Running your HD2 TV Players behind a firewall requires a few domains and ports to be configured for the Players to operate.
Please, make sure you build your firewall rules with the domains listed below and NOT an IP-based whitelisting. We would like to reinforce this recommendation as:
Using domains will keep the service working in case an IP is changed.
HD2 TV requires access to the Google Cloud Storage, which does not have a published list of IPs. Read more about proxying Google Cloud Storage.
HD2 TV Domains and Ports
HTTPS traffic (port 443)
*.onsign.tv
*.signagewidgets.net, signagewidgets.net
storage.googleapis.com
CNAME.signagewidgets.net
To add your server-specific URL (port 443), use the URL which is configured as your URL's CNAME. You can use this tool to find your CNAME setting if you don’t remember it.
As an example, app.123-signage.com would add the rule: app-r4zfwn.signagewidgets.net (443)
HTTP traffic (port 80)
*.signagewidgets.net, signagewidgets.net
ocsp.sectigo.com
ocsp.comodoca.com
OCSP is required for Samsung, LG, and BrightSign. It is not used by Android.
NTP traffic (port 123)
*.ntp.org
Hardware Specific Whitelisting
Depending on your hardware manufacturer it is required to whitelist additional domains as follows:
Samsung SSSP and Tizen Screens
*.samsungcloudsolution.com
LG webOS
lgtvonline.lge.com
BrightSign
*.brightsignnetwork.com
Feature Specific Whitelisting
If you are using specific third-party services it is required to whitelist additional domains as follows:
Hivestack
apps.hivestack.com (ad request and play confirmation calls)
dgg3rnz8nudgw.cloudfront.net (creative files download)
cdn-apps.hivestack.com (creative files download)
Testing your Firewall
Simply use the actual Player or connect a computer to the same Player network. Then, open this URL in a browser to test your firewall rules.