ver 1.7 (Aug 8, 2024)

Why it's important?

Firewalls and network filters can potentially restrict access to domains utilized by Mirror and its associated third-party services. The following guide has been crafted specifically for IT administrators and Network Security teams to aid in the proper configuration of firewall settings.

How to check if you need to contact your IT for help? 

Simply run network diagnostics on the Mirror Device to ensure access to the allowlist. Refer to the "Check Network" screen and click on the "Check Network" button for detailed instructions, as outlined in this article.

What needs to be whitelisted? 

We highly recommend permitting all subdomains of our mirrortalk.ai domain to guarantee seamless and uninterrupted access to all our services. One common method to achieve this is by incorporating a wildcard record, such as *.mirrortalk.ai, into your allowlist. By doing so, you will safeguard your setup against any future additions of new features that may be hosted on subdomains.

Kindly take note that Mirror necessitates access to TCP ports 80 (http) and 443 (https). Additionally, certain domains mandate access to the WSS protocol.

For your users to effectively utilize Mirror, they must have access to the listed domains:

TCP 80 and 443 ports:

mirrortalk.ai

*.mirrortalk.ai

cdn-ca-central-1.mirrortalk.ai

cdn-us-east-1.mirrortalk.ai

cdn-eu-west-2.mirrortalk.ai

cdn-eu-central-1.mirrortalk.ai

cdn-ap-southeast-1.mirrortalk.ai

cdn-ap-southeast-2.mirrortalk.ai

cdn-static.mirrortalk.ai

updates-cdn-us-east-1.mirrortalk.ai

swivlmirror-us-east-1.s3.amazonaws.com

swivlmirror-ca-central-1.s3.amazonaws.com

swivlmirror-eu-west-2.s3.amazonaws.com

swivlmirror-eu-central-1.s3.amazonaws.com

swivlmirror-ap-southeast-1.s3.amazonaws.com

swivlmirror-ap-southeast-2.s3.amazonaws.com

foc-hw-logs.s3.amazonaws.com

dm-swivl.s3.amazonaws.com

*.swivl.com

*.rollbar.com

cloud.swivl.com

dm.swivl.com

api.rollbar.com

cdn.rollbar.com

cdn.segment.com

api.segment.io

www.google-analytics.com

ssl.google-analytics.com

accounts.google.com

ssl.gstatic.com

tagmanager.google.com

www.googletagmanager.com

googletagmanager.com

*.googleapis.com

googleapis.com

firebasecrashlyticssymbols.googleapis.com

swivl.zendesk.com

static.zdassets.com

ekr.zdassets.com

buttons.github.io

We use WebSockets for real-time communication, which utilizes the WSS standard. The following domains must be opened for WebSockets (protocol WSS):

wss://mirrortalk.ai
wss://*.mirrortalk.ai

wss://cloud.swivl.com

wss://dm.swivl.com

wss://googleapis.com

wss://swivl.zendesk.com

To avoid issues we recommend adding the following additional wildcards:

*.segment.com

*.rollbar.com

Zoom also requires adjustments to your network firewall or proxy server. Visit this link for detailed instructions on how to configure these settings.

To ensure that you receive notification emails from Mirror successfully, please add the following addresses to your email allowlist:

• @mirrortalk.ai
• @swivl.com

Check Network at mirrortalk.ai

If you have whitelisted all the necessary domains outlined above and the connection issue persists, go to https://mirrortalk.ai/network-test and check network. 

If there is an entry that has a red cross next to it, please contact support at support@swivl.com with the screenshot of this page and with details regarding the issue. 

Troubleshooting QR Code Login

If the QR code for login does not appear on your device, please ensure that the following domains are open for WebSockets (WSS protocol on port 443):

wss://mirrortalk.ai

wss://*.mirrortalk.ai

wss://cloud.swivl.com