What ports do I need to open?

Here are the ports that need to be open and why, organized by our different solutions and what they need.

Rocket

The following ports needed to be opened for the Lightspeed Systems Rocket management interface.

For security reasons, only the following ports should be open. Firewalls should not be configured with any port/any address rules inbound to the server as this will leave the server vulnerable to attacks from outside sources. If through troubleshooting procedures an any/any rule is put in place, it must be removed once testing has been completed.

Outbound Ports:

  • TCP-80 HTTP to ddb.lightspeedsystems.com and ddb.lsfilter.com (needed for filtering)
  • UDP-1311 (needed for filtering)
    These must be stateful UDP connections in the firewall; otherwise, you will need an inbound rule to allow UDP with a source port of 1311.
  • TCP-80 HTTP to keys.lightspeedsystems.com (needed for licensing)
  • TCP-1999 to bsdupdate01.lightspeedsystems.com (needed for monitoring)
  • TCP-80 HTTP to updates.lsfilter.com (needed for updates)
  • UDP-123 for date/time sync
  • TCP-25 SMTP (needed for reports and the Spam module)
  • TCP-110 POP (Archive module if using a hosted mail service)
  • TCP-20 FTP (Spam module)
  • TCP-21 FTP (Spam module)

Inbound Ports:

  • TCP-80 HTTP from anywhere (needed for mobile filteringLaunch, and SIS Imports)
  • TCP-8080 Proxy (if you are using the Proxy Server)
  • TCP-25 SMTP (if you are using the Spam module)

Internal Ports:

  • TCP/UDP-1305 LTDP lookup (interrogation)
  • TCP/UDP-1306 Identification Server Service; UA reporting, and Identification Subscription
  • TCP/UDP-1307 Reporting (used between parent and children appliances)
  • TCP/UDP-1310 Policy (used between parent and children appliances)
  • TCP/UDP-15868 If using the Websense filtering protocol with a firewall
  • TCP-110 POP Archive module (if using the POP archiver on an internal mail system)

Mobile Manager (MDM)

  • TCP-80 – this is the basic port used for internet and should be accessible (filtered ok) for devices to work properly. Some additional ports are required depending on OS.

Mobile Manager – iOS

Mobile Manager – Android

  • TCP-5228-5230 to any out (used to communicate to GCM servers)
  • android.clients.google.com

Mobile Manager Hosts

  • https://ls-pki.css-security.com/
  • lsmdm-production.s3.amazonaws.com
  • http://lsurl.me

Classroom Orchestrator (CO)

  • TCP-80

Classroom Orchestrator Hosts

  • api.mybigcampus.com
  • *.lsmdm.com
  • lsorchestration-production.s3.amazonaws.com
  • *.pubnub.com
  • Cdn.lsclassroom.com