This article outlines requirements to the local network, as well as the addresses for all other infrastructure in case firewall rules will need to be set up. In most cases the Little Green Button will work out of the box, but in managed environments or networks with tight security it may be necessary to allow connectivity.
Installations of the Little Green Button use the local area network to communicate with each other. When sending and receiving alerts across different subnets is needed, connectivity to our bridge servers is necessary. Additionally, advanced configuration will need the buttons to be able to communicate with the MyLGB servers. The buttons will also periodically check back with the licencing server to see if there are any changes to the licence (expiry date, licence name, etc.).
Communication inside your network
Communication should be allowed over UDP and TCP protocols. Your network router, network firewall and any personal firewalls must be configured to allow this communication. During installation, Little Green Button automatically configures Windows Fireall (if present) with the necessary exceptions. If a 3rd party firewall is being used the system administrator may need to manually create the exceptions, either at application-level or port-level.
Firewall exception by application (preferred)
If the 3rd party firewall supports this feature, it is preferable to create exceptions for each of the Little Green Button components, rather than exceptions for specific ports. The applications that require exceptions are:
Firewall exception by port
Unless otherwise configured, the default port selection is as follows:
Communication outside your network
Little Green Button uses resources hosted at littlegreenbutton.com. If a proxy server, firewall or gateway prevents access to such resources it must be configured with an exception.
Domain-specific exception (preferred)
The rules should allow http and https access to *.littlegreenbutton.com
It is preferred to have exceptions to cover the domain, but in some cases administrators will want to set up rules specifying IP addresses. In this case, please use the below table as reference.
|220.127.116.11 *||443||UK-1 Bridge|
|18.104.22.168 *||443||UK-2 Bridge|
|22.214.171.124 *||443||UK-3 Bridge|
|126.96.36.199 *||443||UK-4 Bridge|
* Currently, customers are being transferred in batches from UK to euw-servers, and the IP addresses for UK-servers will no longer be relevant at the end of September 2022, as these servers will be retired from service and replaced by the euw-pool.
Be aware that these resources are required both for
- logged on interactive users (running lgbgui.exe)
- the Local System account (running the Windows Service lgbsvc.exe)
In the current version, connections are encrypted using the TLS1.2 protocol (or latest available).
Previous versions (3.6 and earlier) will be limited to using TLS1.0, please update your version as soon as possible.
More details on TLS are explained in this article.