Network Access Rules
On this page, you will find reference material to help you configure Broadsign Products with various networking parameters.
This section lists the firewall rules to configure.
Content and Network Management Solution Firewall Rules
| Service | Port | Type | Direction | Destination(s) |
|---|---|---|---|---|
| DSCP: Broadsign Control Information | 10799 | TCP | Outgoing |
Broadsign Control Edge ServerCluster (see Destination Hostnames). Broadsign Control Player self-registration process. |
| CTP: Broadsign Content Downloads | 10805 | TCP | Outgoing |
Broadsign Control Edge Server Cluster (see Destination Hostnames). |
| Broadsign Control Administrator and Broadsign Control Player Login Service | 443 | TCP | Outgoing |
Content and Network Management Production environment (see Destination Hostnames) Mandatory for all aspects of Broadsign Control Player operations. |
Local Signage Messaging Solution Firewall Rules
If you require content in our Local Signage Messaging solution, you will need to configure the following networking parameters:
| Port | Type | Direction | Destination(s) |
|---|---|---|---|
| 443 | TCP | Outgoing | Local Signage Messaging/Broadsign Creator |
Broadsign Control Live Solution Firewall Rule
If you are using Broadsign Control Live, you will need to configure the following networking parameter:
| Port | Type | Direction |
|---|---|---|
| 443 | TCP | Outgoing |
For more information, see Broadsign Control Live in the Content and Network Management documentation.
Broadsign Control Edge Server Solution Firewall Rule
If you are using an edge server with built-in HTTP server enabled, you will need to configure the following network parameter:
| Port | Type | Direction |
|---|---|---|
| 8888 | TCP | Outgoing |
For more information, see Broadsign Control Edge Server in the Content and Network Management documentation.
Audience Campaigns Module / Broadsign Ads Firewall Rule
If you are using the Broadsign Platform Audience Campaigns module or Broadsign Ads, you will need to configure the following network parameter:
| Port | Type | Direction |
|---|---|---|
| 443 | TCP | Outgoing |
Enterprise Authentication Firewall Rules
If you are using Broadsign Enterprise Authentication, you will need to configure the following networking parameters:
| Port | Type | Direction | Destination |
|---|---|---|---|
| 443 | TCP | Outgoing | auth0.com |
| 8082 | TCP | Outgoing / Incoming | localhost |
If you use Broadsign Control API (with either our REST or SOAP architecture), you will need to open a port to allow outbound access.
For more information, see Broadsign Control API in the Content and Network Management documentation.
Each protocol has its own hostnames and ports as described below:
REST Architecture
| Hostnames | Port |
|---|---|
|
https://api-sandbox.broadsign.com (sandbox) |
10889 |
| https://api.broadsign.com (production) | 10889 |
SOAP Architecture
| Hostnames | Port |
|---|---|
| https://bssopen-sandbox.broadsign.com (sandbox) | 10803 |
| https://bssopen.broadsign.com (production) | 10803 |
| Service | Port | Type | Direction | Destination(s) |
|---|---|---|---|---|
| FTP: Broadsign Remote Diagnostics | 21 | TCP | Outgoing | Broadsign Remote Diagnostics Server |
| HTTP: Broadsign Crash Reporting | 80 | TCP | Outgoing | Broadsign Crash Report Server |
The following destination hostnames are used.
Broadsign Server Cluster (Port 10799 and 10805)
- bss.broadsign.com (for users of Broadsign Control Administrator)
Broadsign Server Cluster (Port 443)
- *.control-prod.broadsign.com (for users of Broadsign Control Administrator and Broadsign Control Player)
Sometimes, the IT policy of a site requires to explicitly hard-code the IP addresses of Broadsign Server into the firewall rules. We understand that sometimes it is necessary to comply with a third-party IT policy when piggybacking on another network. However, please take note of the following warning:
Warning: Hard-coding the server IPs into a firewall is not recommended. Broadsign reserves the right to change its server IPs at any time. Broadsign is not responsible for service interruptions due to static IP rules set in client firewalls.
Firewall and Static IPs
The IP range of the primary Broadsign Server AWS Cloud is:
- 35.183.92.0 to 35.183.92.31
In addition, the following IPs are for disaster recovery purposes and should also be added to any IP-based firewall rules:
- 54.86.56.66
- 54.210.129.218
- 54.210.236.85
- 54.88.254.12
- 54.210.246.96
Broadsign Control Live Add-On
If you are using the Broadsign Control Live add-on, add the following extra IP address ranges to the allow list based on your location:
| Location | IP Address Range |
| United States |
|
| European Union |
|
| Asia |
|
| India |
|