Twilio Troubleshooting

More results...

Generic selectors
Exact matches only
Search in title
Search in content
Post Type Selectors


Twilio Connectivity – Troubleshooting Guide

Audience: IT, Network, and Firewall Teams

Purpose: Validate network readiness for Twilio Voice and WebRTC services.



1. Mandatory Connectivity Test (Step 1)

All customers must run the official Twilio WebRTC diagnostics test.

🔗 Test URL:
👉 https://networktest.twilio.com/

Expected Result

ALL tests must show PASS, especially:

  • TURN UDP Connectivity
  • Voice Test (PCMU)
  • Voice Test (Opus)

If ALL Tests Pass

✅ Network connectivity is NOT the issue.
Proceed to application-level troubleshooting.

If ANY Test Fails

❌ A network firewall or security policy is blocking Twilio traffic.
Proceed to Section 2 – Firewall Validation.



2. Firewall & Network Requirements (Mandatory)

2.1 Required Ports & Protocols

Ensure the following outbound traffic is allowed:

Protocol Port(s) Purpose
TCP 443 HTTPS, TLS signaling
UDP 3478 STUN
UDP 5349 TURN
UDP 10000–20000 Twilio media (RTP audio)

2.2 Required Domains (FQDNs)

Allow outbound access to:

  • *.twilio.com

If your firewall requires explicit FQDN allow-listing, ensure wildcard support is enabled.



3. Next-Generation Firewall (App-ID) Configuration

For Palo Alto, Fortinet, Check Point, Sophos, or other NGFWs, ensure Application-ID rules are not blocking Twilio traffic.

App-ID Role in Twilio / WebRTC
dtlsKey exchange for SRTP encryption
stunNAT traversal & ICE negotiation
rtpReal-time media transport
rtcpMedia control traffic
webrtcCovers DTLS, RTP, STUN
sslHTTPS / TLS signaling
web-browsingTwilio Console / browser UI
dnsDomain name resolution
sip (optional)Only for SIP Trunking / BYOC

🔐 Best Practice:
Allow App-ID + Port-based rules together. App-ID detection may fail on encrypted traffic; ports provide fallback.



4. Common Misconfigurations to Check

  • ❌ UDP traffic blocked (most common issue)
  • ❌ RTP ports restricted or incorrectly narrowed
  • ❌ STUN / TURN App-ID blocked
  • ❌ SSL inspection breaking DTLS / WebRTC
  • ❌ Outdated Twilio IP or FQDN allow-list


5. If Tests Still Fail

  • Firewall logs showing blocked traffic
  • Destination IP / FQDN
  • Port and protocol
  • App-ID (if applicable)

Confirm:

  • Outbound UDP allowed
  • No SSL inspection on WebRTC traffic
  • Twilio FQDNs or IPs in policy


6. Quick Validation Checklist (For IT Teams)

  • ✅ Twilio Network Test → All PASS
  • ✅ TCP 443 outbound allowed
  • ✅ UDP 3478 & 5349 allowed
  • ✅ UDP 10000–20000 allowed
  • *.twilio.com allowed
  • ✅ STUN / DTLS / RTP / WebRTC App-IDs not blocked
  • ✅ No SSL decryption for WebRTC


7. Summary

  • Twilio requires UDP for voice quality
  • All tests must PASS on the Twilio network test page
  • Most failures are caused by firewall App-ID or UDP restrictions
  • Use Port + App-ID rules together for best results

Related Post

Setting Up a Custom SAML for SSO

Overview Enable Single Sign-On with any SAML 2.0-compliant identity provider. This integration allows your staff and students to securely authenticate to Onflo using existing organizational credentials, reducing password fatigue and improving security posture. Features SAML 2.0 compliant authentication Attribute mapping

Read More ➜

Setting Up a Custom LDAP

Overview Connect to any LDAP-compatible directory service including Microsoft Active Directory, OpenLDAP, or other enterprise directories for user authentication and provisioning. Features LDAP authentication for secure user login Automated directory sync for user provisioning and updates Group membership mapping to

Read More ➜

Setting Up Microsoft Azure for SSO

About this integration Integrate Microsoft Azure Active Directory (Entra ID) to provide secure Single Sign-On and automated directory synchronization. Your district's Microsoft 365 users can access Onflo with their existing credentials while user data remains synchronized automatically. Features Single Sign-On

Read More ➜