Skip to content
English
Submit a Support Ticket
Go To Mursion Portal
  • There are no suggestions because the search field is empty.

Tech Implementation - Mursion Magic

What your learners need to connect to Mursion Magic simulations.

This article is only for Mursion Magic simulations. If your company is going to use Zoom or Google Meet, you should read this article instead

Before You Begin

Before configuring firewall or network settings, please review the following end-user technical requirements, including supported browsers, device requirements, and webcam and microphone requirements. 

Please review the full learner technology requirements here

Network & Firewall Planning

Mursion simulations use real-time audio and video communication technologies that require both TCP and UDP traffic to be permitted through organizational firewalls and network security tools.

Because network environments often differ across users and locations, we strongly recommend reviewing the following considerations before deployment.

Questions to Consider

Learner Location & Network Environment

  • Are learners joining from a centralized location such as an office or training center?
  • Are learners joining from multiple locations with different network configurations?

Firewall Configuration

  • Do different learner groups or office locations use different firewall policies?
  • Are there separate security configurations across departments or cohorts?

VPN Usage

  • Will learners connect through a VPN?
  • Does the VPN environment use different firewall or filtering rules than non-VPN traffic?

Testing Recommendations

We strongly recommend testing connectivity with multiple learners across different office locations, different firewall environments, and VPN and non-VPN configurations.

    Firewall & WebRTC Requirements

    Please ensure that your organization’s network allows outbound traffic to the domains, IP addresses, and ports listed below.

    While Mursion traffic is initiated from within your organization’s network, return inbound traffic must also be permitted in response to those outbound connections.

    Additionally, ensure that your network security tools, firewalls, proxies, or content filters do not block WebRTC traffic to or from the destinations listed below. Some filtering solutions may interfere with WebRTC communications even when required ports are open.

    For the best audio and video quality, we strongly recommend allowing UDP traffic on the ports listed below.

    Complete allowlisting before your first session.

    We recommend verifying your configuration at least 48 hours before your first scheduled simulation. Issues identified on the day of a session may cause delays.

    Human-powered simulations

    UDP and TCP connections to the following destinations must be allowed for human-powered simulations.
     
    Protocol Ports Destination  
    UDP 3478 turn-west-001.mursion.com
    (IP address: 34.212.18.106)    		  
    TCP 443, 3478 turn-west-001.mursion.com
    (IP address: 34.212.18.106)    		  
    UDP 3478 turn-west-002.mursion.com
    (IP address:  52.39.110.64)    		  
    TCP 443, 3478 turn-west-002.mursion.com
    (IP address:  52.39.110.64)    		  

    AI-powered simulations

    UDP and TCP connections to the following destinations must be allowed for human-powered simulations.
     
    Protocol Ports Destination  
    TCP 443

    *.livekit.cloud
    *.turn.livekit.cloud

    		  
    UDP 3478

    *.host.livekit.cloud

    		  
    TCP
    UDP    		 7881
    50000-60000

    *.livekit.cloud
    *.turn.livekit.cloud
    *.host.livekit.cloud

    		  
    TCP
    UDP
    UDP    		 443, 3478
    443, 3478
    49152-65535

    IPv4 (download as txt file)
    108.128.247.206
    46.137.22.30
    3.123.182.185
    3.125.217.59
    16.24.43.27
    15.184.80.107
    13.246.89.106
    13.246.82.38
    18.163.244.69
    16.163.189.112
    43.218.251.226
    43.218.236.41
    15.222.119.181
    15.222.215.145
    52.66.125.80
    43.205.41.95
    184.169.195.7
    54.176.31.58
    34.195.8.219
    35.168.183.190
    18.223.93.86
    3.23.58.161
    34.210.127.58
    52.34.237.101
    43.202.200.112
    13.124.82.177
    52.74.82.212
    54.254.155.254
    18.229.122.185
    54.232.250.161
    13.50.181.92
    51.20.204.79
    13.210.52.72
    52.65.67.168
    18.178.188.247
    35.74.75.36
    3.29.45.126
    3.28.83.21
    13.36.49.150
    15.237.4.42
    13.41.27.70
    18.170.147.31
    15.160.78.213
    18.102.194.212

    		  

    To test your ability to connect to Mursion's AI simulations, use this link to complete a test. If you receive Pass for all steps, then you will encounter no issues connecting to your AI simulations. At this time, we do not have a connection test available for human-powered simulations. 

    Zscaler SSL Inspection Configuration

    Organizations using Zscaler must configure SSL inspection bypasses for the following Mursion services.

    The following destinations must be excluded from SSL inspection:

    Hostname IP Address
    portal.mursion.com

    n/a
    turn-west-001.mursion.com

    34.212.18.106
    turn-west-002.mursion.com

    52.39.110.64

    For TURN server destinations, both the fully qualified domain name (FQDN) and the corresponding IP address must be added to the SSL inspection exemption list.

     

    If these items are not SSL Inspection bypassed, connections may be dropped due to failed client SSL handshake which will cause learners to lose connection to their simulation or the learner will see a black screen when joining their Mursion simulation. 



    WebSocket

    WebSocket over SSL/TLS (wss) connections to the following domains must be allowed:
      • portal.mursion.com
      • magictest-signaling.mursion.com

    HTTPS

    HTTPS connections to URLs of the following domains must be allowed:
    Domain/IP Purpose

    *.mursion.com

    All Mursion subdomains (wildcard)

    *.live-video.net

    IVS video streaming (wildcard)

    portal.mursion.com

    Main Mursion portal

    ml3assetbundles.s3.us-west-2.amazonaws.com

    Simulation asset bundles (S3)

    mursion-static-assets.s3.us-west-2.amazonaws.com

    Static assets (S3)

    mursioncloudvideosprod.s3.us-west-2.amazonaws.com

    Simulation video assets (S3)

    fonts.googleapis.com

    Google Fonts

    fonts.gstatic.com

    Google Fonts static files

    app.launchdarkly.com

    Feature flags

    clientstream.launchdarkly.com

    Feature flag streaming

    mursion.qualtrics.com

    Mursion Qualtrics surveys

    siteintercept.qualtrics.com

    Qualtrics site intercept

    *.mixpanel.com

    Analytics (wildcard)

    Email Server

    Allow email from the following addresses and domains in your email server / spam filter:

    Domain or Sender Purpose

    no-reply@mursion.com

    Automated notifications and reminders

    scheduling@mursion.com

    Scheduling communications

    mursion.com / sestrack.mursion.com / *.mursion.com

    All Mursion email domains and link tracking

    mursion-static-assets.s3.us-west-2.amazonaws.com

    Email image assets (S3)

    mursioncloudvideosprod.s3.us-west-2.amazonaws.com

    Email video thumbnails (S3)

    Many links in Mursion emails include automatic redirects. Ensure your email server and network firewalls allow URL redirects for mursion.com.


    Security Checklist

    If your IT team needs to review our security documentation before a Mursion program launch. These documents may be helpful: