Firewall settings for CloudXR Server workstations
These instructions apply to the firewall of a dedicated workstation acting as a CloudXR server. They define the ports and protocols that must be open locally to enable communication with Innoactive Portal client application on the headset.
If you are instead configuring the corporate network firewall (for cloud or on-premises environments), refer to this article.
If you need help to optimize local streaming you can find further information (configuring antivirus and router channels) in this dedicated how to article.
Innoactive Spatial Runtime (CloudXR 6)
The default installation directory is C:\ProgramData\Innoactive\Spatial Runtime\. Adjust paths below if your organization uses a custom install location.
Component | Executable | Description | Direction | Protocol | Port(s) |
|---|---|---|---|---|---|
Innoactive Spatial Runtime | Innoactive Spatial Runtime.exe | REST API (HTTP) | Inbound | TCP | 42084 |
Innoactive Spatial Runtime | Innoactive Spatial Runtime.exe | REST API (HTTPS) | Inbound | TCP | 42085 |
Innoactive Spatial Runtime | Innoactive Spatial Runtime.exe | WebSocket Secure (WSS) signaling for CloudXR | Inbound | TCP | 48322 |
Innoactive Spatial Runtime | Innoactive Spatial Runtime.exe | Apple Vision Pro Foveated Streaming session management | Inbound | TCP | 55000 |
Innoactive Spatial Runtime | Innoactive Spatial Runtime.exe | mDNS / Bonjour service discovery (multicast 224.0.0.251) | Inbound + Outbound | UDP | 5353 |
CloudXR | CloudXR Runtime Host.exe, CloudXrService.exe | Media streaming (video, audio, control) | Inbound | UDP | 47995, 47998-48002, 48005, 48008, 48012 |
CloudXR | CloudXR Runtime Host.exe, CloudXrService.exe | Media streaming responses | Outbound | UDP | 49003-49006, 50000-55000 |
CloudXR | CloudXR Runtime Host.exe, CloudXrService.exe | Signaling and session control | Inbound | TCP | 48010, 48322 |
CloudXR | CloudXR Runtime Host.exe, CloudXrService.exe | Control channel | Outbound | TCP | 49007 |
Notes:
All traffic is local network only. Streaming happens on the same local subnet — no internet-bound traffic is required.
mDNS / multicast: Some enterprise firewalls block multicast traffic by default. Ensure UDP multicast to 224.0.0.251:5353 is permitted on the local subnet. Without this, headsets cannot automatically discover the PC.
Configurable ports: The REST API ports (42084, 42085) and Apple Vision Pro session management port (55000) can be changed in
appsettings.json. If changed, firewall rules must be updated to match.Application-aware firewalls: If your firewall filters by application identity, ensure the following executables are allowed:
Innoactive Spatial Runtime.exe,CloudXR Runtime Host.exe, andCloudXrService.exe(all located in the installation directory).Additional component (no network exposure): Installation also includes the Innoactive OpenXR Runtime Service — a Windows service (
InnoactiveOpenXRRuntimeService) installed underC:\Program Files\Innoactive\OpenXR Runtime Service\, running asLocalSystem. It communicates with the tray app via a local named pipe only and requires no firewall configuration.
Previous Versions
Description | Direction* | Protocol | Port |
|---|---|---|---|
CloudXR Control | Inbound | UDP | 47999 |
CloudXR Audio | Inbound | UDP | 48000 |
CloudXR Video | Inbound | UDP | 47998, 48005, 48008, 48012, 47995, 48001 |
CloudXR Microphone | Inbound | UDP | 48002 |
CloudXR RTSP | Inbound | TCP | 48010 |
CloudXR Control | Outbound | UDP | 49006 |
CloudXR Audio | Outbound | UDP | 49003 |
CloudXR Video | Outbound | UDP | 49005, 50000–55000 |
CloudXR Microphone | Outbound | UDP | 49004 |
CloudXR RTSP | Outbound | TCP | 49007 |
* All directions are from the dedicated workstation/server perspective.
Whitelist all IPs that could be used by your HMD, so either allow all IP addresses on those ports or limit to the IP range that the HMDs will use.