Applies to CrossBrowserTesting SaaS, last modified on April 19, 2021

Enterprise Connection Manager is a utility to give network administrators maximum control over CrossBrowserTesting's Local Connection Feature.

What does it do?

Normally enabling Local Connection establishes a WebSocket tunnel between CrossBrowserTesting's devices and the user's computer. Some network environments do not allow users to establish that kind of tunnel. And some network administrators need to be able to audit and control the tunnel traffic.

That is where the Enterprise Connection Manager comes in. When ECM is enabled all Local Connection requests by all users will go through the ECM, instead of the users' computers.

If run from a DMZ the network administrator can have complete control over what can be accessed over a Local Connection.

How do I use it?

First, make sure that your account is enabled to use the Enterprise Connection Manager. Contact Support if you need help with this.

Install with NPM

npm install -g cbt-enterprise-connection-manager

Install with Git

  1. Clone this repository:

    git clone https://github.com/crossbrowsertesting/connection-manager

  2. Move to the new directory:

    cd connection-manager

  3. Download the dependencies:

    npm install

  4. Optional: create a link to a folder in your path:

    ln -s cbt-enterprise-connection-manager.js ~/bin/cbt-ecm

Install with pre-compiled binary

Coming soon! If this is something you would like to see ASAP, contact Support.

Then run it!

If you installed it with npm -g:

cbt-enterprise-connection-manager --username <email address> --authkey <authkey>

If you didn't:

./cbt-enterprise-connection-manager --username <email address> --authkey <authkey>

You may want to use PM2, Monit, or a related process management utility to ensure that ECM is always running.

How does it work?

ECM establishes a long-running secure websocket connection to CrossBrowserTesting. When a user requests a Local Connection, a message will be sent over the websocket to the ECM asking it to start a Local Connection tunnel for the user. As far as the user is concerned, our service will operate the same as it always has but the tunnel will start from the ECM, not their machine.

Be aware that users will not be able to enable Local Connection if the ECM is not running.

How do I troubleshoot issues with my Local Connection?

The difficulty with troubleshooting Local Connections lies in all the unknowns present in users' environments. Office networks, corporate intranets, and home connections are subject to any number of potential access-restricting devices and software. The good news is there is nearly always a way to connect with CBT via one of our tunnel options.

Start simple

The CrossBrowserTesting Chrome extension is the most straightforward implementation of our Local Connection tunnel. Once installed and enabled according to the instructions provided, begin a Live Test on a site such as https://whatismyip.com. If you see your location/IP address through our app, then the Local Connection is functioning properly and no networking troubleshooting is required.

The Chrome Extension and Node.JS/Binary tunnel use the same manner of connection, so if the Chrome Extension works, so should the Node tool.


If your Local Connection does not function in a Live Test, properly or at all, then your first course of action should be to verify Port 443 is open for traffic to and from CrossBrowserTesting. This can be done by performing a WebSockets Test. If reaching out to CrossBrowserTesting Support for further troubleshooting, please include your Results ID with your inquiry.

You should see the following results for Port 443. If you do not, please consult with your Network staff to resolve this issue.


Proxy server

If you are using a Proxy Server, you must perform additional configuration steps for the Local Connection to function. As we have no way of determining this, the best option is to ask your Network staff. If applicable, they will provide you the appropriate IP and Port information to enter into the Proxy Server settings within the CrossBrowserTesting App. Similarly, you must input the appropriate Proxy Server parameters for the Node.JS Local Connection tunnel as described in the tool's documentation.

Proxy server parameters

Click the image to enlarge it.


If you have successfully verified Port 443 is open to CrossBrowserTesting traffic, and that you either do not have a proxy server or you have applied the appropriate configuration changes, then the issue may be present in your network's firewall.

Once again, it is imperative that you ask your Network staff if CrossBrowserTesting may be blocked by certain firewall rules. If this is the case, our Support staff may provide you a consistent IP address to be put on the allow list.

Reach out

Once you have verified the issue does not lie in the most common areas listed above, you may reach out to us at Support or via Intercom and we will be happy to help. Please indicate that you have performed the steps as described in this document and that you have consulted with your network staff to try and resolve the issue.

Ports needed opening to connect behind a firewall

Most firewalls will allow users inside the firewall to initiate connections outwards, so the following will not apply. For users with restrictive firewall policies that prevent outgoing connections or outgoing vnc connections, please read the following.

CrossBrowserTesting provides the Live Test service via a VNC client to connect and display the remote browser. In your account's settings, there are three options for browser-based VNC clients, and one option for a Desktop-based VNC client.

Client type dropout

Click the image to enlarge it.

Ports required to be open by VNC client type

  • HTML5: Uses port 443 over HTTPS via WebSockets (WSS).

  • VNC Client: Uses port range 5920-6100 over TCP.

By default, traffic from a Live Test connects to livetest.crossbrowsertesting.com. Traffic on this subdomain runs across a "high-speed network" which improves the responsiveness of your test session. However, this address resolves to changing IP addresses based on an analysis of the fastest path. Because the resolved IP address varies, it is easier to set firewall rules for a consistent IP address using our standard domain: crossbrowsertesting.com(Please contact support for the IP address).

To set up a firewall rule with our consistent IP address, follow these steps:

  1. Turn off the "High-Speed Network" setting in your account settings, which will resolve our outgoing VNC connections to crossbrowsertesting.com (see image below).

  2. Add a rule to your firewall allowing connections initiated from inside your network on port 80 and ports 5920-6100 to our IP (please contact support for the IP address).

  3. If you are using the HTML5 client you may also need to allow for port 843 and 443 outbound to crossbrowsertesting.com.

Live test settings

Click the image to enlarge it.

If you want to continue to use the High-Speed Network, leave the High-Speed Network setting on, and configure your firewall to allow connections initiated from inside your network on port 80, 443 and / or ports 5920-6100. Do not try to filter on destination IP address, as it will continually change.

If you are using a desktop VNC client, it will always use a port from 5920 - 6100. The HTML5 clients use port 80 or 443 to connect.

Have questions or need help on this? Call us or send an email.

See Also

About Local Testing
Using the CrossBrowserTesting Local Connection Chrome Extension
Testing on a Local Machine

Highlight search results