> ## Documentation Index
> Fetch the complete documentation index at: https://docs.liveavatar.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Firewall Configuration

> Network requirements for LiveAvatar WebRTC connections

LiveAvatar uses LiveKit for WebRTC. Connections require WebSocket (WSS) and WebRTC (TLS/DTLS) protocols over TCP and UDP with encrypted connections.

## Minimum required

| Host                   | Port     | Purpose                    |
| ---------------------- | -------- | -------------------------- |
| `*.livekit.cloud`      | TCP 443  | Secure WebSocket signaling |
| `*.turn.livekit.cloud` | TCP 443  | TURN over TLS fallback     |
| `*.host.livekit.cloud` | UDP 3478 | TURN/UDP for peer-to-peer  |
| `api.liveavatar.com`   | TCP 443  | Avatar API and signaling   |

## Recommended for best performance

* **All hosts**: UDP 50000–60000 for WebRTC media
* **All hosts**: TCP 7881 for WebRTC TCP fallback

## Tips

* Enable UDP hole-punching where supported
* Avoid symmetric NAT configurations when possible
* UDP is strongly recommended for low-latency performance; TCP fallback degrades quality

## Wildcard alternatives

If your firewall doesn't support wildcards like `*.livekit.cloud`, consult [LiveKit's firewall documentation](https://docs.livekit.io/home/cloud/firewall/) using subdomain `heygen-feapbkvq`.

## Troubleshooting

* [Browser compatibility test](https://livekit.io/webrtc/browser-test)
* [Connection tester](https://livekit.io/connection-test) (requires `livekit_url` and `livekit_client_token` from a started session)