Enterprise firewall allow-listing support for Logitech Sync / CollabOS

We are deploying Logitech Teams Rooms managed through Logitech Sync in a secured enterprise network that enforces strict outbound firewall filtering.

We are currently encountering connectivity disruptions caused by changes in the underlying cloud infrastructure. These shifts result in Teams Rooms intermittently losing access to Sync management and require our network security team to repeatedly reassess and modify firewall rules to re-establish communication.

Based on the current Sync and CollabOS firewall documentation, the service depends on multiple third-party cloud services (AWS IoT, authentication services, CDN endpoints, etc.). Many of these resolve to dynamic infrastructure and shared cloud IP ranges that change over time.

This creates difficulty implementing maintainable firewall policy:

• IP-based allow-listing is not sustainable due to changing infrastructure

• Broadly allowing large cloud provider ranges is not acceptable in our environment

• Devices maintain persistent outbound management connections, which must be narrowly scoped

Request

We would like a supported enterprise allow-listing method that allows us to permit Logitech Sync as a service rather than permitting underlying cloud infrastructure.

We are not requesting static IPs or a specific DNS configuration. Any supported approach (for example vendor-controlled service endpoints, tenant or region-specific hostnames, or documented FQDN-based filtering guidance) that allows deterministic firewall rules would meet this requirement.

Thank you.