If you run your OnSign TV players behind a firewall, it will be required to configure a few domains and ports for the players to operate.
Please, make sure you build your Firewall rules using the domains listed below and NOT an IP-based whitelisting. We would like to reinforce this recommendation as:
- Using domains will keep the service working in case an IP is changed
- OnSign TV requires access to Google Cloud Storage, which does not have a published list of IPs. Read more about proxying Google Cloud Storage here.
OnSign Domains and Ports
HTTPS traffic (port 443)
- *.onsign.tv
- *.signagewidgets.net, signagewidgets.net
- storage.googleapis.com
HTTP traffic (port 80)
- *.signagewidgets.net, signagewidgets.net
- ocsp.sectigo.com
- ocsp.comodoca.com
NTP traffic (port 123)
- *.ntp.org
White Label Players
If you are using a White Label, then you should:
- add a rule with your custom domain instead of the *.onsign.tv
- add your White Label server-specific URL (port 443). This is the URL used to configure the CNAME for your White Label URL. You can use this tool to find your CNAME setting in case you don’t remember it.
Here is an example of the additional rules required to be configured for the White Label app.123-signage.com in this case it is required to add these two rules:
- app.123-signage.com (port 443)
- app-r4zfwn.signagewidgets.net (443)
Hardware Specific Whitelisting
Depending on your hardware manufacturer it is required to whitelist additional domains as follows:
Samsung SSSP and Tizen Screens
- *.samsungcloudsolution.com
LG webOS
- lgtvonline.lge.com
BrightSign
- *.brightsignnetwork.com
Testing your Firewall
Just use the actual player or connect a computer to the player network and open this URL in a browser to test your firewall rules.