In this document:
Depending on what hardware and software combination you're using for your XR deployment, allowing ManageXR endpoints will solve most issues. However, we've seen many networks (especially in Education) block hardware/software-specific websites. For example, most schools already block Facebook (Meta) and TikTok (ByteDance) servers which can disallow casting, firmware updates and potentially cause other issues with Meta Quest and Pico VR devices. Network restrictions can even take that a step further by blocking app services like Engage or even blocking devices at the MAC address level. The solution is to work with on-site network admins to ensure these services and hardware manufacturers aren't blocked or restricted.
💡If allowing access to these hardware/software entities on main networks is out of the question, it's best to create an entirely new hidden network that only on-site XR devices will use.
ManageXR Endpoint List
ManageXR uses the internet to communicate with its servers and keep devices in sync with configurations set by ManageXR organization admins. When connected to a network that uses a firewall, ManageXR's web traffic will be routed through your firewall and must allow this traffic to ensure that ManageXR can operate as intended.
Common issues you may see on a restricted network include but are not limited to:
Blocking the installation of ManageXR on a device
Devices not syncing properly or at all
Inability to communicate with devices via the web console
Inability to log in to the web console
Inability to add new users to the web console
Inability to utilize API
Allow-List Rule | Port | Protocol | Why |
443 | TCP (HTTPS) | Communication with the ManageXR API | |
443 | TCP (HTTPS) | Communication with the ManageXR API | |
mighty-platform-prod. firebase.com | 443 | TCP (HTTPS) | Communication with the ManageXR API |
443 | TCP (HTTPS) | Communication with the ManageXR API | |
443 | TCP (HTTPS) | Communication with the ManageXR API | |
*.googleapis.com | 443 | TCP (HTTPS / WebSockets) | Communication with the Google Cloud Platform APIs used by ManageXR |
*.crashlytics.com | 80, 443 | TCP (HTTP / HTTPS) | ManageXR error reporting |
openrelay.metered.ca | 80, 443 | UDP, TCP (HTTP / HTTPS) | Used for Realtime Device Streaming |
Meta Endpoint List
In order for Oculus Home to connect properly to Oculus/Facebook servers, the following domains must be accessible on a given network: oculus.com, facebook.com, fbcdn.net, and akamaihd.net. If these domains are not whitelisted in secured networks (such as schools, workplaces, or private networks), users may experience network connection issues when installing or downloading.
Port | Protocol | Why |
443 | TCP | Determine the communication between clients and servers to reliably transmit data in an organized way |
3478 | TCP | Determine the communication between clients and servers to reliably transmit data in an organized way |
ports 50000-59999 | UDP | Same as above + UDP is especially useful for time-sensitive transmissions such as video playback |
Need more help?
Talk to a member of our team using the chat bubble (in the bottom right of your screen), or reach out to support@managexr.com