M2 Firewall Information: for IT administrators and Network Security teams

M2-side-flipped 1.png

April 30, 2025

Why it's important?

Firewalls and network filters can potentially restrict access to domains utilized by M2 and MirrorTalk and its associated third-party services. The following guide has been crafted specifically for IT administrators and Network Security teams to aid in the proper configuration of firewall settings.

How to check if you need to contact your IT for help?

Simply run network diagnostics on the M2 Device to ensure access to the allowlist. Refer to the "Check Network" screen and click on the "Check Network" button for detailed instructions, as outlined in this article.

What needs to be whitelisted?

To support different security requirements, two alternative allow-lists are available:.

Table A – Wildcard version

This list uses a wildcard entry for the main service domain and wildcard patterns for supported AWS regions. Choosing Table A minimizes ongoing maintenance: any newly introduced subdomain or regional storage bucket is automatically included.

Table B – AWS Region version

This list specifies each service endpoint explicitly and organizes them by AWS region, without using wildcards. Table B allows you to restrict access to only the regions that comply with your local data policies, blocking all others.

Both tables already include all the necessary addresses for normal M2 / MirrorTalk operation, as well as the endpoints for various network resources. Please note that M2 and MirrorTalk require access to TCP ports 80 (HTTP) and 443 (HTTPS), while some domains also require the WSS protocol, and time synchronization with time.android.com uses UDP port 123.

Table A – Wildcard version

Doman, Wildcard	Ports	Protocol
mirrortalk.ai	TCP:443	HTTPS, WSS
*.mirrortalk.ai	TCP:443	HTTPS
swivlmirror-us-east-1.s3.amazonaws.com	TCP:443	HTTPS
swivlmirror-ca-central-1.s3.ca-central-1.amazonaws.com	TCP:443	HTTPS
swivlmirror-eu-west-2.s3.eu-west-2.amazonaws.com	TCP:443	HTTPS
swivlmirror-eu-central-1.s3.eu-central-1.amazonaws.com	TCP:443	HTTPS
swivlmirror-ap-southeast-1.s3.ap-southeast-1.amazonaws.com	TCP:443	HTTPS
swivlmirror-ap-southeast-2.s3.ap-southeast-2.amazonaws.com	TCP:443	HTTPS
foc-hw-logs.s3.amazonaws.com	TCP:443	HTTPS
dm-swivl.s3.amazonaws.com	TCP:443	HTTPS
*.swivl.com	TCP:443	HTTPS, WSS
*.rollbar.com	TCP:443	HTTPS
*.segment.com	TCP:443	HTTPS
*.google-analytics.com	TCP:443	HTTPS
accounts.google.com	TCP:443	HTTPS
ssl.gstatic.com	TCP:443	HTTPS
tagmanager.google.com	TCP:443	HTTPS
www.googletagmanager.com	TCP:443	HTTPS
googletagmanager.com	TCP:443	HTTPS
googleapis.com	TCP:443	HTTPS, WSS
firebasecrashlyticssymbols.googleapis.com	TCP:443	HTTPS
swivl.zendesk.com	TCP:443	HTTPS, WSS
*.zdassets.com	TCP:443	HTTPS
time.android.com	UDP:123	NTP

Table B – AWS Region version

Domain	Ports	Protocols
General endpoints
mirrortalk.ai	TCP:443	HTTPS, WSS
cdn-static.mirrortalk.ai	TCP:443	HTTPS
updates-cdn-us-east-1.mirrortalk.ai	TCP:443	HTTPS
foc-hw-logs.s3.amazonaws.com	TCP:443	HTTPS
dm-swivl.s3.amazonaws.com	TCP:443	HTTPS
cloud.swivl.com	TCP:443	HTTPS, WSS
dm.swivl.com	TCP:443	HTTPS, WSS
api.rollbar.com	TCP:443	HTTPS
cdn.rollbar.com	TCP:443	HTTPS
cdn.segment.com	TCP:443	HTTPS
api.segment.io	TCP:443	HTTPS
www.google-analytics.com	TCP:443	HTTPS
ssl.google-analytics.com	TCP:443	HTTPS
accounts.google.com	TCP:443	HTTPS
ssl.gstatic.com	TCP:443	HTTPS
tagmanager.google.com	TCP:443	HTTPS
www.googletagmanager.com	TCP:443	HTTPS
googletagmanager.com	TCP:443	HTTPS
googleapis.com	TCP:443	HTTPS, WSS
firebasecrashlyticssymbols.googleapis.com	TCP:443	HTTPS
swivl.zendesk.com	TCP:443	HTTPS, WSS
static.zdassets.com	TCP:443	HTTPS
ekr.zdassets.com	TCP:443	HTTPS
time.android.com	UDP:123	NTP

US Region
cdn-us-east-1.mirrortalk.ai	TCP:443	HTTPS
swivlmirror-us-east-1.s3.amazonaws.com	TCP:443	HTTPS
Canada Region
cdn-ca-central-1.mirrortalk.ai	TCP:443	HTTPS
swivlmirror-ca-central-1.s3.ca-central-1.amazonaws.com	TCP:443	HTTPS
EU (United Kingdom) Region
cdn-eu-west-2.mirrortalk.ai	TCP:443	HTTPS
swivlmirror-eu-west-2.s3.eu-west-2.amazonaws.com	TCP:443	HTTPS
EU (Germany) Region
cdn-eu-central-1.mirrortalk.ai	TCP:443	HTTPS
swivlmirror-eu-central-1.s3.eu-central-1.amazonaws.com	TCP:443	HTTPS
Australia (Sydney) Region
cdn-ap-southeast-2.mirrortalk.ai	TCP:443	HTTPS
swivlmirror-ap-southeast-2.s3.ap-southeast-2.amazonaws.com	TCP:443	HTTPS
Asia Pacific (Singapore) Region
cdn-ap-southeast-1.mirrortalk.ai	TCP:443	HTTPS
swivlmirror-ap-southeast-1.s3.ap-southeast-1.amazonaws.com	TCP:443	HTTPS

In addition to the above Table A/Table B please note and ensure that:

any ad blocker extensions on your browser are disabled or configured to allow MirrorTalk. This applies to all major browsers, including Chrome, Firefox, Safari, and Edge. Popular ad blockers such as AdBlock, uBlock Origin, and Ghostery may interfere with our service, so please either disable them or add MirrorTalk to their exceptions list;
Zoom also requires adjustments to your network firewall or proxy server. Visit this link for detailed instructions on how to configure these settings.

To ensure that you receive notification emails from MirrorTalk successfully, please add the following addresses to your email allowlist:

@mirrortalk.ai
@swivl.com

Check Network at mirrortalk.ai

If you have whitelisted all the necessary domains outlined above and the connection issue persists, go to https://mirrortalk.ai/network-test and check network.

Check network IT.gif

If there is an entry that has a red cross next to it, please contact support at support@swivl.com with the screenshot of this page and with details regarding the issue.

Troubleshooting QR Code Login

If the QR code for login does not appear on your device, please ensure that the following domains are open for WebSockets (WSS protocol on port 443):

wss://mirrortalk.ai

wss://*.mirrortalk.ai

wss://cloud.swivl.com

If you still have any questions, please contact us at support@mirrortalk.ai or support@swivl.com

M2 and MirrorTalk