Allow *.whispersystems.org, *.signal.org, TCP port 443, and UDP traffic. If you have a transparent or reverse proxy it needs to support WebSockets. Signal uses a non-standard TCP port to catch filtering issues at the signaling step and also utilizes a random UDP port. All UDP ports will need to be opened. The underlying IPs are constantly changing, so it'd be hard to define accurate firewall rules.
Common issues that may indicate you should check your network or firewall settings:
- You have Google Play Services working and cannot register for Signal Android.
- You do not see a QR code to scan when linking with Signal Desktop.