In this article we will go over the connectivity requirements of CareAR needed by the network. If the CareAR Assist app does not seem to connect when you log in, you’ll want to confirm that you have no network issues. If your connection is good but still does not seem to connect you may need to provide your IT team managing the network with this guide. By missing any of the following network port connection requirements might lead to a poor or problematic experience.
CareAR Authentication Firewall Requirements
These are the connections outside of media traffic that are necessary for the optimal CareAR experience. These remain the same regardless of Proxy, joining application, and Media Geofencing configuration.
| CareAR client | *.cloudfunctions.net | 443 TCP |
| Auth | firestore.googleapis.com | 443 TCP |
| Auth | *.firebaseapp.com | 443 TCP |
| Auth | apiv2.carear.app | 443 TCP |
| Auth | *.apiv2.carear.app | 443 TCP |
| Auth | www.googleapis.com | 443 TCP |
| Auth | identitytoolkit.googleapis.com | 443 TCP |
| Realtime database | *.firebaseio.com | 443 TCP |
| Realtime database | *.firebasedatabase.app | 443 TCP |
| Storage | *.appspot.com | 443 TCP |
| Storage | firebasestorage.googleapis.com | 443 TCP |
| CareAR Web Portal | carear.app/* | 443 TCP |
| Session landing page |
join.carear.app/* |
443 TCP |
| Session invitation | *.page.link/* | 443 TCP |
| User Web Portal | carear.app/#/user | 443 TCP |
| Admin Web Portal | carear.app/#/admin | 443 TCP |
CareAR Media Firewall Requirements (Installed Application)
When a CareAR session is initiated, all users need to establish connectivity to transmit audio between participants, the camera of the collaborator, and the annotations placed. To accomplish this portion of the session is handled with the following media connections.
| Domain | Port Type | Ports |
| *.agora.io | TCP | 443, 8443 |
| UDP | 4000-4100, 4590-4600, 8001-8010, 8130, 8443 |
When using Media Geofencing your connection will utilize servers within the selected region using the *.agora.io domain.
CareAR Media Firewall Requirements (Web Host)
When joining a CareAR session as the host through the web app will utilize a different series of connections than the installed application for media traffic. To establish proper connectivity the following connections are utilized:
| Domain | Port type | Ports |
|
*.agora.io |
TCP |
443, 4700 - 5000 |
| UDP | 3478, 4700 - 5000 |
Need to refine Firewall controls further?
In some situations the firewall administrator may prefer a more restrictive firewall rule set over ideal connectivity. This is achievable through the media proxy service (configurable on the /admin page of the CareAR tenant). To view these more restrictive firewall rules please visit our media proxy firewall guide available here: Media Proxy Firewall Configurations
CareAR Media TCP failover Mechanism
In the event the CareAR application is deployed or launched in an environment that does not have the necessary firewall ports opened and the CareAR tenant is configured to have media proxy off enables an alternative chance to still join the CareAR session. In this scenario the CareAR application will attempt a join workflow of TCP failover. In this mechanism instead when, and only when, the high range ports fail to establish port connectivity the client will further attempt to connect to 443 TCP instead. If any of the high range ports did establish port connectivity then TCP failover will not be attempted.
| Domain | Port Type | Ports |
| *.agora.io | TCP | 443 |
In this TCP failover mechanism all the media traffic that would typically occur on the high range TCP and/or UDP ports will consolidate to 443 TCP streams instead.
Please note this is only for the media connection of the journey. The TCP failover mechanism will not be done on other events of the application such as Auth, Storage, Realtime Database, and so forth. TCP failover will also not be available to endpoint types that have Media Proxy set to on (configuration for host or guest inside of /admin).
CareAR System Emails
CareAR utilizes email to process certain user-initiated actions. These emails are to facilitate session invitations, new user account creation, and password resets. CareAR utilizes the following email addresses to serve these requests:
|
Email notifications |
If your email system has email filtering you may need to whitelist these addresses to assure emails do not move to spam or junk.
The CareAR System emails are generated during the following events:
|
Trigger Operation |
Sender Email Address |
Subject |
|
User Account Creation |
service@carear.com |
Welcome Email -CareAR |
|
Password Reset |
noreply@carear.com |
Reset Your Password for CareAR Account |
| Session Invite | service@carear.com | CareAR call Invite |
| Captcha | service@carear.com | CareAR Verification Code |
| Low Balance Notification | service@carear.com | CareAR-Low Balance |
Sender IP Address
Emails that are coming from the sender service@carear.com are configured to inbound from 159.183.166.109.
Bandwidth Requirements
CareAR sessions require at least 500 Kbps to maintain connection. Having more bandwidth than this can allow for an even better experience. If you would like to see data consumption over a period of time please visit our article here: Data Consumption Usage