Skip to main content
We now have static IP ranges that you can give to your customers to solve almost all of their networking problems, documented here. The following tools are for edge cases and extremely restrictive networks.

Advanced Firewall Control

Our Advanced Firewall Control add-on includes two features: Self-hosted IP proxy and self-hosted TURN.

Using a self-hosted IP proxy for signaling

If Daily domains are blocked by a corporate security policy, you can fall back to routing Daily’s traffic through your own HTTP and WebSocket proxy (IP proxy). This option works for products that have already deployed a web proxy that is allowed by the end-user’s IT administrator, but do not yet have Daily’s signaling servers unblocked. For an end user that observes HTTP or WSS connection failures to Daily’s infrastructure, you can reconfigure the Daily call frame to specify your own IP proxy URL. Daily will automatically use the proxy URL for subsequent network requests. For example, if the connection to https://gs.daily.co/ fails, a firewall will most likely return a HTTP Response code of 403 (Forbidden). In this case, you can use your self-hosted IP proxy (e.g., https://proxy.example.net:8080) by specifying the proxyUrl property in dailyConfig. Daily will then send requests to https://proxy.example.net:8080/gs.daily.co/rooms/check/sub-domain/room-name instead of https://gs.daily.co/rooms/check/sub-domain/room-name. For more details, refer to our documentation. With Prebuilt, you’ll need to set proxyUrl property when instantiating the call frame. With Daily’s client SDKs, call the setProxyUrl() call object instance method. 
// Example: pass configuration properties to createFrame()
call = window.Daily.createFrame({
  iframeStyle: {
    position: 'fixed',
    width: '375px',
    height: '450px',
  },
  dailyConfig: {
    proxyUrl: 'https://proxy.example.org:8080',
  },
  showLeaveButton: true,
  showFullscreenButton: true,
});
call.join({ url: 'DAILY_ROOM_URL' });

Using a self-hosted TURN for media

If Daily’s TURN URLs are blocked, you may fall back to routing the media through your own self-hosted TURN servers, which should already be allowlisted by the end user’s IT administrators. Similar to the IP proxy configuration, your custom TURN servers are passed into dailyConfig by setting the iceServers property. We encourage our customers to work with their IT departments to allowlist Daily’s TURN servers. Daily’s servers are already scaled out and handle millions of media packets per second. For more details, refer to our documentation. With Prebuilt, you’ll need to set the iceConfig property in the call frame. With Daily’s client SDKs call the setIceConfig() instance method. 
call = window.Daily.createFrame({
  iframeStyle: {
    position: 'fixed',
    width: '375px',
    height: '450px',
  },
  dailyConfig: {
    iceConfig: {
      iceServers: [
        {
          urls: ['stun:turnserver.example.org', 'turns:turnserver.example.org'],
          username: 'webrtc',
          credential: 'turnpassword',
        },
      ],
      placement: 'replace',
      iceTransportPolicy: 'all',
    },
  },
  showLeaveButton: true,
  showFullscreenButton: true,
});
call.join({ url: 'DAILY_ROOM_URL' });