This article explains how to configure your network to allow Mimecast Awareness Training video playback by allowlisting the required Vimeo domains, including guidance on applying rules across common firewall, proxy, and DNS filtering solutions.
Overview
Mimecast Awareness Training uses Vimeo as a video hosting and content delivery platform. Vimeo serves exclusively as infrastructure for delivering training video content; it is not used as a social or streaming platform. No Mimecast customer data (usernames, passwords, learner information, or training completion data) is stored on or transmitted to Vimeo. Vimeo hosts only the video files themselves.
The Vimeo player is embedded within the Mimecast Awareness Training platform; learners never navigate to vimeo.com and are never exposed to the public Vimeo website. The integration is comparable to using a content distribution network (CDN) to serve images or documents; Vimeo delivers the video stream, and Mimecast controls everything else.
Symptoms of blocked Vimeo domains
If your organization has blocked Vimeo-related domains at the network or firewall level, Mimecast Awareness Training training videos will not play. Users may see a blank video player, a loading spinner that never resolves, or an error message in place of the training content.
Required domains
To allow Mimecast Awareness Training videos to play, add the following domains to your network's allowlist. These are limited to Vimeo's embedded player and content delivery network, they do not grant access to the vimeo.com website or any public Vimeo content.
| Domain | Purpose |
*.player.vimeo.com
|
Embedded video player and player API |
*.vimeocdn.com
|
Video content delivery network |
fresnel.vimeocdn.com
|
Player telemetry used to track training video engagement and completion |
All embedded video URLs follow the format https://player.vimeo.com/video/{VIDEO_ID}.
Ports: TCP 80 (HTTP) and TCP 443 (HTTPS). UDP 443 (QUIC, if supported by your environment).
Allowlisting these domains does not permit users to browse vimeo.com, search for public videos, or access Vimeo as a streaming platform. Only embedded video content served through the Mimecast Awareness Training platform will be accessible.
Applying allowlist rules
The steps to add domain allowlist entries vary depending on your network infrastructure. Below is general guidance. Consult your firewall or proxy vendor documentation for exact steps.
- Web proxy or secure web gateway (SWG): Add the domains above to your URL allowlist or bypass list. Ensure the rules apply to the user populations that need to complete Engage training (for example, by IP range, user Group, or policy scope).
-
Firewall (e.g., Palo Alto, Fortinet, Cisco): Create application or URL filtering rules that permit traffic to the listed domains on ports 80 and 443. For organizations that require tighter control, some firewall platforms (such as Palo Alto Networks) support URL-level allowlisting. Individual training videos can be permitted using the format
player.vimeo.com/video/{VIDEO_ID}. However, given the size of the Awareness Training content library, domain-level allowlisting is the recommended approach. -
DNS-based filtering (e.g., Cisco Umbrella, Zscaler): Add the domains to your allow policy. If your DNS filtering solution supports wildcard entries, use
*.player.vimeo.comand*.vimeocdn.comto cover subdomains used for regional content delivery.
What data does Vimeo receive?
When a learner watches a training video through Mimecast Awareness Training, the Vimeo player delivers the video stream. Vimeo does not receive or store:
- Learner usernames or passwords.
- Email addresses.
- Training completion or assessment data.
- Any Mimecast customer account information.
The only data exchanged with Vimeo is the standard HTTP request needed to stream the video file (IP address, user agent, video ID). This is functionally identical to loading any image or file from a third-party CDN.
Verifying playback after allowlisting
After applying the allowlist rules:
- Have a test user navigate to an Mimecast Awareness Training training assignment.
- Confirm the video loads and plays without errors.
- If the video still does not load, verify that the allowlist rules are applied to the correct user population or network segment, and that no upstream policy (e.g., a broader block at a parent proxy) is overriding the allowlist.
If you have applied the allowlist and videos still are not loading, or if you have questions about the scope of the domains involved, contact Mimecast Support.
Comments
Please sign in to leave a comment.