener noreferrer" target="_blank">https://media2.cloudcovermusic.com</a>
- <a href="https://sqs.us-east-1.amazonaws.com" rel="nofollow noopener noreferrer" target="_blank">https://sqs.us-east-1.amazonaws.com</a>
- <a href="https://queue.amazonaws.com" rel="nofollow noopener noreferrer" target="_blank">https://queue.amazonaws.com</a>
- <a href="https://cognito-identity.us-east-1.amazonaws.com" rel="nofollow noopener noreferrer" target="_blank">https://cognito-identity.us-east-1.amazonaws.com</a>

Note: allowing the wildcards saves adding separate entries if compliant with company security policies.

*.<a href="http://cloudcovermusic.com" rel="nofollow noopener noreferrer" target="_blank">cloudcovermusic.com</a>

*.<a href="http://amazonaws.com" rel="nofollow noopener noreferrer" target="_blank">amazonaws.com</a>

- *.<a href="http://cloudcovermusic.com" rel="nofollow noopener noreferrer" target="_blank">cloudcovermusic.com</a>
- *.<a href="http://amazonaws.com" rel="nofollow noopener noreferrer" target="_blank">amazonaws.com</a>

Add these for our Pandora Radio Functionality

<a href="https://*.mountain.siriusxm.com" rel="nofollow noopener noreferrer" target="_blank">https://*.mountain.siriusxm.com</a>

<a href="" rel="nofollow noopener noreferrer" target="_blank">https://*.p-cdn.com</a>

<a href="" rel="nofollow noopener noreferrer" target="_blank">https://*.pandora.com </a>

- <a href="https://*.mountain.siriusxm.com" rel="nofollow noopener noreferrer" target="_blank">https://*.mountain.siriusxm.com</a>
- <a href="" rel="nofollow noopener noreferrer" target="_blank">https://*.p-cdn.com</a>
- <a href="" rel="nofollow noopener noreferrer" target="_blank">https://*.pandora.com </a>

<a href="" rel="nofollow noopener noreferrer" target="_blank">time.cloudcovermusic.com</a> on port 123UDP

- CloudBox's (Models G9Y4, and G9CX10 to G9CX21)

<a href="" rel="nofollow noopener noreferrer" target="_blank">pool.ntp.org</a> on port 123UDP

- Only older model CloudBox's (Models G9CX9 and below)

- <a href="" rel="nofollow noopener noreferrer" target="_blank">time.cloudcovermusic.com</a> on port 123UDP
 - CloudBox's (Models G9Y4, and G9CX10 to G9CX21)
- <a href="" rel="nofollow noopener noreferrer" target="_blank">pool.ntp.org</a> on port 123UDP
 - Only older model CloudBox's (Models G9CX9 and below)

The CloudBox needs to connect to an NTP server on port 123 to get the time and date, which is used for the certificate to verify and connect over https.

If you have any questions support can confirm the specific NTP based on the generation of the CloudBox.

- The CloudBox needs to connect to an NTP server on port 123 to get the time and date, which is used for the certificate to verify and connect over https.
- If you have any questions support can confirm the specific NTP based on the generation of the CloudBox.

The CloudBox’s MAC address may also need to be specifically listed as a device to be allowed. The unique Ethernet MAC address is labeled on the Box, and will resemble C4:4E:63:1C:AE:38. The CloudBox will need to be power cycled before the new 'allow' settings are applied.

- The CloudBox’s MAC address may also need to be specifically listed as a device to be allowed. The unique Ethernet MAC address is labeled on the Box, and will resemble C4:4E:63:1C:AE:38. The CloudBox will need to be power cycled before the new 'allow' settings are applied.

If your firewall/proxy or endpoints have content filters installed, the following audio file types need to be allowed: OGG, MP4 (AAC Codec) and MP3

- If your firewall/proxy or endpoints have content filters installed, the following audio file types need to be allowed: OGG, MP4 (AAC Codec) and MP3

Pandora CloudCover uses roughly 1.5GB - 2GB a day (24 hours) per streaming device. In order to stream music consistently and without interruption, you should dedicate at least 384 Kbps in bandwidth, but 1.5Mbps is recommended.

- Pandora CloudCover uses roughly 1.5GB - 2GB a day (24 hours) per streaming device. In order to stream music consistently and without interruption, you should dedicate at least 384 Kbps in bandwidth, but 1.5Mbps is recommended.

If you encounter network-related problems while using our service, consult our <a href="https://help.cloudcovermusic.com/en/articles/4606246-network-configuration-tests">Network Configuration Tests</a> or <a href="https://help.cloudcovermusic.com/en/articles/8510556-cloudbox-diagnostics-tool-solve-network-challenges-with-precision">CloudBox Diagnostics Tool</a> guides for assistance

Are you wondering about device compatibility? You can find detailed information in our guide: <a href="https://help.cloudcovermusic.com/en/articles/6365485-supported-devices-system-requirements">Supported Devices - System Requirements</a>.

Click below to download a PDF copy of this guide for easy sharing

Pandora CloudCover_ Firewall, Proxy and Content Filter Configurations.pdf

Configure your Firewall and proxy settings to allow Pandora CloudCover to stream over your network.

Firewall, Proxy and Content Filter Configurations

Network Security - explicitly allowing services

NTP

DNS

Mac Address

Content Filters

Bandwidth Requirements

Troubleshooting Network Issues?