Network Requirements and Firewall Configuration

Network Requirements and Firewall Configuration

This guide is for IT administrators who need to configure network access for LobbyFlight displays. Here you'll find all the information about required ports, domains, and security settings.

Minimum Requirements

Internet Connection

Network Connection

Required Domains

Primary Domains

The following domains must be accessible:

# Main application
lobbyflight.com
*.lobbyflight.com

# API server
api.lobbyflight.com

# Content Delivery
cdn.lobbyflight.com

Third-Party Domains

For complete functionality:

# Google Fonts
fonts.googleapis.com
fonts.gstatic.com

# Weather service (if enabled)
api.openweathermap.org

# Analytics (optional)
analytics.lobbyflight.com

Required Ports

Outgoing Connections

Important Notes

Firewall Configuration

Recommended Whitelist Rules

# Primary traffic
ALLOW OUT TCP *.lobbyflight.com:443
ALLOW OUT TCP *.lobbyflight.com:80

# DNS resolution
ALLOW OUT UDP *:53

# Google services (fonts)
ALLOW OUT TCP fonts.googleapis.com:443
ALLOW OUT TCP fonts.gstatic.com:443

# Weather service
ALLOW OUT TCP api.openweathermap.org:443

Sample Configurations

pfSense / OPNsense

# Alias: LobbyFlight_Domains
lobbyflight.com
*.lobbyflight.com

# Firewall Rule
Action: Pass
Interface: LAN
Protocol: TCP
Destination: LobbyFlight_Domains
Destination Port: 443, 80

Sophos / FortiGate

# FQDN Object
Name: LobbyFlight
FQDN: *.lobbyflight.com

# Firewall Policy
Source: Display_VLAN
Destination: LobbyFlight
Service: HTTPS, HTTP
Action: Accept

Windows Firewall (GPO)

# PowerShell command
New-NetFirewallRule -DisplayName "LobbyFlight" `
  -Direction Outbound `
  -RemoteAddress Any `
  -RemotePort 443,80 `
  -Protocol TCP `
  -Action Allow

Proxy Configuration

Transparent Proxy

LobbyFlight works with transparent proxies without additional configuration.

Explicit Proxy

For environments with explicit proxy settings:

In Chrome/Android:

URL Whitelist for Proxy

# No proxy for:
*.lobbyflight.com
fonts.googleapis.com
fonts.gstatic.com

SSL Inspection Notes

If SSL inspection is enabled:

VLAN Setup (Recommended)

Dedicated Display VLAN

For maximum security, we recommend a separate VLAN:

VLAN ID: 100
Name: Display_VLAN
Subnet: 10.100.0.0/24
Gateway: 10.100.0.1

# DHCP Range
Start: 10.100.0.10
End: 10.100.0.250

# DNS
Primary: 8.8.8.8
Secondary: 8.8.4.4

Inter-VLAN Rules

# Display_VLAN to Internet
ALLOW Display_VLAN → Internet (443, 80, 53)

# Block other internal access
DENY Display_VLAN → Internal_Networks

Bandwidth Calculations

Per Display

Total for Multiple Displays

10 displays: ~20 KB/s average
50 displays: ~100 KB/s average
100 displays: ~200 KB/s average

Network Monitoring

Health Check Endpoint

GET https://api.lobbyflight.com/health
Expected response: 200 OK

Monitoring Script

#!/bin/bash
# Check LobbyFlight availability
curl -s -o /dev/null -w "%{http_code}"   https://api.lobbyflight.com/health

SNMP Monitoring

If using SNMP for network monitoring:

Troubleshooting

"Connection refused" Errors

Diagnosis:

# Test connection
curl -v https://lobbyflight.com
nslookup lobbyflight.com
telnet lobbyflight.com 443

Solutions:

SSL Certificate Errors

Diagnosis:

# Check certificate
openssl s_client -connect lobbyflight.com:443

Solutions:

Slow Loading

Diagnosis:

# Test latency
ping lobbyflight.com
traceroute lobbyflight.com

Solutions:

Security Considerations

Data Privacy

Hardening Recommendations

Compliance

Support Contact

For network-related issues: