Network Security - services and whitelisting
Some networks have security restrictions on outbound (egress) internet traffic using firewalls, proxy servers or switches. In this case, the firewall or proxy server will need to be configured (on a whitelist) to allow the streaming devices on the network to access the following Cloud Cover Music and Amazon Web Service hostnames/domains on port 443 only (TLS 1.2):
The CloudBox also needs to connect to an NTP server on port 123 (egress) to get the time and date, which is used for the certificate to verify and connect over https.
- CloudBoxes will require time.cloudcovermusic.com (port 123 only) in the near future, currently CloudBoxes require NTP (port 123) from multiple NTP sources, so please allow 123 at this time.
The CloudBox’s MAC address may also need to be whitelisted. The unique MAC address is labeled on the Box, and will resemble 00:40:63:1C:AE:38. The CloudBox will need to be power cycled before the new whitelist settings are applied.
If your firewall/proxy or endpoints have content filters installed, the following audio file types need to be allowed: OGG, MP4 (AAC Codec) and MP3