Articles in this section

See more

Clevertouch | Quick Tips | Network Requirements Documentation for Firewalls

Avatar
Paul Harnett
  • Updated
Follow

Network ports:

Clevertouch Android Operating System - Over-the-air updates

Android 13 and above:

FQDN IP Protocol port Usage
ota.ifpserver.com 20.106.104.54
20.113.10.179 		HTTP 80/443 For detect OTA update
usa-cstore-pri.ifpserver.com 35.244.155.145 HTTP 80/443 Download FW from server

Android 11 and below:

FQDN IP Protocol port Usage
iwbota.com 20.106.104.54
20.113.10.179 		HTTP 80/443 For detect OTA update
ota-static-us.seewo.com 34.160.7.123 HTTP 80/443 Download FW from server


Clevertouch NTP Server - For keeping time and date in sync

  • Server Hostname - 2.android.pool.ntp.org


Cleverlive - Digital signage application 

  • 87.106.215.81 (new)
  • 85.215.121.86
  • 217.160.168.158
  • www.cleverlive.com 
  • live.cleverlive.com

For older devices, and windows devices, this is in addition to keeping (temporarily) these whitelisted 

until your players have been automatically upgraded or you are contacted by us with details of how to manually upgrade your players to the latest software.


Lynx - Whiteboard application and CleverLive Room Booking

  • Server Hostname
    • *.lynxcloud.app
    • api.lynxcloud.app

TCP Ports: 80 (HTTP) & 443 ( HTTPS) 

 

Clevershare - Sharing application 

  • Activation servers:
    • https://linkmsg.bytello.com (based in the U.S)
    • https://license.bytello.com (based in the U.S)
  • Update servers:
    • http://iwbota.com (based in the U.S)
    • https://api.bytello.com (based in the U.S)
  • Software usage:
    • http://friday-sg.bytello.com (based in Singapore)
    • https://share-server.bytello.com (based in the U.S)
    • mc-awsgp.bytello.com (based in the U.S)
    • https://static.bytello.com/bytelloshare/licenses/terms_service.html (based in the U.S)
    • https://static.bytello.com/bytelloshare/licenses/privacy_policy_service_server.html (based in the U.S)
    • https://static.bytello.com/bytelloshare/licenses/user_experience_service.html (based in the U.S)
  • Clevershare application:
Port Protocol Notes
7385,29736,2067,39458/TCP SSP The application will try to open one of the four ports individually; if one is opened successfully, the rest will not.
49200 - 49250/TCP SSP The application will use the first available port starting from 49200
49300 - 49350/UDP SSP The application will use the first available port starting from 49300
1024 - 65535/TCP SSP  Only required for versions before V5.6
for the touch-back function
  • Airplay Protocol:
Port  Protocol Notes
5353/UDP MDNS/Bonjour  
5000 - 7000/TCP Airplay  
Random TCP Video
Random UDP Audio
  • Miracast Protocol:
Port Protocol Notes
21200,21201/UDP RTP + RTCP  
7236/UDP & TCP MiraCast  
  • Chromecast Protocol:
Port Protocol Notes
5353/UDP MDNS  
8008/TCP WebSocket  
8009/TCP Chromecast  
49400 - 49459/UDP RTP + RTCP  

 

MDM - Mobile Device Management application 

There are two areas to be considered for network requirement

  • Browser Side = MDM web portal that the Agent Side communicates to.
  • Clevertouch Android Agent = The service running on the Clevertouch Android Module, which communicates to the Browser Side.

User access to the web browser

Clevertouch display android agent :

  • MDM Application Server: https://clevertouch.glbth.com
  • https://*.glbth.com (Port: 443 & dynamic IP)
  • Streaming protocol servers: https://*.glbth.com (Port: 443 & dynamic IP)
  • Push notification system: primary: Port 443 to clevertouch.glbth.com or preferably *.glbth.com
  • Secondary: Should the primary fail or be too slow, it uses Google's Firebase Cloud Messaging (FCM); for completeness of setup, please read the following and allow the three ports to all public IPs or just the Google ASN range listed below.

 

The ports to open are 5228, 5229, and 5230. GCM typically only uses 5228, but it sometimes uses 5229 and 5230.

Google ASN:

  • 104.132.0.0/23
  • 104.132.11.0/24
  • 104.132.141.0/24
  • 104.132.34.0/24
  • 104.132.5.0/24
  • 104.132.51.0/24
  • 104.132.7.0/24
  • 104.132.8.0/24
  • 104.133.0.0/24
  • 104.133.2.0/23

CleverLive & Clevertouch Security and Privacy

Clevertouch provides digital signage solutions for every business sector, from primary schools and small businesses to universities and major corporations.
The digital signage requirements of such a large user base are varied, as are the security concerns when adding Media Players (or any third-party device) to a customer network.

