This article outlines requirements to the local network, as well as the addresses for all other infrastructure in case firewall rules will need to be set up. In most cases the Little Green Button will work out of the box, but in managed environments or networks with tight security it may be necessary to allow connectivity.


Installations of the Little Green Button use the local area network to communicate with each other. When sending and receiving alerts across different subnets is needed, connectivity to our bridge servers is necessary. These bridge servers are also where information from your alerts is collected for displaying on the Alert Reports. Additionally, advanced configuration will need the buttons to be able to communicate with the MyLGB servers. The buttons will also periodically check back with the licencing server to see if there are any changes to the licence (expiry date, licence name, etc.).


Communication inside your network

Communication should be allowed over UDP and TCP protocols. Your network router, network firewall and any personal firewalls must be configured to allow this communication. During installation, Little Green Button automatically configures Windows Firewall (if present) with the necessary exceptions. If a 3rd party firewall is being used the system administrator may need to manually create the exceptions, either at application-level or port-level.


Firewall exception by application (preferred)

If the 3rd party firewall supports this feature, it is preferable to create exceptions for each of the Little Green Button components, rather than exceptions for specific ports. The applications that require exceptions are:

%programfiles(x86)%\Little Green Button\lgb\lgbgui.exe
%programfiles(x86)%\Little Green Button\lgb\lgbsvc.exe
%programfiles(x86)%\Little Green Button\lgb\lgbsvcinconsole.exe


Firewall exception by port

Unless otherwise configured, the default port selection is as follows:

ProtocolDefault Port
UDP999
TCP999


Communication outside your network

Little Green Button uses resources hosted at littlegreenbutton.com. If a proxy server, firewall or gateway prevents access to such resources it must be configured with an exception.


Domain-specific exception (preferred)

The rules should allow http and https access to *.littlegreenbutton.com. Due to the nature of parts of the infrastructure and to be prepared for any changes in our provisioned instances, this is the best approach to ensure continued service.


IP-specific exception

It is highly advised to have a wildcard exception to cover the littlegreenbutton.com-domain, but in some cases administrators will want to set up rules specifying IP addresses. In this case, please use the below table as reference.

IPPort(s)Use
82.163.20.2380, 443WWW/Config
54.155.204.65 *443Licence
54.76.0.100443euw1-1 Bridge
54.195.69.170443euw1-2 Bridge
13.41.88.30443euw2-1 Bridge
35.178.43.225443euw2-2 Bridge


* licence.littlegreenbutton.com is handled by a load balancer which spreads traffic across two IP addresses (34.252.95.150 / 34.247.78.16). These addresses are dynamically provided to us and as such, while unlikely to change, should not be treated as static.


Be aware that these resources are required both for

  • logged on interactive users (running lgbgui.exe)
  • the Local System account (running the Windows Service lgbsvc.exe)


Encryption

In the current version, connections are encrypted using the TLS1.2 protocol (or latest available).

Previous versions (3.6 and earlier) will be limited to using TLS1.0, please update your version as soon as possible.


More details on TLS are explained in this article.


Mobile app Push Notifications

Push message notifications for the mobile app are implemented through the FCM platform and can potentially be blocked by firewalls. Port requirements are detailed in the relevant article in the Firebase documentation.



Schematic