Francoflex logo

Firewall Whitelist

Complete list of domains and endpoints that need to be whitelisted for the platform to function properly in corporate environments.

Firewall and Network Configuration

This guide provides the complete list of domains and endpoints that need to be whitelisted for the platform to function properly in corporate environments.

Required Domains for the platform

Core Application Services

AI Conversation Services

  • api.elevenlabs.io (WebSocket on port 443)
    • Used for: AI voice conversations with Madame AI
    • Protocol: wss://api.elevenlabs.io/v1/convai/conversation?*
    • Required for: Real-time voice interactions

AI Backend Services

  • animated-druid-dbee5a.netlify.app
    • Used for: Madame AI backend functions
    • Protocol: https://animated-druid-dbee5a.netlify.app/.netlify/functions/*
    • Required for: AI conversation processing

Interactive Activities

  • view.genially.com
    • Used for: Interactive learning activities and presentations
    • Protocol: HTTPS
    • Required for: Learning modules and interactive content

Google Cloud Platform Services

The platform uses Google Cloud Platform for core infrastructure. The following domains should be whitelisted:

Core Google Cloud Services

  • *.googleapis.com (wildcard recommended)

    • Used for: All Google Cloud APIs
    • Required for: Database, storage, and authentication services

  • console.cloud.google.com

    • Used for: Google Cloud Console access (admin only)
    • Required for: Platform administration

  • cloud.google.com

    • Used for: Google Cloud documentation and resources
    • Required for: Platform updates and information

Static Content and Authentication

  • *.gstatic.com

    • Used for: Static content (scripts, stylesheets, images)
    • Required for: Proper application loading

  • accounts.google.com

    • Used for: Google account authentication
    • Required for: User authentication (if enabled)

Firebase Services

Core Firebase Domains

  • *.firebaseapp.com

    • Used for: Legacy Firebase hosting
    • Required for: Application hosting (legacy projects)

  • *.web.app

    • Used for: Current Firebase hosting
    • Required for: Modern application hosting

  • *.firebaseio.com

    • Used for: Firebase Realtime Database WebSocket connections
    • Protocol: WebSocket (WSS)
    • Required for: Real-time data synchronization

Firebase Storage and Database

  • firebasestorage.googleapis.com

    • Used for: File storage and retrieval
    • Required for: Document uploads, profile images

  • firestore.googleapis.com

    • Used for: Firestore database API
    • Required for: Application data storage

Firebase Authentication

  • identitytoolkit.googleapis.com

    • Used for: User authentication and management
    • Required for: User login and registration

  • securetoken.google.com

    • Used for: Authentication token security
    • Required for: Secure user sessions

Firebase Cloud Messaging

  • fcm.googleapis.com
    • Used for: Push notifications
    • Required for: User notifications

General Google Services

  • www.googleapis.com

    • Used for: Various Google APIs
    • Required for: Additional Google services integration

  • google-analytics.com and *.google-analytics.com

    • Used for: Analytics tracking (if enabled)
    • Required for: Usage analytics

Port Requirements

Standard HTTPS Traffic

  • Port 443 (HTTPS)
    • Required for all web traffic
    • Used by all domains listed above

WebSocket Connections

  • Port 443 (WSS - Secure WebSocket)
    • Required for real-time features
    • Used by ElevenLabs AI and Firebase Realtime Database

Network Configuration Examples

Firewall Rules (Generic)

ALLOW OUTBOUND HTTPS (443) TO:
- *.googleapis.com
- *.gstatic.com
- *.firebaseapp.com
- *.web.app
- *.firebaseio.com
- api.elevenlabs.io
- animated-druid-dbee5a.netlify.app
- view.genially.com
- accounts.google.com
- console.cloud.google.com
- cloud.google.com
- firebasestorage.googleapis.com
- firestore.googleapis.com
- identitytoolkit.googleapis.com
- securetoken.google.com
- fcm.googleapis.com
- www.googleapis.com
- google-analytics.com
- *.google-analytics.com

Proxy Configuration

If using a corporate proxy, ensure these domains are in the bypass list or proxy configuration:

api.elevenlabs.io
animated-druid-dbee5a.netlify.app
view.genially.com
*.googleapis.com
*.gstatic.com
*.firebaseapp.com
*.web.app
*.firebaseio.com
accounts.google.com
console.cloud.google.com
firebasestorage.googleapis.com
firestore.googleapis.com
identitytoolkit.googleapis.com
securetoken.google.com
fcm.googleapis.com
www.googleapis.com
google-analytics.com
*.google-analytics.com

Testing Network Connectivity

Basic Connectivity Test

Test if your network can reach the required services:

# Test HTTPS connectivity
curl -I https://api.elevenlabs.io
curl -I https://firestore.googleapis.com
curl -I https://animated-druid-dbee5a.netlify.app

# Test WebSocket connectivity (requires wscat or similar)
wscat -c wss://api.elevenlabs.io/v1/convai/conversation

Browser-based Testing

  1. Open browser developer tools (F12)
  2. Go to Network tab
  3. Load the platform application
  4. Look for any failed requests or blocked resources
  5. Check Console tab for CORS or network errors

Common Network Issues

CORS (Cross-Origin Resource Sharing) Errors

  • Symptom: "Access to fetch blocked by CORS policy" errors
  • Solution: Ensure proxy/firewall doesn't modify CORS headers
  • Prevention: Whitelist all required domains

WebSocket Connection Failures

  • Symptom: Real-time features not working (AI conversations)
  • Solution: Ensure WebSocket (WSS) traffic on port 443 is allowed
  • Check: Verify wss://api.elevenlabs.io connectivity

SSL/TLS Certificate Issues

  • Symptom: Certificate errors in browser console
  • Solution: Ensure corporate SSL inspection doesn't interfere
  • Prevention: Add exceptions for Firebase and Google domains

IT Department Checklist

  • All domains from the whitelist are accessible
  • Port 443 (HTTPS) outbound traffic is allowed
  • WebSocket (WSS) connections on port 443 are allowed
  • SSL inspection exceptions configured for Google/Firebase domains
  • Proxy bypass rules configured (if applicable)
  • Corporate antivirus exceptions for required domains
  • Test connectivity from user workstations
  • Verify microphone permissions aren't blocked by group policy

Minimum Required Domains

If you need to start with a minimal whitelist, these are the absolute essentials:

  1. api.elevenlabs.io - AI conversations
  2. animated-druid-dbee5a.netlify.app - AI backend
  3. view.genially.com - Interactive content
  4. *.googleapis.com - Google Cloud services
  5. *.firebaseapp.com or *.web.app - Application hosting
  6. firestore.googleapis.com - Database
  7. identitytoolkit.googleapis.com - Authentication

Getting Support

If you continue to experience connectivity issues after implementing these configurations:

  1. Check browser console: Look for specific error messages
  2. Test from different networks: Compare corporate vs. home network behavior
  3. Contact IT support: Provide this whitelist and specific error messages
  4. Reach out to the platform support: Include network configuration details
Microphone Permissions Troubleshooting