There are many solutions to potential security concerns:

  • Most secure but least recommended: A stand-alone system not connected to the customer’s network.
    While effective, this removes the key advantage of updating sales or communication messages across the business instantly.

Clevertouch solutions are built on the Microsoft Windows operating system, allowing them to:

  • Be easily added to networks using standard procedures.

  • Connect automatically using DHCP in most networks.

  • Allow network administrators to apply standard security policies (e.g., adding the player to a domain).
    ➔ Important: Admins must follow Clevertouch's recommended procedures to ensure 24/7 signage operation (e.g., disabling screen savers or auto-sleep functions).

  • Be added to VLANs, WANs, connected over VPNs, or configured per IT team preferences.

CleverLive Advantages

Advantages of using a CleverLive cloud-connected digital signage system:

  • Ease of use

  • Simple scalability to larger networks

  • Management across multiple geographic sites

  • Clevertouch-managed maintenance

  • Automated software updates

  • Global access

The very low cost of controlling a network via CleverLive means the only reason not to use it would be specific security concerns around cloud-based solutions.

CleverLive Methodology

The widespread adoption of cloud services (e.g., Office 365, Dropbox, OneDrive, Salesforce) shows that well-designed cloud solutions are trusted for business data.

CleverLive works similarly:

  1. Upload digital signage channels, images, and messages to CleverLive.

  2. Clevertouch players connect to your CleverLive account and download the uploaded content.

  3. Log in to your CleverLive control panel to assign content to specific screens.

Simple, reliable, and efficient.

Account Security Settings

IP Whitelisting

CleverLive supports IP whitelisting to lock account access to specified IP addresses.
Even users with valid credentials cannot log in unless accessing from an approved device.

Multi-Factor Authentication (MFA / 2FA)

CleverLive supports multiple security levels:

  • Level 1: Username + password

  • Level 2: Username + password + IP address locking

  • Level 3: Username + password + MFA

  • Level 4: Username + password + MFA + IP address locking

Player Connectivity & Content Download Security

Each player:

  • Stores downloaded content locally (no constant streaming needed).

  • Continues operating even if the internet fails (no new updates during outages).

Secure connection process:

  • Players use 2048-bit SSL encryption for communication.

  • On first connection, a unique 8-digit PIN is generated and exchanged for an OAuth 2.0 authentication token.

  • After token creation, the PIN is deleted permanently.

  • All communications validate the OAuth token.

  • No unsolicited inbound internet connections — players initiate all communications.

  • Long-polling allows real-time status updates and almost instantaneous player reactions.

If a player is removed from an account, the token is invalidated immediately.

Firewall Requirements:
Ports 80 (HTTP) and 443 (HTTPS) must be open.
Details on server IP addresses can be found here.

Additional Device Information

CM Pro

As an Android 9 device, the CM Pro supports 802.1x authentication using:

  • EAP method: PEAP

  • Phase 2 auth: MSCHAPv2

Live Rooms

In Live Rooms, MFA/2FA access is a privileged operation requiring admin approval — especially when booking delegates need connection rights.

User Content Upload Options

Users can upload content via:

  1. Web Browser (Managing network and uploading content).

  2. ImageFlyer Cloud Master (Clevertouch's Windows desktop application for custom signage).

Managing the Signage Network via Browser

  • Users log into their CleverLive account via a secure HTTPS connection.

  • All passwords are hashed — not stored in plain text.

  • Strong password policies are recommended (minimum 6 characters).

  • Admins can create sub-user accounts with limited privileges to avoid sharing admin credentials.

Creating & Uploading via ImageFlyer Cloud Master

  • Users design custom signage zones directly on their Windows desktops.

  • When publishing, all assets are securely uploaded to CleverLive using 2048-bit SSL encryption.

  • First-time login uses encrypted username/password to obtain an OAuth token for future communications.

  • Firewall Requirement: Open ports 80 and 443.

  • Firewall and server info available here.

Note:
ImageFlyer Cloud Master does not include firewall diagnostics.

Data Storage

  • All customer data is stored on dedicated servers in Germany (EU).

  • Daily backups are performed, but customers must retain their own critical media backups.

  • Every player also holds a copy of its assigned data as a local backup.

Privacy Considerations

Digital signage is typically not used for highly sensitive or confidential information.

  • Example: A hospital may use screens to call patients into clinics, but not to display personal medical details.

  • Content should be appropriate for public, office, retail, or educational spaces where displays are designed to attract attention.

Related articles

Comments

0 comments

Please sign in to leave a comment.