Setting up Sync thing in a highly redistricted Environment

I need to deploy syncthing within my corporate network. The corporate network is setup to implicit deny all URLs unless required. soI have to whitelist the URLs and ports that are required. I have gone through the syncthing documentation and whitelisted the follwoing below on Sophos XG

tcp:// quic://

Still cant establish connectivity with a remote syncthing client with out any firewall restrictions

Please Help

You need to permit connections to the discovery servers.

Then, do you need to connect to a Syncthing outside the firewall? If so you need to permit the outgoing connection to that device, or to a relay server. If it’s just on the inside of the firewall you should be fine as-is.

Yes i need to connect to syncthing outside the firewall. how do i permit connections to the discovery servers?

It’s your firewalls, so you should know that. Discovery just uses http.

Can you provide the URL ports and IP’s i need to allow please ?

The discovery servers are contacted via HTTPS (that is TCP on port 443)

Hostnames are:

See also these doc pages [1] [2].

1 Like

Thanks i also need the URL and ports to allow over my corporate firewall to connect to a remote syncthing device using a relay server

Relays are not http so there are no urls, ports are also not fixed as these are chosen by users providing the relay, so it can be anything. By default it’s 22067, but some provide it on 443, some provide on some other random port.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.