Mago.io
  • Welcome to Mago Knowledge Base!
  • Prerequisites setup
    • Hardware, OS and Software Requirements
      • Multiple Display supported Scenarios
      • How to enable Bluetooth BLE (proximity) for BYOD Features
    • Network Requirements
    • Wireless Display
      • I am unable to see Miracast (AirServer) as a destination to mirror to
      • Fixing Miracast Issue with some Wifi Chipsets
    • MS Teams best practices
      • (optional) Disabling Chat in Teams accounts
    • Zoom best practices
    • System Hardening Best Practices
    • How to Create a Room Resource for Calendar Events
      • Google Workspace
      • Microsoft 365
        • Setup a room resource
        • Configure a Room resource
    • OS Updates, Drivers & firmware
      • OS Windows update policy
      • Update policy for Drivers and Firmware (Intune)
      • Mago Room Update
  • Installing Mago Room
    • Installation steps overview
      • ✍️Pre-requisites checklist
      • 1️⃣Install and configure Windows 10/11 OS
      • 2️⃣Install and configure Mago Room
        • Getting Mago Room
        • Installing Mago Room
          • Deploy Mago Room with Software Distribution (Silent Install)
        • First Configuration (Wizard)
        • Advanced Settings
      • 3️⃣Post-installation checklist
  • Cloud Management & Analytics Console
    • How to Create an IT Admin User Account and Manage Mago Room and Licenses
    • Adding a Room in the Valarea Management Console
    • Using the Mago Room ADMIN Console
      • Rooms List
      • How to Create Groups and Tags
      • How to create Policies
      • How to Assign Policies
      • Create and Schedule a Task
    • Analytics Console
  • FAQ
    • Frequently Asked Question
      • Mago OAuth scopes and permissions explained
        • Mago Room OAuth scopes
        • Mago Workspace App OAuth scopes
      • Important Configuration Files
      • Antivirus & Firewall exceptions
      • Installing Mago Room on existing Room systems (MTR or Zoom room hardware)
  • Videos for training
    • Videos for training
  • Mago Essential
    • Setup Guide
      • Requirements
      • Hardware installation
      • First configuration
  • TECH DOCS
    • 🛡️Security White Paper
      • Introduction
      • Reliability
      • Application Security
      • Mago Room Security
      • On-Cloud / On-Premise Deployment Security
      • Encryption
      • Vulnerability Management
      • Mago Information Security
      • Physical Security
      • Conclusion
    • ℹ️Dec 14, 2021 | Vulnerability Statement | Log4j
    • 📄Privacy Policy
    • 📱Mago Workspace for Android - Data safety
  • Support
    • Mago Helpdesk and Support
Powered by GitBook
On this page
  • Allowlisting and Firewall Configuration
  • Internet Services and Ports
  • FQDNs to be Allowed
  • (Optional) Built-in WebRTC VC System:
  • (Optional) Local Area Network Room Discovery service
  1. Prerequisites setup

Network Requirements

PreviousHow to enable Bluetooth BLE (proximity) for BYOD FeaturesNextWireless Display

Last updated 9 months ago

Please consult your IT department before installing Mago, as certain blocks may need to be lifted. We also recommend using a wired LAN connection

Network Security

Generally, Mago has the same network requirements as any PC running video conferencing applications like Microsoft Teams, Zoom, Cisco Webex, Google Meet. Specific to Mago Room, the categories listed as "required" for the video conferencing systems must be open on your firewall. Mago Room also needs access to Windows Update and Microsoft Intune (if you use Microsoft Intune to manage your devices). For the full list of IPs and URLs required for Mago Room, see:

  • Microsoft Teams

  • Zoom

  • Google Meet

  • Cisco Webex

  • Windows Update

  • Microsoft Intune

Windows 10 OS patches best practice suggestions:

We highly recommend that you configure the Mago Room PC to automatically keep up to date with the latest Windows updates, including security updates. Set an operating system update policy to install all pending updates every day starting at 2:00 am using a pre-set local policy.

Mago Room devices do not need to connect to an internal LAN. Consider placing the Mago Room in a secure network segment with direct Internet access. If your internal LAN is compromised, the vector's opportunities to attack the Mago Room will be reduced.

We strongly recommend that you connect your Mago Room devices to a wired network. The use of wireless networks on Mago Room devices isn't recommended. Some connectivity features, such as Wi-Fi Sense, are disabled by default.

Bluetooth Proximity for Personal Calendar, Cloud Drives, MagoLink

The Proximity Join feature for the personal calendar / personal cloud storages (e.g. OneDrive) is based on Bluetooth. The use of Bluetooth technology on Mago Room devices is currently limited to advertising beacons and required proximal connections. The ADV_NONCONN_INT protocol data unit (PDU) type is used in the advertising beacon. This type of PDU is for non-connectable devices that advertise information about the listening device. There is no pairing of Bluetooth devices as part of these features. Further details on Bluetooth protocols are available on the Bluetooth SIG website.

Allowlisting and Firewall Configuration

For remote connections, Mago Room and Mago clients must be able to access the Internet through these ports:

Internet Services and Ports

HTTP: 80 (TCP)

HTTPS: 443 (TCP)

DNS: 53 TCP/UDP out to DNS (internal or external)

NTP: 123 UDP out to NTP (internal or external)

FQDNs to be Allowed

Mago (formerly Valarea) services

admin.valarea.com
admin.mago.io
app.valarea.com
app.mago.io
arcrop.valarea.com
arcrop.mago.io
chat1.valarea.com
chat1.mago.io
meet1.valarea.com
meet1.mago.io
oauth-apple.valarea.com
oauth-apple.mago.io
oauth-google.valarea.com
oauth-google.mago.io
oauth-msft.valarea.com
oauth-msft.mago.io	
oauth-webex.valarea.com
oauth-webex.mago.io
oauth-zoom.valarea.com
oauth-zoom.mago.io
pmc.valarea.com
pmc.mago.io
prd-rms.valarea.com
prd-rms.mago.io
rms.valarea.com
rms.mago.io
r.valarea.com
r.mago.io
globalchat1.azurewebsites.net
rgo.li
api.remago.com
license.remago.com
webrtc.valarea.com
webrtc.mago.io

3rd-party services

graph.microsoft.com
inputtols.google.com
googleapis.com
autodraw.com
dropbox.com
activation.airserver.com
eu.docusign.net
account.docusign.com

Wireless Display Protocols

Network settings to enable support for Miracast™, GoogleCast™ and Apple Airplay™

(Optional) Built-in WebRTC VC System:

Host: webrtc.valarea.com

General: 80, 443, 5349 TCP

STUN Server: 3478 UDP

Media Traffic: 10000 UDP

Minimum bandwidth: 2 Mbps.

When using third-party video conferencing applications, more bandwidth will be required. Users should refer to the guidelines recommended by each application developer.

(Optional) Local Area Network Room Discovery service

The local room discovery service, for connecting mobile devices and laptops, uses the following ports:

TCP 8034 UDP 8035

Office 365 URLs and IP address range
https://support.zoom.us/hc/en-us/articles/201362683-Zoom-network-firewall-or-proxy-server-settings
https://support.google.com/a/answer/1279090?hl=en
https://help.webex.com/en-us/article/WBX000028782/Network-Requirements-for-Webex-Services
Configure WSUS
Network Endpoints for Microsoft Intune
https://docs.microsoft.com/de-de/security-updates/windowsupdateservices/18127451
More info on wireless display best practice and requirements