The following ports need to be opened in order for the Web Filter to function correctly.
Note: For security reasons, only the following ports should be open. Firewalls should not be configured with any port/any address rules inbound to the server as this will leave the server vulnerable to attacks from outside sources. If through troubleshooting procedures an any/any rule is put in place, it must be removed once testing has been completed.
- TCP-80 HTTP to ddb.lightspeedsystems.com and ddb.lsfilter.com (needed for filtering)
- TCP-80 HTTP to keys.lightspeedsystems.com (needed for licensing)
- TCP-1999 to bsdupdate01.lightspeedsystems.com (needed for monitoring)
- TCP-80 HTTP to updates.lsfilter.com (needed for updates)
- UDP-123 for date/time sync
- UDP-1311 (needed for filtering)These must be stateful UDP connections in the firewall; otherwise, you will need an inbound rule to allow UDP with a source port of 1311.
- TCP-80 and TCP-443 HTTP from anywhere (needed for mobile filtering, Launch, and SIS Imports)
- TCP-8080 Proxy (if you are planning to use the Rocket as a Proxy Server. We recommend choosing a different open port other than 8080 for additional security.)
- TCP/UDP-1305 LTDP lookup (interrogation)
- TCP/UDP-1306 Identification Server Service; UA reporting, and Identification Subscription
- TCP/UDP-1307 Reporting (used between cluster servers and cluster master)
- TCP/UDP-1308 Secure Identification Server Service; UA reporting, and Identification Subscription
- TCP/UDP-1310 Policy (used between parent and children appliances)
The following ports and domains need to be opened in order for Relay to function correctly.
If you’re implementing additional Lightspeed Systems products like Mobile Manager or Classroom, reference this article
for more info on which ports to open.
The following outbound ports must be open on your network:
- TCP/UDP-443 to communicate to the cloud servers
- TCP/UDP-3478 to share and broadcast screens
- TCP-5349 to share and broadcast screens
The following domains/hosts should be allowed on your network: