EngagePHD simply needs access to the Internet in order for your Players (be it Samsung SoC Displays, LG webOS Displays, Panasonic Android Displays, Philips Android Displays, External Android Media Players or External Windows Players) to connect to the EngagePHD Cloud to receive content and perform scheduled health checks. However you may have the need to ‘lock down’ your firewall. Below you will find the information needed to configure your firewall.
IMPORTANT: Firewall Changes
As we constantly ensure our platform remains secure and always available, we are implementing a WAF (Web Application Firewall) which will be implemented on February 1st, 2021. For many, this change will require no action, however for those customers that have made specific changes to their firewall, then you will need to ensure that you allow access to the IP address 45.60.62.181 no later than 9am Mountain Time on Monday February 1st 2021, otherwise your Players will no longer be able to perform health checks and download any content. We apologize for the inconvenience that this might cause for some of our customers, however security is our top priority and we must ensure we take proactive precautions.
If you do want to lock down your firewall, then the following needs to be allowed through your firewall:
- go.engagephd.com – 45.60.62.181
- go.engagephd.com – 146.20.125.30
- go.pinghd.com – 146.20.125.29
- uploads.engagephd.com – 104.239.186.96
- firmware.engagephd.com – 23.253.109.232
- samsung.engagephd.com – 104.239.186.97 (used for Samsung Remote)
- Ports 80 & 443 and if using Samsung Remote allow 7001 & 7002
Cenique Players
- http://cdms.cenique.com/ (AND) https://cdms.cenique.com/
- http://*.cenique.com (AND) https://*.cenique.com
- https://ddgwffwbmhdpt.cloudfront.net/
- https://d1zo4aroye8xv6.cloudfront.net
Synchronized Content
If there is a requirement to synchronize content across multiple screens/players then the LAN/VLAN must allow UDP traffic and IGMP Snooping V3. It is also required that no other equipment other than the screens/players are on the same LAN/VLAN if you want to synchronize.
STP should be enabled.
BrightSign BSN.cloud
Please see: BSN.cloud – ports and URLs for the BrightSign players and software
The following only needs to be allowed if ‘Users‘ want to preview the Layouts/Players in their web browsers. Occasionally IT departments like to place the Players on their own VLAN, but Users can login in from anywhere that they can get they laptop, desktop, tablet or smart phone online. If the corporate LAN where Users typically log in to managed their EngagePHD Digital Signage network is locked down, then the following should also be opened:
- https://6cb2eed7a5ec108370bd-a7b0130eb6720e1a154b92b7d1b5e185.ssl.cf5.rackcdn.com
- http://fba1ef35fca028ded738-a7b0130eb6720e1a154b92b7d1b5e185.r25.cf5.rackcdn.com