All Collections
Employer Admins
Account Setup
IT Team's Guide to Flo Recruit (Employer Admins)
IT Team's Guide to Flo Recruit (Employer Admins)

How to ensure Flo Recruit will work for your interviewers when on firm computers or firm networks.

Katherine Allen avatar
Written by Katherine Allen
Updated over a week ago

Flo Recruit is widely used by law schools and law firms to conduct virtual interviews and virtual networking events. Our video chat is easy to use because it does not require users to download anything.

Your networks must be configured to allow calls to function in the browser. For example, your IT department might need to whitelist domains.

Video Chat

  1. Flo Recruit uses the Daily API for video chat, which is built on WebRTC. Video calls work inside the browser, with no download required.

  2. For conversations with fewer than 4 or fewer participants, video chat connections are peer-to-peer. In other words, the connections are direct UDP connections between all participants.

  3. Conversations with 5 or more participants use Daily servers for video chat connection. This transfer happens automatically when the 5th person joins the call.

Network configuration

  • Please whitelist the following domains:
    1) *.daily.co
    2) *.wss.daily.co
    3) prod-ks.pluot.blue
    4) *.twilio.com
    5) *.xirsys.com
    - More info: pluot.blue is a secondary domain used for part of the HTTP/REST infrastructure. Multiple providers are used globally for encrypted TURN relay for customers behind firewalls. Twilio and Xirsys are two providers used for encrypted TURN video/audio relay in the US.

  • You must ensure TCP/443 is allowed at flo.daily.co.

  • For participants on VPNs, it is important for call quality that the the video and audio streams not be routed through the VPN. Please either exempt UDP traffic from VPN routing, or exempt port 443 for the Twilio IP address blocks (see below) from VPN routing.

    • Attached to the end of this article is a PDF detailing how to disconnect your VPN that can be shared with any interviewers.

  • For optimal performance, firewalls should be configured to allow UDP hole punching and outgoing UDP on both of the following ports: 3478, which is used for signaling and media tunnelling, where necessary, and 40000 - 65534, which is used for direct peer-to-peer media connections.

  • If direct UDP transport between clients in the call and between clients and the Daily infrastructure is blocked, we fall back to routing media traffic through TURN servers managed by our commercial partners. In the US, we can use Twilio for this relay capability:

  1. TURN is part of the WebRTC video standard. If the Twilio TURN infrastructure is accessible to all clients in a Daily video call in the US, the call will work. Routing through TURN servers forces an additional network hop, which is not ideal, but the overall quality difference for the call is usually not too large. Here is the page where Twilio lists IP address and port ranges for their TURN servers: https://www.twilio.com/docs/stun-turn/regions

  2. Please also whitelist the US region IP addresses for Xirsys found at this link: https://docs.xirsys.com/?pg=ip-whitelist

  3. The two US regions are: 34.203.254.0 - 34.203.254.255, 54.172.60.0 - 54.172.61.255, 34.203.250.0 - 34.203.251.255, 3.235.111.128 - 3.235.111.255 and 34.216.110.128 - 34.216.110.159, 54.244.51.0 - 54.244.51.255, 44.234.69.0 - 44.234.69.127

  4. Ports used: 443, 3478 (TCP and UDP), 5349 TCP, 10,000-60,000 UDP

  5. For incoming mail allow IP Addresses 149.72.33.196, 129.213.22.154, 155.248.199.62

If you have a network appliance that provides threat-based IP whitelisting/blacklisting (such as Cisco Talos), you may run into occasional connection issues based on your blacklist entries. Daily uses Amazon public cloud resources, so our call servers get assigned random IPs from Amazon’s address range. Occasionally, these IPs make it onto security blacklists because hackers use AWS too.

Book a test call with us here after following the steps above. To ensure that your organization can use Flo Recruit's video conferencing smoothly, we would like this test to be with at least two members of your organization: one member accessing this from the office and one from a remote environment. This test will be facilitated by a Flo Recruit team member.

Email Communications

  1. Whitelist the email domain @floevents.email. We use this domain exclusively for important email notifications, like links to video chat portals and last minute schedule changes.

  2. If you'd rather whitelist an IP address, please email katherine@florecruit.com to request the IP address.

Security

Why partner with Flo Recruit? We prioritize Security. Read more here.

How to Disconnect a VPN

Attachment icon
PDF VPN.pdf
Did this answer your question?