How to use iPhone 4 FaceTime behind a firewall

FaceTime might be easy but network traversal can be hard, which is why Apple has posted a knowledge base article to help you get your FaceTime behind a firewall.

If the Wi-Fi network router that you are connected to uses a firewall or security software to restrict Internet access, contact the network administrator and reference this technical article. To use FaceTime on a restricted Wi-Fi network, port forwarding must be enabled for ports 53, 80, 443, 4080, 5223, and 16393-16472 (UDP).

The Wi-Fi network administrator can refer to their router, firewall, or security software documentation for information on configuring port forwarding.

If you encounter issues using a Wi-Fi network, use standard Wi-Fi network troubleshooting to resolve interference and other issues.

Have you had any firewall issues with FaceTime at home, at school, or at work? If so, did this tip help?

[Apple Knowledge Base via 9to5Mac]

Have something to say about this story? Leave a comment! Need help with something else? Ask in our forums!

Rene Ritchie

EiC of iMore, EP of Mobile Nations, Apple analyst, co-host of Debug, Iterate, Vector, Review, and MacBreak Weekly podcasts. Cook, grappler, photon wrangler. Follow him on Twitter and Google+.

More Posts



← Previously

Skype vs fring - Fight!

Next up →

iPad live podcast #12: Appy Birthday Two

Reader comments

How to use iPhone 4 FaceTime behind a firewall


Exacts i would use it alot more except when iam out around town no wifi so untill its over 3g i cant see this soaring off like all the tipbites until it supports 3g

Enabling facetime over 3g is up to att, not apple. Half the reason facetime works so well is because of wifi only. Once the start ovef 3g, the resolution, lag and choppiness will all drag down the user experience. Dont expect it anytime soon

I used fring over 3G and it sucked...3G video call in the real world is just not a great idea. It would be cool but apple doesn't like half assed things (up for argument). Vz hasn't had a phone that does video call period and they won't over 3G. It's just too much continuous data. It would be novel and fun but I bet most wouldn't bother because the quality would suck.
And Apple doesn't do FaceTime on any carriers 3G so it's not AT&T. It's apple I bet FaceTime on Rogers would be sketchy too. I'd like it on 3G but in reality it prob would suck.
And does anyone know if video call on Sprint only works on their 4G?

So that's why it wouldn't work at school. Hm. That sucks. Maybe when the semester gets going again and I'm on campus a lot, then talk to
The network admin about this... Then again.. iPhones and college student go together like PB&J, so I most likely won't be the first to say something

LOL, great choice of Chad for a picture on an article about firewall traversal Rene.
Can you teach him how to punch a hole thru his router for a specified Skype port before the next Podcast?

Sprint can do video chat over 3g but the quality suffers. 4g isn't that much better. But WiFi works well. I'm using a sprint evo.

Wait, this is confusing...
Going to the apple page It says:

Network administrators typically open a minimal set of network ports, allowing the traffic for approved applications to enter and leave the network.

Blocking inbound ports is common. Blocking outbound ports (except certain ones) is not common.
Is Apple suggesting that all of these inbound routes have to be enabled for facetime? If so, how could it work with more than one iPhone behind the same router?
Or are they saying egress filtering must not block those ports for outward access.?
Many local networks have good reason to block outbound port 53 except for the firewall itself. (Users don't typically get to choose their own DNS server - they use the firewall's server).
Port 80 and 443 would never be blocked for outward access in any rational network. - so those make sense. However, those companies that use a Caching Proxy server might well block these ports for egress except for the proxy server itself. This is not all that uncommon in corporate environments or school campuses.
Is Facetime incompatible with such a proxy server?
The high ports would never be blocked for egress, or browsers would fail.

Sad that even if AT&T allows it to be used via 3G -- remember that iPhone 4 users have a 2GB data cap? its sad. very sad.

I've got an iPhone 4 but my data plan is unlimited, and added a line on 6/27 of this year and got the iPhone unlimited data plan on it too.

Just ask your firewall admin to open ports so you can make FaceTime calls on your iPhone. I'm sure they'll get right on that.

Facetime works great for me except when I talk to one of my cousins. The video works but there is no audio. It works fine for him with any other person. It's a very strange issue.

Wow! So much FUD here guys. 1) Facetime over 3G is doable, it just hasn't been done. I do it on my MiFi all the time (Verizon 3G network) and it works GREAT. 2) Firewall blocking is COMMON. Same reason you can't often check your mail when on a corporate WiFi network. This is no difference than a VoIP call, which also is typically blocked by default on a corporate network. In fact, Facetime and VoIP have a lot in common, protocol wise. 3) Did you really think iChat WON'T support Facetime relatively soon? Of course it will.

My boss just called me wanting to test out his new iPhone 4's Facetime capabilities. So, I dutifully opened up all the ports listed on this KB article (well, most), and it still didn't work. When I put a rule at the top of the firewall to let out all his traffic, it did work. But his phone doesn't have a static IP address. Looking at the logs, I see the following:

  • Facetime doesn't stick to these listed ports. I also say attempted connections on UDP ports 3493, 3495, 18377, and 20555... and that was just on two different attempt (one low and one high on each attempt)
  • For some reason, Facetime also tried to establish a UDP connection with my firewall. However, (almost) all traffic bound for the firewall is dropped.


Blocking inbound ports is common. Blocking outbound ports (except certain ones) is not common.

In a corporate environment, it's very common. In a home environment, not so much. Typically unless something is explicitly permitted, it's prohibited. There are many reasons for this, but the umbrella reason is security.

Port 80 and 443 would never be blocked for outward access in any rational network. – so those make sense.

To some extent, that's correct. However, at least port 80 is normally filtered... so some sites are blocked.

The high ports would never be blocked for egress, or browsers would fail.

Not true at all. My firewall blocks anything that's not explicitly permitted, and my high ports are not explicitly permitted. And my web browser works just fine (as proof, I submit this post).

Neither I nor anyone I know has ever successfully made a FaceTime call. If Apple can provide a free bumper to make the phone work, maybe they can also provide a free network administrator to open those ports wherever we go and make FaceTime work!?!

i am able to call over facetime but it gets stucked on connecting screen. may be wifi is blocking it.. whats the solution

Looks like my home router has firewall that now allowing me to have do facetime with my friends.
I'm using a wifi router ZTE DSL530S, and i tried to open the following ports
443 (TCP), 3478–3497 (UDP), 5223 (TCP) 16384–16387 (UDP), and 16393–16402 (UDP), 4080 (TCP)
Still my facetime not working. Can you please let me know what else do i need to do to fix it?

Our programs focus on giving the learners sufficient experience in a “safe” environment, where they learn from the mistakes they make, without having any adverse financial impact.

Our plumbers service all suburbs in the Sydney metro area, from the city, the Inner West and the Eastern Suburbs to the North Shore and the North West.

We work fast and we want to keep you as a customer so we don't recommend unnecessary work.We offer the best practical and most applicable solutions.

Thank you a lot for sharing this with all people you actually recognise what you are speaking approximately! Bookmarked. Please additionally visit my website =). We can have a link trade arrangement among us

My husband ALWAYS puts our 2-year-old son's pajamas on his head, so you're in good company, John. :)