What ports do I need to open?

Here are the ports that need to be open and why, organized by our different solutions and what they need.

The following ports need to be opened in order for the Web Filter to function correctly.

Note: For security reasons, only the following ports should be open. Firewalls should not be configured with any port/any address rules inbound to the server as this will leave the server vulnerable to attacks from outside sources. If through troubleshooting procedures an any/any rule is put in place, it must be removed once testing has been completed.

Outbound Ports:

  • TCP-80 HTTP to ddb.lightspeedsystems.com and ddb.lsfilter.com (needed for filtering)
  • TCP-80 HTTP to keys.lightspeedsystems.com (needed for licensing)
  • TCP-1999 to bsdupdate01.lightspeedsystems.com (needed for monitoring)
  • TCP-80 HTTP to updates.lsfilter.com (needed for updates)
  • UDP-123 for date/time sync
  • UDP-1311 (needed for filtering)These must be stateful UDP connections in the firewall; otherwise, you will need an inbound rule to allow UDP with a source port of 1311.

Inbound Ports:

  • TCP-80 and TCP-443 HTTP from anywhere (needed for mobile filteringLaunch, and SIS Imports)
  • TCP-8080 Proxy (if you are planning to use the Rocket as a Proxy Server. We recommend choosing a different open port other than 8080 for additional security.)

Internal Ports:

  • TCP/UDP-1305 LTDP lookup (interrogation)
  • TCP/UDP-1306 Identification Server Service; UA reporting, and Identification Subscription
  • TCP/UDP-1307 Reporting (used between cluster servers and cluster master)
  • TCP/UDP-1310 Policy (used between parent and children appliances)

Mobile Manager (MDM)

  • TCP-80 – this is the basic port used for internet and should be accessible (filtered ok) for devices to work properly. Some additional ports are required depending on OS.

Mobile Manager – iOS

Mobile Manager – Android

  • TCP-5228-5230 to any out (used to communicate to GCM servers)
  • android.clients.google.com

Mobile Manager Hosts

  • https://ls-pki.css-security.com/
  • lsmdm-production.s3.amazonaws.com
  • http://lsurl.me

Classroom Orchestrator (CO)

  • TCP-80 (outbound), TCP-5330

Classroom Orchestrator Hosts

  • api.mybigcampus.com
  • *.lsmdm.com
  • lsorchestration-production.s3.amazonaws.com
  • *.pubnub.com
  • Cdn.lsclassroom.com