Below you will find all the information needed to set up your firewall to allow Sync to function on your firewall secured network. You will also find how to configure the Sync App to use your network proxy for network communication.
Sync App connections to Sync Service
Protocol | Ports | FQDN | Usage of the endpoint |
HTTPS | 443 | sync.logitech.com | Sync service web site. |
HTTPS | 443 | updates.vc.logitech.com | OTA Service domain - API endpoint servicing Logitech VC SW/FW related requests. |
HTTPS | 443 | raiden.vc.logitech.com | Sync Service API domain - A REST API endpoint to handle Sync client's requests |
HTTPS | 443 | svcs.vc.logitech.com | Sync Service API domain - Same API endpoint as raiden.vc.logitech.com servicing Sync API requests. |
HTTPS | 443 | releasenotes.vc.logitech.com | Release note domain - Allows the Sync App access to the latest product release note. |
HTTPS | 443 | cognito-idp.us-west-2.amazonaws.com | 3rd party: AWS authentication API domain - Authenticates Sync App user's credential. |
MQTT/TCP | 443 |
a3fejkt9utwjk2-ats.iot.us-west-2.amazonaws.com raiden.iot.us-west-2.vc.logitech.com * May be whitelisted by the domain name specified from the SNI header of TLS Hello Message or the ip address ranges published by AWS (See AWS IP address range) |
3rd party: AWS IOT service API domain - A persistent channel between the Sync App and IOT service for real time device events and commands. - This channel uses MQTT over TCP instead of HTTPS. |
HTTPS | 443 | www.youtube.com | 3rd party: Youtube service endpoint - for playing public Sync service related video. |
HTTPS | 443 | 22ulqg35c4-dsn.algolia.net | Browser |
HTTPS | 443 |
auth.sync.logitech.com |
Browser - SSO endpoint to logon to Sync. |
Web Browser Connections to Sync Portal
Protocol | Ports | FQDN | Usage of the endpoint |
HTTPS | 443 | cognito-idp.us-west-2.amazonaws.com | Browser |
HTTPS | 443 | sync.logitech.com | Browser |
HTTPS | 443 | releasenotes.vc.logitech.com | Browser |
HTTPS | 443 | svcs.vc.logitech.com | Browser |
HTTPS | 443 | support.logitech.com | Browser, also launched by Sync App |
HTTPS | 443 | www.logitech.com | Browser |
HTTPS | 443 | download01.logi.com | Browser |
HTTPS | 443 | 22ulqg35c4-dsn.algolia.net | Browser |
HTTPS | 443 | cdn.lr-in.com r.lr-in.com |
Browser |
HTTPS | 443 | support.logi.com | Browser, also launched by Sync App |
HTTPS | 443 | prosupport.logi.com | Browser, also launch by Sync App |
HTTPS | 443 | youtu.be | Browser, also launched by Sync App |
HTTPS | 443 | www.youtube-nocookie.com | Browser |
HTTPS | 443 | www.displaylink.com | Browser |
HTTPS | 443 | www.google.com/recaptcha | Browser |
HTTPS | 443 | store.servicenow.com/sn_appstore_store.do#!/store | Browser |
HTTPS | 443 | goo.gl | Launched from Sync App |
Sync App Supported Proxy Configurations
Sync App currently supports the following the proxy configurations so that the traffic initiated from the application will be forwarded to the specified proxy in your network. Sync App doesn't recognize any other configurations.
- The user must make any of the supported configurations with the Administrator privileges.
- When multiple supported configurations have been specified, Sync App takes precedence according to the order of the list below.
- Sync App currently supports proxy configuration on Windows only.
Warning: proxy settings which are set by Windows "Proxy settings -> Manual proxy setup" page are not supported - they are applied to current user only and are not applied to system services.
Config Methods | Config Details | |||
Proxy PAC File |
Create a regular text file called ProxyAutoConfigUrl.txt in the folder C:\ProgramData\Logitech\LogiSync\ Specify a PAC url on the file. example: http://wpad.mycompany.com/wpad.dat |
|||
Automatic Proxy Detection | If the network is configured to support Web Proxy Auto-Discovery(WPAD), go to Settings-> Network & Internet -> Proxy -> enable 'Automatically detect settings' |
|||
Manual Proxy Specification | Run Windows cmd.exe and issue 'netsh' command to specify the proxy address: netsh winhttp set proxy <proxyserver IP>:<proxyserver PORT> |
Regional Sync App and CollabOS connections to Sync Service
Sync supports regional data storage in addition to our global site which stores data in the US. Learn more about Sync regional data storage here. Below we list the required ports and IP addresses for each supported region.
Note: SOCKS proxy (which is different from HTTP proxy) is required for mqtt proxy to work.
Two URLs that need to be proxied with SOCKS proxy, port 8883 needs to also be allowed along with port 443.
- Ports
- MQTT: 8883
- HTTPS: 443
- Port 443 is used when there is no proxy involved. When a proxy is required, the device uses 8883 instead of 443.
