Web Player platforms like Unity Web Player, Flash and Silverlight request authorization before they contact a server.
Photon can be configured to grant this authorization by sending crossdomain.xml files.
The actual file sent in response to a policy request is loaded from: \deploy\Policy\assets. There is a separate file for Silverlight and one for Unity and Flash.
In PhotonServer.config, you can specify "PolicyFileListeners", which return the specified policy file:
Policy requests are usually done behind the scenes on TCP Port 843 and 943 (Silverlight), so these two have to be open as well. This includes Windows Security settings, other Firewalls in software and hardware. If you host Photon in a Cloud, check the Security settings of that as well. Amazon's EC2 has Security Groups to restrict access to ports.