Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            Config - Firewall Ports Configuration

            Modified on Thu, 30 Oct at 6:47 PM


            This guide walks you through configuring the necessary firewall and port settings for proper communication between the Softdrive Remote Desktop Client and Server.


            1. Overview

            Softdrive uses a combination of UDP and TCP ports for secure communication between its client and server applications. Both ends must have appropriate firewall rules to ensure connectivity.


            2. Security and Encryption

            All traffic is encrypted using secure protocols:

            TransportProtocolEncryption MethodCipher
            TCPTLSPre-Shared KeyChaCha20-Poly1305
            TCPHTTPSCertificate-BasedAES
            UDPSRTPPre-Shared KeyAES


            3. Server Configuration

            Ensure the following firewall rules are applied on the server:

            ProtocolDirectionPort RangeDescription
            UDPInbound9250–9254Softstream application data (SRTP + AES)
            TCPInbound9260Softstream application data (TLS + ChaCha)
            TCPInboundEphemeral (OS default)Communications with Softnet (HTTPS)
            UDPOutbound58000–59000Sends data to client
            Add SoftdriveServer.exe to the Windows Firewall as allowed.


            4. Client Configuration

            Apply the following firewall rules on the client:

            ProtocolDirectionPort RangeDescription
            UDPOutbound9250–9254Sends data to server
            TCPOutbound9260Softstream application data (TLS + ChaCha)
            TCPOutbound443Communications with Softnet (HTTPS)
            UDPInbound58000–59000Receives data from server
                Add SoftdriveClient.exe to the Windows Firewall as allowed.


            5. STUN Service

            Whitelist the four STUN Server IP’s shown below and ensure the required ports listed below are open on a bidirectional basis for all your firewall and network security devices.


            Outbound from the Cloud Desktop

            ItemDNSRequiredTo STUN server IP'sNetwork
            Protocol            		Source
            Port            		Destination
            Port

            1

            stun.softdrive.co

            Yes

            141.148.25.156

            UDP

            9256

            3478,

            3479

            2

            None

            Yes

            129.80.6.68

            3

            None

            Yes

            157.151.203.176

            4

            None

            Yes

            129.213.189.177




            Inbound to the Cloud Desktop


            ItemDNSRequiredFrom STUN server IP'sNetwork
            Protocol            		Source
            Port            		Destination
            Port

            5

            stun.softdrive.co

            Yes

            141.148.25.156

            UDP

            3478, 3479

            9256

            6

            None

            Yes

            129.80.6.68

            7

            None

            Yes

            157.151.203.176

            8

            None

            Yes

            129.213.189.177



            6. Testing Connectivity

            After configuring the firewall:

            • Verify that the client can connect to the remote session.

            • Use tools like Test-NetConnection or telnet to validate TCP connectivity.

            • Use packet capture (Wireshark) to verify encrypted traffic over correct ports.


            Final Notes

            • Ephemeral ports are assigned dynamically by the OS and must be open for responses.

            • All communication is encrypted for confidentiality and integrity.

            • Always test with the firewall enabled to confirm ports are functioning correctly.


            Preview
            0 of 0