1.4 Firewall and Proxy Setup Information for Sync
Below you will find all the information needed to set up your firewall to allow Sync to function on your firewall secured network. You will also find how to configure the Sync App to use your network proxy for network communication.
Table of contents
Sync App connections to Sync Service
Protocol
Ports
FQDN
Usage of the endpoint
HTTPS
443
Sync service web site.
HTTPS
443
OTA Service domain
- API endpoint servicing Logitech VC SW/FW related requests.
HTTPS
443
Sync Service API domain
- A REST API endpoint to handle Sync client's requests
HTTPS
443
Sync Service API domain
- Same API endpoint as raiden.vc.logitech.com servicing Sync API requests.
HTTPS
443
Release note domain
- Allows the Sync App access to the latest product release note.
HTTPS
443
3rd party: AWS authentication API domain
- Authenticates Sync App user's credential.
MQTT/TCP
443
a3fejkt9utwjk2-ats.iot.us-west-2.amazonaws.com
raiden.iot.us-west-2.vc.logitech.com
* May be whitelisted by the domain name specified from the SNI header of TLS Hello Message or
the ip address ranges published by AWS (See AWS IP address range)
3rd party: AWS IOT service API domain
- A persistent channel between the Sync App and IOT service for real time device events and commands.
- This channel uses MQTT over TCP instead of HTTPS.
HTTPS
443
3rd party: Youtube service endpoint
- for playing public Sync service related video.
HTTPS
443
Browser
HTTPS
443
Browser
- SSO endpoint to logon to Sync.
Web Browser Connections to Sync Portal
Protocol
Ports
FQDN
Usage of the endpoint
HTTPS
443
Browser
HTTPS
443
Browser
HTTPS
443
Browser
HTTPS
443
Browser
HTTPS
443
Browser, also launched by Sync App
HTTPS
443
Browser
HTTPS
443
Browser
HTTPS
443
Browser
HTTPS
443
Browser
HTTPS
443
Browser, also launched by Sync App
HTTPS
443
Browser, also launch by Sync App
HTTPS
443
Browser, also launched by Sync App
HTTPS
443
Browser
HTTPS
443
Browser
HTTPS
443
Browser
HTTPS
443
Browser
HTTPS
443
Launched from Sync App
Sync App Supported Proxy Configurations
Sync App currently supports the following the proxy configurations so that the traffic initiated from the application will be forwarded to the specified proxy in your network. Sync App doesn't recognize any other configurations.
- The user must make any of the supported configurations with the Administrator privileges.
- When multiple supported configurations have been specified, Sync App takes precedence according to the order of the list below.
- Sync App currently supports proxy configuration on Windows only.
Warning: proxy settings which are set by Windows "Proxy settings -> Manual proxy setup" page are not supported - they are applied to current user only and are not applied to system services.
Config Methods
Config Details
Proxy PAC File
Create a regular text file called ProxyAutoConfigUrl.txt in the folder C:\ProgramData\Logitech\LogiSync\
Specify a PAC url on the file.
example:http://wpad.mycompany.com/wpad.dat
Automatic Proxy Detection
If the network is configured to support Web Proxy Auto-Discovery(WPAD),
go to Settings-> Network & Internet -> Proxy -> enable 'Automatically detect settings'
Manual Proxy Specification
Run Windows cmd.exe and issue 'netsh' command to specify the proxy address:
netsh winhttp set proxy <proxyserver IP>:<proxyserver PORT>
Regional Sync App and CollabOS connections to Sync Service
Sync supports regional data storage in addition to our global site which stores data in the US. Learn more about Sync regional data storage here. Below we list the required ports and IP addresses for each supported region.
Note: SOCKS proxy (which is different from HTTP proxy) is required for mqtt proxy to work.
Two URLs that need to be proxied with SOCKS proxy, port 8883 needs to also be allowed along with port 443.
Ports
MQTT: 8883
HTTPS: 443
Port 443 is used when there is no proxy involved. When a proxy is required, the device uses 8883 instead of 443.
URL
Refer to the example below for the PAC file entry:
if(localHostOrDomainIs(host,“a3fejkt9utwjk2-ats.iot.us-west-2.amazonaws.com”) ||
localHostOrDomainIs(“raiden.iot.us-west-2.vc.logitech.com”) {
return “SOCKS <PROXY SERVER HOST>:<PORT>“;
}Sync Europe
Protocol
Ports
FQDN
Region
Usage of the endpoint
HTTPS
443
EU
Sync service web site.
