LiquidFiles Documentation

This diagram depicts a typical deployment in a small environment where LiquidFiles has been deployed in a DMZ using the private ip address We have one internal network of and one firewall that is also the default gateway (default router) for all networks.


Network Connections

The following table outlines the network connections that the LiquidFiles requires to operate (IP addresses assumed to be as in the network diagram above).

Protocol / Function source destination port description
http(s) any 80 & 443 http and https is allowed from anywhere. This is how all files are uploaded and downloaded and all normal user interaction is via http or https.
DNS DNS server 53 (UDP) The appliance needs DNS to function properly.
email any / email relay server 25 The appliance needs to send emails, either via an email relay server or directly to the Internet.
updates any 443 The appliance downloads updates over https. Please see the table below for a list of specific URLs that are being used.
admin 222 Use specific management ip's if you can for ssh access to the appliance.
LDAP LDAP server 389/636 If LDAP authentication is enabled, the appliance needs connections to the LDAP server.
NTP any / ntp server 123 (UDP) If NTP time synchronisation is enabled, if NTP pool authentication is enabled the destination needs to be any.
Emaildrop any 25 If you have enabled Emaildrops.
FTPdrop (FTP) any 21, 44000-44100 If you have configured FTPdrops and wish to use FTP.
FTPdrop (SFTP/SCP) any 22 If you have configured FTPdrops and wish to use SFTP/SCP.

In most cases, if deployed behind a firewall or similar, you will also need to configure the firewall for address translation — translating a public address to the private address. You will also mostly certain need to configure DNS so that a published DNS points to the public ip address of the Filetransfer appliance.

Restricting outgoing https

The following table outlines all connections where LiquidFiles is using when connecting to the Internet.

Function Destination Comment
Licenses/ Updates When installing/renewing licenses, the LiquidFiles system will validate its license with the license details stored at Also, when performing updates, LiquidFiles will check available updates from
Updates Any LiquidFiles, System, AV Updates or Hotfixes will be downloaded from
Please note that is using Amazon Cloudfront (global geo-caching). You will not be able to restrict this to specific IP addresses.
GeoIP Lookups If you have enabled GeoIP lookups, the LiquidFiles system will lookup IP → GeoIP locations to
Support Info If you need to send Support Information (diagnostic information sometimes requested by LiquidFiles support), this will be sent from the LiquidFiles system to
Support Connection tcp:// If you need to enable the Support Connection (when requested by LiquidFiles support), this will establish a connection on TCP Port 443 to Please note that eventhough this is using TCP Port 443, it is not using HTTPs so if you are using any content inspecting firewall or similar, you may need to disable HTTPs checking for the support connection to be able to be established.

Version Info

The table above is accurate for LiquidFiles system v3.5 and above. In LiquidFiles v3.4 and below, random CentOS, Epel and ClamAV mirrors was used to download updates. In LiquidFiles v3.4 and below, you will not be able to restrict updates to only certain URLs. Please update to LiquidFiles v3.5 and then you can add the restrictions listed above if required.

If required, you can also configure a Proxy in Admin → System → Network and that will make all outgoing connections use the proxy instead of going direct.