Firewall Configuration

            April 14, 2014

            LearnPad uses various channels to communicate with the central Connect servers and the in-class Dashboard. To enable the full functionality of LearnPad, you should ensure your network implements the firewall exceptions described below.

            To check if your network is compliant, use the on-device troubleshooting guide.

            URL Whitelist

            • learnpad.co
            • www.learnpad.co
            • device.learnpad.co
            • data.learnpad.co
            • time.learnpad.co
            • cloud.learnpad.co
            • connect.learnpad.com
            • learnpad.com

            The following entries can be used if your proxy or filtering system accepts wildcard entries

            *.learnpad.co, *.learnpad.com

            IP Whitelisting

            Note: only use IP whitelisting as a last resort if no other options, such as URL whitelisting, are available.

            IP whitelisting is more complicated because LearnPad uses a range of cloud computing services to ensure high quality service, which by their nature do not use single static IP addresses. The range of IP addresses likely to be used by LearnPad can be found here:

            Unfortunately the IP range for Amazon S3 is not public, so we maintain a best-guess list here:

            		72.21.192.0   - 72.21.223.255       CIDR: 72.21.192.0/19
            		207.171.160.0 - 207.171.191.255     CIDR: 207.171.160.0/19
            		178.236.0.0   - 178.236.7.255       CIDR: 178.236.0.0/21
            		87.238.80.0   - 87.238.81.255       CIDR: 87.238.80.0/21

            Google Cloud Messaging

            Outgoing TCP ports 5228, 5229, and 5230 should be open to allow Google Cloud Messaging. GCM doesn’t provide specific IPs, so you should allow your firewall to accept outgoing connections to all IP addresses contained in the IP blocks listed in Google’s ASN of 15169. These ports are also used by Google to install applications from their Play Store.

            Time Synchronisation Service

            Synchronisation of the on-device clocks is done using the Network Time Protocol, which requires outgoing access via port 123.

            LearnPad ClassView / Control Features (LAN)

            The LearnPad Dashboard can connect directly to your LearnPads and allow you to issue real-time commands or view screens using ClassView.
            The LearnPad dashboard can be run through a browser on a PC / Tablet / Laptop etc.
            Both the LearnPad and the device that is running the dashboard must be connected on the same subnet. For example, if you are using the classroom PC to view the dashboard and its IP address is 192.168.0.66 and the LearnPad has an IP of 192.168.0.69 and your subnet mask is 255.255.255.0 this would indicate that both devices are on the same subnet and the dashboard control will work across the LAN.

            An exception here is if wireless isolation is enabled on your network – this tends to be common on guest networks, if wireless isolation is enabled this will prevent the device communication and the ClassView and control features will not function.

            In addition to the above, if you are using a proxy server you must ensure that the option “bypass proxy server for local addresses” is ticked within your network settings on the device being used to access the dashboard, this can usually be set locally but is sometimes controlled at the network level.

            Within the local network the LearnPad will communicate with the browser. The communication is initiated by the browser on a high port number and the LearnPad listens and talks to the browser on port 37395, 37396 and 37397. You may need to check local security policies on PCs that you intend to run the LearnPad Dashboard from and create an exception for these ports.

            If you are still unable to connect, browse to the following address, replacing the IP address here with the IP address of one of your tablets (The tablet must be turned on and not in hibernation):
            http://192.168.1.20:37396/status

            A successful connection will produce a result similar to the below:

            ID: 17:3B:16:72:73:DE
            LearnPad Version: 300
            Profile ID: 33077
            Screen Server: true

            If your proxy server indicates the IP address of the tablets has been blocked you may need to manually add an exception for the IP range in the advanced proxy settings (in Internet Properties).
            If this connection times out or you are re-directed to your schools proxy server or firewall page, you should check the relevant ports have been allowed.
            If the page loads but the Screen Server shows as false a reboot of the device in question should fix this issue.

            UDP Broadcasts

            LearnPad’s Neighbour Downloads feature relies upon UDP broadcasts in order to function and as such, UDP broadcasts must be enabled on your wireless access points for this functionality to work. In the event that this functionality is not enabled on your wireless access points, LearnPad will download lesson content from the LearnPad servers instead.

            MAC Address Filtering

            If you use MAC address filtering to restrict devices connecting to your schools network the MAC addresses of each device can be obtained from the device information page


            Updated: 09 Apr 2018 03:06 AM
            Helpful?  
            Help us to make this article better
            0 0