HTTPS
443
Global
OTA Service domain
- API endpoint servicing Logitech VC SW/FW related requests.
HTTPS
443
EU
Sync Service API domain
- A REST API endpoint to handle Sync client's requests
HTTPS
443
Global
API endpoint for core device services
- Same API endpoint as updates.vc.logitech.com
HTTPS
443
Global
Release note domain
- Allows the Sync App access to the latest product release note.
HTTPS
443
EU
3rd party: AWS authentication API domain
- Authenticates Sync App user's credential.
MQTT/TCP
443
raiden-eu.iot.eu-central-1.vc.logitech.com
* May be whitelisted by the domain name specified from the SNI header of TLS Hello Message or
the ip address ranges published by AWS (See AWS IP address range)
EU
3rd party: AWS IOT service API domain
- A persistent channel between the Sync App and IOT service for real time device events and commands.
- This channel uses MQTT over TCP instead of HTTPS.
HTTPS
443
Global
3rd party: YouTube service endpoint
- for playing public Sync service related video.
HTTPS
443
EU
Browser
HTTPS
443
EU
Browser
- SSO endpoint to logon to Sync.
Sync France
Protocol
Ports
FQDN
Region
Usage of the endpoint
HTTPS
443
FR
Sync service portal web site.
HTTPS
443
Global
OTA Service domain
- API endpoint servicing Logitech VC SW/FW related requests.
HTTPS
443
FR
Sync Sevice API domain
- A REST API endpoint to handle Sync client's requests
HTTPS
443
Global
Sync Service API domain
- Same API endpoint asraiden.vc.logitech.com servicing Sync API requests.
HTTPS
443
Global
Release note domain
- Allows Sync client pulling out the latest product release note.
HTTPS
443
FR
3rd party: AWS authentication API domain
- Authenticates Sync client user's credential.
MQTT/TCP
443
raiden-fr.iot.eu-west-3.vc.logitech.com
* May be whitelisted by the domain name specified from the SNI header of TLS Hello Message or
the ip address ranges published by AWS (See AWS IP address range)
FR
3rd party: AWS IOT service API domain
- A persistent channel between the Sync client and IOT service for real time device events and commands.
- This channel uses MQTT over TCP instead of HTTPS.
HTTPS
443
Global
3rd party: Youtube service endpoint
- for playing public Sync service related video.
HTTPS
443
FR
Browser
HTTPS
443
FR
Browser
- SSO endpoint to logon to Sync.
Sync Canada
Protocol
Ports
FQDN
Region
Usage of the endpoint
HTTPS
443
CA
Sync service portal web site.
HTTPS
443
Global
OTA Service domain
- API endpoint servicing Logitech VC SW/FW related requests.
HTTPS
443
CA
Sync Sevice API domain
- A REST API endpoint to handle Sync client's requests
HTTPS
443
Global
Sync Service API domain
- Same API endpoint asraiden.vc.logitech.com servicing Sync API requests.
HTTPS
443
Global
Release note domain
- Allows Sync client pulling out the latest product release note.
HTTPS
443
CA
3rd party: AWS authentication API domain
- Authenticates Sync client user's credential.
MQTT/TCP
443
raiden-ca.iot.ca-central-1.vc.logitech.com
* May be whitelisted by the domain name specified from the SNI header of TLS Hello Message or
the ip address ranges published by AWS (See AWS IP address range)
CA
3rd party: AWS IOT service API domain
- A persistent channel between the Sync client and IOT service for real time device events and commands.
- This channel uses MQTT over TCP instead of HTTPS.
HTTPS
443
Global
3rd party: Youtube service endpoint
- for playing public Sync service related video.
HTTPS
443
CA
Browser
HTTPS
443
CA
Browser
- SSO endpoint to logon to Sync.
FAQs
Q: Should firewall ports be open unidirectionally or bidirectionally?
A: The Sync App always initiates connections to the internet. No remote services would initiate connection to the app. Only unidirectional (outgoing) should be sufficient
Q: While configuring the firewall, should the source IP address correspond to the VLAN IP address?
A: The IP address of a device running the Sync App is not sensitive or will not impact any functionality. Whether those devices have corresponding VLAN addresses, it can be decided for networking policies.