1. Splashtop Business - Support
  2. Troubleshooting
  3. Connection

What Are the Firewall Exceptions and IP addresses of Splashtop Servers/Services?

Avatar
Support

Splashtop is designed to connect smoothly without requiring complex firewall configuration. In most environments, if the device can access the internet, no further configuration is needed.

However, in more restrictive networks — like corporate environments with strict outbound rules — you may need to allow specific ports or domains for Splashtop to function properly. This article outlines what to allow so that remote sessions, file transfers, and other features work without interruption.

This article applies to all Splashtop Cloud-based solutions

Testing Network Accessibility

To verify if your firewall is blocking Splashtop, you can run a quick connectivity test:

  • Visit www.splashtop.com/check from a device on the affected network.
    The tool will verify access to Splashtop's servers and services.

Note: This tool tests connectivity only from your web browser. A successful result does not guarantee that the installed Splashtop application can connect, since firewall or antivirus rules may behave differently for desktop apps or background services.

Allowing Communication with Splashtop Servers

If firewall restrictions are affecting Splashtop, and your firewall supports domain-based rules, you can allow the following domains to restore connectivity:

Service Region Domains Purpose
All *.api.splashtop.com API and session services
All *.relay.splashtop.com Data relay
All update.splashtop.com
update-g3.splashtop.com		 Streamer and app auto-updates
EU *.api.splashtop.eu API and session services
OC *.api.splashtop.nr API and session services

The asterisk (*) represents a wildcard — it covers all subdomains under the root domain.
How to find your Splashtop service region 🔗 

Note: Regardless of the service region in use, if your users need to use Splashtop services in China or connect to devices located in China, please also allow the *.api.splashtop.cn domain to comply with China ICP filing requirements. Without this domain whitelisted, users may be unable to connect or use Splashtop services in China.

Deep Packet Inspection (DPI) / SSL Inspection

  • If your environment uses deep packet inspection (DPI) or SSL inspection, it may interfere with Splashtop traffic. We recommend bypassing inspection for the domains listed above.

Network Port Requirements 

All Splashtop Cloud traffic is outbound only. You don't need to open any inbound ports on your firewall.

Required ports

  • Port 443 (TCP)
    Primary control channel & data relay (for both HTTP and non-HTTPS over TLS)

Optional & Performance ports

  • Port 6783 (TCP)
    For local connections on the same network, direct connections are point-to-point via TCP port 6783(configurable port).  Only required if internal device-to-device communication is being blocked locally. No external access needed.
  • Ports 9527-9528 (TCP)
    Used only for local (loopback) communication between components. No firewall action is typically required.
  • Port 3479 (UDP) & All UDP ports
    Splashtop uses QUIC for optimized end-to-end connections. This requires outbound UDP port 3479 and dynamic UDP port allocation.

 

IP Addresses of Splashtop Servers

Splashtop servers are hosted across trusted cloud providers, and their IP addresses are dynamically assigned and may be subject to change. Because of this, we strongly recommend using domain-based firewall rules with the wildcard domains listed above, rather than relying on static IP allowlists.

However, if your environment requires IP-based exceptions, you can retrieve the current IP addresses of Splashtop API servers using the following commands:

Global region
  • nslookup st-v3.api.splashtop.com
  • nslookup st-v3-g3.api.splashtop.com
  • nslookup st-v3-src.api.splashtop.com
  • nslookup st-v3-src-g3.api.splashtop.com
  • nslookup st-relay-v3.api.splashtop.com
  • nslookup st-relay-v3-g3.api.splashtop.com
  • nslookup st-lookup-v1.api.splashtop.com
  • nslookup st-lookup-v1-g3.api.splashtop.com
  • nslookup st-premium-v3.api.splashtop.com
  • nslookup st-premium-v3-g3.api.splashtop.com
EU region
  • nslookup st-v3.api.splashtop.eu
  • nslookup st-v3-g3.api.splashtop.eu
  • nslookup st-v3-src.api.splashtop.eu
  • nslookup st-v3-src-g3.api.splashtop.eu
  • nslookup st-relay-v3.api.splashtop.eu
  • nslookup st-relay-v3-g3.api.splashtop.eu
  • nslookup st-premium-v3.api.splashtop.eu
  • nslookup st-premium-v3-g3.api.splashtop.eu
  • nslookup st-lookup-v1.api.splashtop.com
  • nslookup st-lookup-v1-g3.api.splashtop.com
OC region
  • nslookup st-v3.api.splashtop.nr
  • nslookup st-v3-g3.api.splashtop.nr
  • nslookup st-v3-src.api.splashtop.nr
  • nslookup st-v3-src-g3.api.splashtop.nr
  • nslookup st-relay-v3.api.splashtop.nr
  • nslookup st-relay-v3-g3.api.splashtop.nr
  • nslookup st-premium-v3.api.splashtop.nr
  • nslookup st-premium-v3-g3.api.splashtop.nr

For relay server IPs or if IP-based configuration is strictly required, please contact our support team.

IP Addresses Used for Downloads and Auto-Updates

Splashtop uses Amazon CloudFront (AWS) to host the Splashtop Business and Streamer installers, as well as to deliver auto-updates.

If your firewall restricts outbound connections by IP address, you can refer to AWS’s documentation for the most current list of CloudFront edge locations:

CloudFront Edge Server Locations (AWS)🔗 

Note: Make sure port 80 (HTTP) is open to allow downloads and update checks from CloudFront.

Allowing Communication for End-to-end(QUIC) connections

If you'd like to enable QUIC in your environment, follow the steps here:

How to configure my router/firewall to support QUIC🔗 

TLS Certificate Support

Splashtop remote connections use TLS over port 443.
At this time, Splashtop supports RSA-based certificates only. Support for ECDSA-based certificates is currently under evaluation.

Directory

Windows: C:\Program Files (x86)\Splashtop

true
26 out of 50 found this helpful

Articles in this section

See more