The following ports need to be opened in order for the Web Filter to function correctly.
Note: For security reasons, only the following ports should be open. Firewalls should not be configured with any port/any address rules inbound to the server as this will leave the server vulnerable to attacks from outside sources. If through troubleshooting procedures an any/any rule is put in place, it must be removed once testing has been completed.
- TCP-80 HTTP to ddb.lightspeedsystems.com and ddb.lsfilter.com (needed for filtering)
- TCP-80 HTTP to keys.lightspeedsystems.com (needed for licensing)
- TCP-1999 to bsdupdate01.lightspeedsystems.com (needed for monitoring)
- TCP-80 HTTP to updates.lsfilter.com (needed for updates)
- UDP-123 for date/time sync
- UDP-1311 (needed for filtering)These must be stateful UDP connections in the firewall; otherwise, you will need an inbound rule to allow UDP with a source port of 1311.
- TCP-80 and TCP-443 HTTP from anywhere (needed for mobile filtering, Launch, and SIS Imports)
- TCP-8080 Proxy (if you are planning to use the Rocket as a Proxy Server. We recommend choosing a different open port other than 8080 for additional security.)
- TCP/UDP-1305 LTDP lookup (interrogation)
- TCP/UDP-1306 Identification Server Service; UA reporting, and Identification Subscription
- TCP/UDP-1307 Reporting (used between cluster servers and cluster master)
- TCP/UDP-1308 Secure Identification Server Service; UA reporting, and Identification Subscription
- TCP/UDP-1310 Policy (used between parent and children appliances)
Ensure that the following ports and domains/hosts are unblocked by your network filter.
The following outbound ports must be open on your network:
- TCP/UDP-443 to communicate to the cloud servers
- TCP/UDP-3478 to share and broadcast screens
- TCP-5349 to share and broadcast screens
The following domains/hosts should be allowed on your network: