What are the Firewall Exceptions and IP addresses of Splashtop servers/Services?

In some network environments, firewalls may be blocking the communication with Splashtop servers and thereby preventing Splashtop from working properly.

Testing Network Accessibility

You can determine whether this is the case by running the Splashtop network check tool from within those network environments. Just browse to www.splashtop.com/check using a device that's on the network you want to test.

Allowing Communication with Splashtop Servers

If communication is blocked, please enable your firewalls to allow communication with the following domains:

  1. Allow access to Splashtop servers
    • (For both Global and EU regions) *.api.splashtop.com (* represents wildcard)
    • (For EU region) *.api.splashtop.eu (* represents wildcard)
    • (For both) *.relay.splashtop.com (* represents wildcard)
    • (For both) update-g3.splashtop.com / update.splashtop.com  (for endpoints auto-update)
  2.  Allow outbound TCP connections over port 443 for both HTTP over TLS and non-HTTP over TLS
  3. Disable/bypass Deep Packet Inspection (DPI) (also may be called SSL Inspection) for Splashtop traffic
    1. Using Palo Alto Networks: GlobalProtect https://docs.paloaltonetworks.com/globalprotect, additional wildcards/hosts may be needed with SSL Inspection enabled.
    2. mceclip0.png

(How to find my service region info: Link.)

Network Port Requirements

  • Port 443
    Allow outbound TCP connections over port 443 for both HTTP over TLS and non-HTTP over TLS.
  • Ports 9527-9528
    To ensure Splashtop operates properly, TCP ports 9527, 9528 must be allowed internally, for streamer and SOS agent respectively.
  • Port 6783
    For local connections on the same network, communications are point-to-point via TCP port 6783(default setting).  For tight firewalls, you need to allow the TCP port internally (not externally).

IP Addresses of Splashtop Servers

Splashtop servers reside in data centers hosted by multiple renowned cloud service providers. The servers' IP addresses are dynamically allocated and change over time. Therefore, it is not really practical to configure your firewall exceptions using IP addresses. The list of IP addresses is long, and they may change from time-to-time. The best way is to configure your firewall exceptions using the wildcard domains above.

If you do need the IP addresses of the Splashtop API servers, you can use the following commands to look up the current IP addresses:

Global region

  • nslookup st-v3.api.splashtop.com
  • nslookup st-v3-g3.api.splashtop.com
  • nslookup st-v3-src.api.splashtop.com
  • nslookup st-v3-src-g3.api.splashtop.com
  • nslookup st-relay-v3.api.splashtop.com
  • nslookup st-relay-v3-g3.api.splashtop.com
  • nslookup st-lookup-v1.api.splashtop.com
  • nslookup st-lookup-v1-g3.api.splashtop.com
  • nslookup st-premium-v3.api.splashtop.com
  • nslookup st-premium-v3-g3.api.splashtop.com
  • nslookup st-premium-v3.api.splashtop.eu
  • nslookup st-premium-v3-g3.api.splashtop.eu

 

EU region

  • nslookup st-v3.api.splashtop.eu
  • nslookup st-v3-g3.api.splashtop.eu
  • nslookup st-v3-src.api.splashtop.eu
  • nslookup st-v3-src-g3.api.splashtop.eu
  • nslookup st-relay-v3.api.splashtop.eu
  • nslookup st-relay-v3-g3.api.splashtop.eu
  • nslookup st-premium-v3.api.splashtop.eu
  • nslookup st-premium-v3-g3.api.splashtop.eu
  • nslookup st-lookup-v1.api.splashtop.com
  • nslookup st-lookup-v1-g3.api.splashtop.com

(How to find my service region info: Link.)

If you need the IP addresses of the Splashtop relay servers, please contact our support team.

IP Addresses of download and auto-update servers for Splashtop endpoints 

Splashtop takes advantage of Cloudfront service hosted by AWS (Amazon Web Services) to host Splashtop Business and Splashtop Streamer installers. If you need to make sure download and auto-update work without being blocked, please follow below instruction provided by AWS to find IP addresses:
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/LocationsOfEdgeServers.html

Port 80 needs to be open, for downloading new version installers from Cloudfront service.

Allowing Communication for End-to-end(QUIC) connections

Please refer to How to configure my router/firewall to support QUIC

true

 

14 out of 31 found this helpful