- URL
- a3fejkt9utwjk2-ats.iot.us-west-2.amazonaws.com
- raiden.iot.us-west-2.vc.logitech.com
Refer to the example below for the PAC file entry:
if(localHostOrDomainIs(host,“a3fejkt9utwjk2-ats.iot.us-west-2.amazonaws.com”) ||
localHostOrDomainIs(host,“raiden.iot.us-west-2.vc.logitech.com”) {
return “SOCKS <PROXY SERVER HOST>:<PORT>“;
}
Sync Europe
Protocol | Ports | FQDN | Region | Usage of the endpoint |
HTTPS | 443 | eu.sync.logitech.com | EU | Sync service web site. |
HTTPS | 443 | updates.vc.logitech.com | Global | OTA Service domain - API endpoint servicing Logitech VC SW/FW related requests. |
HTTPS | 443 | raiden-eu.vc.logitech.com | EU | Sync Service API domain - A REST API endpoint to handle Sync client's requests |
HTTPS | 443 | svcs.vc.logitech.com | Global |
API endpoint for core device services - Same API endpoint as updates.vc.logitech.com |
HTTPS | 443 | releasenotes.vc.logitech.com | Global | Release note domain - Allows the Sync App access to the latest product release note. |
HTTPS | 443 | cognito-idp.eu-central-1.amazonaws.com | EU | 3rd party: AWS authentication API domain - Authenticates Sync App user's credential. |
MQTT/TCP | 443 |
raiden-eu.iot.eu-central-1.vc.logitech.com * May be whitelisted by the domain name specified from the SNI header of TLS Hello Message orthe ip address ranges published by AWS (See AWS IP address range) |
EU | 3rd party: AWS IOT service API domain - A persistent channel between the Sync App and IOT service for real time device events and commands. - This channel uses MQTT over TCP instead of HTTPS. |
HTTPS | 443 | www.youtube.com | Global | 3rd party: YouTube service endpoint - for playing public Sync service related video. |
HTTPS | 443 | nooodydw2w-dsn.algolia.net | EU | Browser |
HTTPS | 443 |
auth-eu.sync.logitech.com |
EU | Browser - SSO endpoint to logon to Sync. |
Sync France
Protocol | Ports | FQDN | Region | Usage of the endpoint |
HTTPS | 443 | fr.sync.logitech.com | FR | Sync service portal web site. |
HTTPS | 443 | updates.vc.logitech.com | Global | OTA Service domain - API endpoint servicing Logitech VC SW/FW related requests. |
HTTPS | 443 | raiden-fr.vc.logitech.com/ | FR | Sync Sevice API domain - A REST API endpoint to handle Sync client's requests |
HTTPS | 443 | svcs.vc.logitech.com | Global |
Sync Service API domain - Same API endpoint asraiden.vc.logitech.com servicing Sync API requests. |
HTTPS | 443 | releasenotes.vc.logitech.com | Global | Release note domain - Allows Sync client pulling out the latest product release note. |
HTTPS | 443 | cognito-idp.eu-west-3.amazonaws.com/ | FR | 3rd party: AWS authentication API domain - Authenticates Sync client user's credential. |
MQTT/TCP | 443 |
raiden-fr.iot.eu-west-3.vc.logitech.com * May be whitelisted by the domain name specified from the SNI header of TLS Hello Message or the ip address ranges published by AWS (See AWS IP address range) |
FR | 3rd party: AWS IOT service API domain - A persistent channel between the Sync client and IOT service for real time device events and commands. - This channel uses MQTT over TCP instead of HTTPS. |
HTTPS | 443 | www.youtube.com | Global | 3rd party: Youtube service endpoint - for playing public Sync service related video. |
HTTPS | 443 | 22p7t06bm3-dsn.algolia.net | FR | Browser |
HTTPS | 443 |
auth-fr.sync.logitech.com |
FR | Browser - SSO endpoint to logon to Sync. |
Sync Canada
Protocol | Ports | FQDN | Region | Usage of the endpoint |
HTTPS | 443 | ca.sync.logitech.com | CA | Sync service portal web site. |
HTTPS | 443 | updates.vc.logitech.com | Global | OTA Service domain - API endpoint servicing Logitech VC SW/FW related requests. |
HTTPS | 443 | raiden-ca.vc.logitech.com/ | CA | Sync Sevice API domain - A REST API endpoint to handle Sync client's requests |
HTTPS | 443 | svcs.vc.logitech.com | Global |
Sync Service API domain - Same API endpoint asraiden.vc.logitech.com servicing Sync API requests. |
HTTPS | 443 | releasenotes.vc.logitech.com | Global | Release note domain - Allows Sync client pulling out the latest product release note. |
HTTPS | 443 | cognito-idp.ca-central-1.amazonaws.com | CA | 3rd party: AWS authentication API domain - Authenticates Sync client user's credential. |
MQTT/TCP | 443 |
raiden-ca.iot.ca-central-1.vc.logitech.com * May be whitelisted by the domain name specified from the SNI header of TLS Hello Message or the ip address ranges published by AWS (See AWS IP address range) |
CA | 3rd party: AWS IOT service API domain - A persistent channel between the Sync client and IOT service for real time device events and commands. - This channel uses MQTT over TCP instead of HTTPS. |
HTTPS | 443 | www.youtube.com | Global | 3rd party: Youtube service endpoint - for playing public Sync service related video. |
HTTPS | 443 | k9bg9ds671-dsn.algolia.net | CA | Browser |
HTTPS | 443 |
auth-ca.sync.logitech.com |
CA | Browser - SSO endpoint to logon to Sync. |
FAQs
Q: Should firewall ports be open unidirectionally or bidirectionally?
A: The Sync App always initiates connections to the internet. No remote services would initiate connection to the app. Only unidirectional (outgoing) should be sufficient
Q: While configuring the firewall, should the source IP address correspond to the VLAN IP address?
A: The IP address of a device running the Sync App is not sensitive or will not impact any functionality. Whether those devices have corresponding VLAN addresses, it can be decided for networking policies.