Using LightSpeed VT Behind a Firewall

If users are not able to connect to the LightSpeed VT app through a firewall even though all necessary domains are whitelisted, please check that Starfield Services CA and Amazon Trust Services CA certificate authorities are added to your firewall’s CA allowed list

The LightSpeed VT System is a web application that is accessible around the world as long as you have an internet connection. Any restrictions for browsing certain or any parts of the web application depend on how your Internet security and firewall are setup.

Firewalls

Sometimes companies (places like; offices, schools, banks, etc.) have their Internet security and firewall setup to block certain sites that they don’t know about. In situations where end users are reporting odd behavior that you cannot replicate on your end; their Internet security and firewall settings are often the reason why.

Here’s the URL/domain that you can white list for all LightSpeed VT System activity:

*.lightspeedvt.com

As soon as that’s setup, all domains/subdomains that contain *.lightspeedvt.com will be whitelisted.

Server Caching

In addition to the normal firewall settings, server caching is a feature used in some offices to store visited websites locally in the office so that it does not have to re-downloaded when a user visits the website again. For the LightSpeed VT application to work properly this needs to be disabled for *.lightspeedvt.com (LightSpeed VT Domains). If this is not disabled, it will create login or application issues.

Email Whitelisting

Our email provider is configured using correct SPF and DKIM configurations. We are delivering email from email.lsvtmail.com, but the root domain is used to show the reply address.

We would recommend that you whitelist: email.lsvtmail.com, lsvtmail.com and the IP address: 167.89.8.211

Additional SPF setting help:

In your email serving environment, a DNS administrator needs to update the SPF records to include lsvtmail.com and sendgrid.net, or to add the single dedicated IP address, 167.89.8.211.

For example:
v=spf1 include:lsvtmail.com ~all OR v=spf1 include:sendgrid.net ~all OR v=spf1 mx ip4:167.89.8.211 ~all

You can also take advantage of DMARC monitoring through SendGrid and ValiMail (requires sign-up) when using monitoring mode (p=none).

In general, Gmail puts particular and increasing weight on DMARC authentication in its rating of email senders. Check out Gmail’s DMARC Initiative to see what Gmail recommends in implementing DMARC as a part of deliverability troubleshooting.

Additionally, if you have the desire for increased email security, you may wish to consider modifying your SPF from a softfail (~all) to a hardfail (-all)