- 14 Jul 2023
- 2 Minutes to read
- Print
- DarkLight
Using LightSpeed VT Behind a Firewall
- Updated on 14 Jul 2023
- 2 Minutes to read
- Print
- DarkLight
If users are not able to connect to the LightSpeed VT app through a firewall even though all necessary domains are whitelisted, please check that Starfield Services CA and Amazon Trust Services CA certificate authorities are added to your firewall’s CA allowed list
The LightSpeed VT System is a web application that is accessible around the world as long as you have an internet connection. Any restrictions for browsing certain or any parts of the web application depend on how your Internet security and firewall are setup.
Firewalls
Sometimes companies (places like; offices, schools, banks, etc.) have their Internet security and firewall setup to block certain sites that they don’t know about. In situations where end users are reporting odd behavior that you cannot replicate on your end; their Internet security and firewall settings are often the reason why.
Here’s the URL/domain that you can white list for all LightSpeed VT System activity:
*.lightspeedvt.com
As soon as that’s setup, all domains/subdomains that contain *.lightspeedvt.com will be whitelisted.
We also highly recommend disabling cache on your server/firewall as this has been known to cause issues.
If users are not able to connect to LightSpeed VT through a firewall even though all necessary domains are whitelisted, please check that Starfield Services CA and Amazon Trust Services CA certificate authorities are added to your firewall’s CA allowed list.
Server Caching
In addition to the normal firewall settings, server caching is a feature used in some offices to store visited websites locally in the office so that it does not have to re-downloaded when a user visits the website again. For the LightSpeed VT application to work properly this needs to be disabled for *.lightspeedvt.com (LightSpeed VT Domains). If this is not disabled, it will create login or application issues.
Email Whitelisting
Our email provider is configured using correct SPF and DKIM configurations. We are delivering email from email.lsvtmail.com, but the root domain is used to show the reply address.
We would recommend that you whitelist: email.lsvtmail.com, lsvtmail.com and the IP address: 167.89.8.211
Additional SPF setting help:
In your email serving environment, a DNS administrator needs to update the SPF records to include lsvtmail.com and sendgrid.net, or to add the single dedicated IP address, 167.89.8.211.
For example:
v=spf1 include:lsvtmail.com ~all OR v=spf1 include:sendgrid.net ~all OR v=spf1 mx ip4:167.89.8.211 ~all
You can also take advantage of DMARC monitoring through SendGrid and ValiMail (requires sign-up) when using monitoring mode (p=none).
In general, Gmail puts particular and increasing weight on DMARC authentication in its rating of email senders. Check out Gmail’s DMARC Initiative to see what Gmail recommends in implementing DMARC as a part of deliverability troubleshooting.
Additionally, if you have the desire for increased email security, you may wish to consider modifying your SPF from a softfail (~all) to a hardfail (-all)