SSW Connector Network Requirements

  • 1 minute(s) read
Prev Next

Overview

To ensure the Splashtop Secure Workspace (SSW) Connector operates correctly, the connector must be able to establish outbound connections to SSW control plane services over the internet.

These connections are required for:

  • Secure tunnel establishment (WSS / TLS)
  • Authentication and policy retrieval
  • Continuous heartbeat and session maintenance

Required Outbound Access

Protocols

  • HTTPS / TLS (TCP 443)
  • Custom service port (TCP 9202)

Domains

Please allow outbound access to:

*.ssw.splashtop.com

IP Whitelist (Optional)

If your environment requires IP-based whitelisting instead of domain-based access, please allow outbound traffic to the following IP addresses:

1. Frankfurt, Germany

  • 3.125.253.149

2. London, England

  • 18.134.83.41

3. Portland, Oregon (US West)

  • 34.214.143.29
  • 54.186.190.77
  • 44.231.56.172

4. Ashburn, Virginia (US East)

  • 44.207.232.94
  • 52.0.11.97
  • 52.3.102.109

5. Hong Kong, China

  • 16.163.212.3
  • 18.166.200.243
  • 18.162.91.235

6. Taipei, Taiwan

  • 15.220.84.77

7. Tokyo, Japan

  • 54.238.50.87
  • 52.197.209.61
  • 3.114.42.130

Firewall / Network Requirements

Must Allow

  • Outbound TCP traffic to the above domains/IPs on ports 443 and 9202
  • Long-lived connections (persistent TCP sessions)

Must NOT Block or Interfere

To ensure stable operation, avoid the following:

  • SSL/TLS inspection (MITM / Deep Packet Inspection)
  • WebSocket blocking or rewriting
  • Idle connection timeout that is too short
  • Proxy interference with WebSocket (WSS)

Proxy Considerations

If a proxy is required:

  • It must support WebSocket over TLS (WSS)
  • It must not terminate or rewrite TLS traffic
  • Authentication-based proxies may require additional configuration

Common Symptoms of Network Misconfiguration

If the above requirements are not met, you may observe:

  • i/o timeout when connecting to port 443
  • Frequent disconnections (EOF, abnormal ping)
  • Connector stuck in reconnect loop
  • Services appear discovered but are inaccessible

Verification Steps

From the connector host, you can test connectivity:

curl https://<region>.ssw.splashtop.com

or

nc -vz <IP> 443

Recommendation

For best reliability:

  • Use domain-based whitelisting (*.ssw.splashtop.com)
  • Avoid IP-only rules unless required
  • Disable SSL inspection for these destinations