Many Lightspeed Systems functions require external access to the Lightspeed Server’s management NIC. Such access will be denied if a couple things aren’t in place: 1) the appropriate DNS “NAT” entries identifying the Lightspeed Systems Rocket publicly and privately and 2) required firewall rules.
Note: This document specifically refers to Port 80, yet you can use the same instructions to configure any port.
Note: These instructions also work for setting up your proxy port.
Why enable external port access to the management NIC
- Permit Launch (Lightspeed Dashboard), Mobile Manager, and Classroom Orchestrator integration with Lightspeed Systems Rocket
- Remotely filter with Mobile Filter, including the Mobile Filter Browser for iPhone, iPod, and iPads
- View reports off site
- Allow email summary links to work outside of the network
–Can be also done over port 443 (SSL) if enabled, see SSL Certificate for the Lightspeed Systems Rocket
Note: Our server will first try to retrieve the file over SSL port 443 and if that fails, the server will then try over HTTP port 80. The file will be securely transferred as long as port 443 is enabled.
How to enable Port 80 and Proxy port access
The following information outlines the steps that should be taken to assure users both internal and external to the network can properly access your Lightspeed Systems Rocket.
- Set Up an FQHN
Using a Fully Qualified Host Name (FQHN) vs an external IP allows users to access the server directly while inside without having to loop outside the network and back in. This assumes you’ve created separate DNS settings for external and internal (described below).
- Rocket Settings
Log into the Rocket appliance and navigate to Administration > Network Interfaces.Find the IP Address setting under Management Interface and specify the FQHN for your Rocket. For example, ls.ourusd.k12.ca.us
- Firewall Settings
Create an access rule in your Firewall to translate (NAT) an external IP Address on port 80 to the internal IP Address of Lightspeed Systems Rocket. For example, Port 80: 126.96.36.199 = 10.16.80.2This rule directs the firewall to allow port 80 (HTTP) sessions between the external user and the Lightspeed Systems Rocket.Note: If you are enabling a proxy port (Port 8080, or your particular specified proxy port 80**), you will need to repeat the Firewall Settings step for your specific proxy port.
- DNS Setting
Create an entry to translate the FQHN to the internal IP of the Rocket. For example, ls.ourusd.k12.ca.us = 10.16.80.2This will assure that users inside the network access the Rocket directly, rather than having their selected action(s) travel out of the network and then back in.External DNS
Create an entry to translate the FQHN to the external IP of the Lightspeed Systems Rocket. For example, ls.ourusd.k12.ca.us = 188.8.131.52
With these addressing modifications in place, users should be able to access the Rocket from both inside and outside the enterprise network.