Issue description: accessing website https://www.dental3dcloud.com/ or software does not load/launch correctly. We access from addresses 193.104.41.0/24.
Root Cause: Network restrictions blocking required outbound connections to Alibaba Cloud and Shining3D services, specifically over ports 2023 and 8883, combined with reliance on dynamic IP infrastructure.
Resolution: Implement domain-based firewall allow rules and permit outbound TCP traffic on ports 80, 443, 8883, 1883, 8084, and 2023 to required cloud services.
Application/module/function | Source IP/URL | Port (UDP/TCP) | Protocol |
阿里云服务 Alibaba Cloud Services | *.aliyun.com *.aliyuncs.com | 80 / 443 | http https tcp |
| 腾讯云服务 Tencent Cloud Services | *.tencentcloudapi.com *.tencentcloud.com *.myqcloud.com *.tcdn.qq.com *.qcloudcdn.com | 80 / 443 | http https tcp |
先临web服务 Shining 3D Web Services | *.dental3dcloud.com | 80 /443 | http https tcp |
先临api服务 Shining 3D API Service | *.shining3d.com api.shining3d.com | 80 / 443 | http https tcp |
CDN / Assets | cdnimg.shining3d.com
|
|
|
Object Storage | cloud3data.oss-us-west-1.aliyuncs.com |
|
|
MQTT/MQTTS / Realtime | mqtt.dental3dcloud.com
| 1883 / 8883/ 8084 | MQTT over TLS
|
Proprietary backend / device tunnel |
| 2023 |
|
1. Required Firewall Rules - Allow by DOMAIN
Core
*.dental3dcloud.com
*.shining3d.com
Alibaba
*.aliyun.com
*.aliyuncs.com
Tencent
*.tencentcloudapi.com
*.tencentcloud.com
*.myqcloud.com
CDN
*.qcloudcdn.com
*.tcdn.qq.com
cdnimg.shining3d.com
2. Allow by ASN (preferred if IP filtering required)
• Tencent Cloud: AS132203
• Alibaba Cloud: AS45102
3. No SSL Inspection Warning
The system uses:
• TLS-encrypted MQTT (8883)
• Long-lived sessions
Disable SSL inspection / deep packet inspection for:
• - *.dental3dcloud.com
• *.tencentcloudapi.com
• MQTT traffic (8883 / 8084)
4. Alibaba Cloud IP Examples
• 47.88.29.90
• 47.88.111.42
• 47.246.22.194
• 8.209.99.169
5. Direct Asia IP connections on custom port (2023) Examples
• 101.200.34.79:2023
• 120.79.12.238:2023
• 47.110.42.55:2023
• 47.96.154.69:2023
• 8.140.201.23:202
NOTE: IP’s are for example only, they are dynamic and subject to change.
Allow by Domain is recommended for best performance/connectivity.
6. MQTT Broker
• mqtt.dental3dcloud.com → port 8883, 1883 ,8084
• Required for: Sync, Job status, Device Communication
Folder / Paths to add to whitelist on Antivirus Software if enabled
• Intraoral Scanner
o C:\Shining3D\DentalLauncher
• Desktop Scanner
o C:\Shining3D\DentalScan
• Facial Scanner
o C:\FSLauncher
• Order Save Path
o C:\DentalOrder
• Algorithm bug files
o C:\ShiningWork
Common Enterprise Blockers
• Port blocked
o 1883、8883、8083 often not allowed by default
• SSL inspection
o Breaks MQTT TLS, TCP, UDP, WSS handshake
• Geo restrictions
o Broker may resolve to Alibaba Cloud's Silicon Valley node datacenter
Connection Test Tool
Below is a link for a BAT-based diagnostic tool that can be used as a baseline for troubleshooting Shining3D software cloud connectivity, Sync Cloud communication, download failures, CDN access, TLS/HTTPS issues, and general network-related problems.
The tool performs checks related to:
- DNS resolution
- HTTPS/TLS connectivity
- Tencent/CDN reachability
- Proxy configuration
- Firewall state
- Routing/traceroute
- Security software detection
- Recent TLS/Schannel errors
- Active HTTPS connections
A companion interpretation guide is also available to help understand the runtime results and generated log file output.
The tool is intended to assist both end users and IT/security teams during troubleshooting and escalation workflows.
https://drive.google.com/drive/folders/1JffXA5VaLkFws6tOgIE_7XE1LZhuKqTP?usp=sharing