Network Access Rules
On this page, you will find reference material to help you configure Broadsign Control Products with various networking parameters.
Note: For detailed information about security features and strategies in Broadsign Control, see Communication Security Distribution.
This section lists the firewall rules to configure.
General Firewall Rules
|DSCP: Broadsign Control Information||10799||TCP||Outgoing||
Broadsign Control Edge ServerCluster (see Destination Hostnames).
Broadsign Control Player self-registration process.
|CTP: Broadsign Content Downloads||10805||TCP||Outgoing||
Broadsign Control Edge Server Cluster (see Destination Hostnames).
|Broadsign Control Administrator and Broadsign Control Player Login Service||443||TCP||Outgoing||
Broadsign Control Production environment (see Destination Hostnames)
Mandatory for all aspects of Broadsign Control Player operations.
Broadsign Publish Firewall Rules
If you require Broadsign Publish (or Broadsign Creator) content, you will need to configure the following networking parameters:
|Broadsign Control Player (BSP) Version #||Port||Type||Direction||Destination(s)|
|BSP v12.1+||443||TCP||Outgoing||Broadsign Publish/Broadsign Creator|
|BSP v12.0 and under||80||TCP||Outgoing||Broadsign Publish/Broadsign Creator|
Broadsign Control Live Firewall Rule
If you are using Broadsign Control Live, you will need to configure the following networking parameters:
Broadsign Edge Server Firewall Rule
If you are using an edge server with built-in HTTP server enabled, you will need to configure the following network parameters:
If you use Broadsign Control API (with either our REST or SOAP architecture), you will need to open a port to allow outbound access. Each protocol has its own hostnames and ports as described below:
For more information, see Basic Request Structure.
For more information, see PHP Developers: Step 4 - Configure your Installation or Java Developers: Step 4 - Configure your Installation.
|FTP: Broadsign Remote Diagnostics||21||TCP||Outgoing||Broadsign Remote Diagnostics Server|
|HTTP: Broadsign Crash Reporting||80||TCP||Outgoing||Broadsign Crash Report Server|
The following destination hostnames are used.
Broadsign Server Cluster (Port 10799 and 10805)
- bss.broadsign.com (for users of Broadsign Control Administrator)
Broadsign Server Cluster (Port 443)
- control-prod.broadsign.com (for users of Broadsign Control Administrator and Broadsign Control Player)
- player.control-prod.broadsign.com (for users of Broadsign Control Player)
- content.control-prod.broadsign.com (for users of Broadsign Control Player)
Crash Reporting Server (Port 80)
Broadsign Remote Diagnostics Server (Port 21)
Sometimes, the IT policy of a site requires to explicitly hard-code the IP addresses of Broadsign Control Server into the firewall rules. We understand that sometimes it is necessary to comply with a third-party IT policy when piggybacking on another network. However, please take note of the following warning:
Warning: Hard-coding the server IPs into a firewall is not recommended. Broadsign reserves the right to change its server IPs at any time. Broadsign is not responsible for service interruptions due to static IP rules set in client firewalls.
The IP range of the primary Broadsign Control Server AWS Cloud is:
- 188.8.131.52 to 184.108.40.206
In addition, the following IPs are for disaster recovery purposes and should also be added to any IP-based firewall rules: