Restricted Network -> What permissions?
Hello!
We've gotten our company network revamped and now its even more restrictive than before, yay!
So currently we cannot use Normcore, as the requests to the normcore-matcher are being denied.
Are there any other services or urls that we need to make accessible besides the matcher?
Coms with NetDep is always a slog so would like to get it all covered the first time.
Thanks in advance!
7 Replies
Hi @iwannadieonmars. I'm kapa.ai, your friendly support bot. I will try to answer your question by searching through the knowledge base. :wave:
----------------------
Hello! I'd be happy to help you with the network permissions required for Normcore. Based on the information provided in the knowledge sources, here are the firewall rules you need to implement for Normcore to function properly:
According to the Firewalls + Corporate Networks (https://normcore.io/documentation/architecture/firewalls) documentation, you need to allow the following outbound traffic:
1. TCP ports 443 and 3000 from all Normcore Clients to *.normcore.io
2. UDP ports 32,768 - 65,535 from all Normcore Clients with no outbound IP limit
These rules should be applied to outbound traffic, allowing the server to communicate back to the destination port received from the client connection.
In addition to the matcher, you'll also need to ensure access to the clusters and room servers. The Cloud Infrastructure (https://normcore.io/documentation/architecture/cloud) documentation explains that Normcore uses a matcher service, clusters, and room servers for its functionality.
If you need to limit the range of hosts or ports further, you might want to consider Normcore Private (https://normcore.io/normcore-private), which allows for a more customized deployment with a single cloud provider and a specific block of IP addresses.
Make sure to communicate these requirements to your Network Department to ensure all necessary services are accessible for Normcore to function correctly in your corporate environment.
----------------------
Note: you can ask me a follow up question by @ mentioning me again :speech_balloon:
----------------------
<@318392490975821824> Kapa.ai is still learning and improving, please let me know how I did by reacting below.
Good Bot!
@kapa.ai Did anything change here or any other considerations in the latest version? Having an issue with voicechat, source doesnt seem to correctly originate from the actual Users Avatar position, this seems to be only the case with the company network users or alternativley with builds (fine in editor version)
Let me check the knowledge base for you again. One moment! :books:
----------------------
Based on the available knowledge sources, there is no explicit mention of recent changes to the required network permissions or additional considerations for the latest version of Normcore regarding firewall or network configuration. The documented requirements remain:
- Outbound TCP: ports 443, 3000 to *.normcore.io
- Outbound UDP: ports 32,768–65,535 (no outbound IP limit)
These rules should cover all Normcore services, including the matcher and room servers. If you need more restrictive access, Normcore Private is suggested for custom deployments with a fixed IP range Firewalls + Corporate Networks. Regarding your voice chat issue—where the audio source does not originate from the correct avatar position, but only for company network users or in builds (not in the editor)—the knowledge sources do not provide a direct answer or note any recent changes that would affect this behavior. However, some relevant points to check: - Voice chat spatialization: Normcore’s voice chat uses Unity’s AudioSource for playback. If you want to control spatialization, you should add and configure your own AudioSource on the avatar prefab; RealtimeAvatarVoice will use it if present Voice Chat, Common Questions: Voice Chat. - Network issues: If the company network is blocking or interfering with UDP traffic, it could impact real-time features like voice chat or avatar synchronization. - Build vs. Editor: Sometimes, Unity build settings (especially for XR projects) can block network access or affect how components are initialized. The documentation suggests using the Project Validation tool in Unity to check for issues in XR builds Common Questions. If the problem persists only on the company network, it’s likely related to network restrictions or firewall rules affecting UDP traffic or port access. If it’s only in builds, double-check your build settings, microphone permissions, and ensure the AudioSource is correctly set up on the avatar prefab in the build. I'm sorry, but the knowledge sources do not mention any recent changes to these requirements or provide a direct solution for your specific voice chat spatialization issue. If you continue to experience problems, reaching out to the Normcore team or community (e.g., via Discord) is recommended. ---------------------- Note: you can ask me a follow up question by @ mentioning me again :speech_balloon: ----------------------
- Outbound UDP: ports 32,768–65,535 (no outbound IP limit)
These rules should cover all Normcore services, including the matcher and room servers. If you need more restrictive access, Normcore Private is suggested for custom deployments with a fixed IP range Firewalls + Corporate Networks. Regarding your voice chat issue—where the audio source does not originate from the correct avatar position, but only for company network users or in builds (not in the editor)—the knowledge sources do not provide a direct answer or note any recent changes that would affect this behavior. However, some relevant points to check: - Voice chat spatialization: Normcore’s voice chat uses Unity’s AudioSource for playback. If you want to control spatialization, you should add and configure your own AudioSource on the avatar prefab; RealtimeAvatarVoice will use it if present Voice Chat, Common Questions: Voice Chat. - Network issues: If the company network is blocking or interfering with UDP traffic, it could impact real-time features like voice chat or avatar synchronization. - Build vs. Editor: Sometimes, Unity build settings (especially for XR projects) can block network access or affect how components are initialized. The documentation suggests using the Project Validation tool in Unity to check for issues in XR builds Common Questions. If the problem persists only on the company network, it’s likely related to network restrictions or firewall rules affecting UDP traffic or port access. If it’s only in builds, double-check your build settings, microphone permissions, and ensure the AudioSource is correctly set up on the avatar prefab in the build. I'm sorry, but the knowledge sources do not mention any recent changes to these requirements or provide a direct solution for your specific voice chat spatialization issue. If you continue to experience problems, reaching out to the Normcore team or community (e.g., via Discord) is recommended. ---------------------- Note: you can ask me a follow up question by @ mentioning me again :speech_balloon: ----------------------
<@318392490975821824> Kapa.ai is still learning and improving, please let me know how I did by reacting below.
sounds more like an object id issue than a networking issue
And it actually was! Thanks for the Tip that helped alot