Nearest I can figure the wonderful feature that I assume is so quirky because of the way the certs work, requires some capability for Plex HQ to initiate talk to my server over the selected port. I assume this as I think when I enable blocking based on geo location, Plex sharing becomes unavailable even in the locations that are not geo blocked.
It seems that Plex is wanting to communicate from Amazon data centre of various countries according to my firewall logs.
However I’m not yet 100% sure, but i’m Sure suddenly having issues with it sharing outside my network. Can anyone from Plex comment around the architecture of how Plex confirms active connection of e.g. port 32400?
Thanks.
Plex uses a whole network of various cloud servers, distributed around the world to provide the functionality of plex.tv.
The majority of these servers is sitting indeed in Amazon AWS data centers, often in Ireland. But there are also servers in other geographical regions, to provide better connectivity in the various continents/countries.
Thanks I had noted amazon traffic from many countries yes. So do you know if these various services require to initiate traffic to an internal server? It seems unlikely but I’d love to rule it out.
The firewall seems to indicate that indeed Plex does initiate a connection from Amazon but I’m not certain. Thanks.
Thanks.
@marshalleq said:
Thanks I had noted amazon traffic from many countries yes. So do you know if these various services require to initiate traffic to an internal server? It seems unlikely but I’d love to rule it out.
The Plex cloud will regularly request a ‘sign of life’ from your Plex server, so it can relay that info to the (remote) clients which have access permissions on your server.
Assuming the above are correct I am quite disappointed. Primarily because Plex have implemented quite a clever security architecture regarding certificates, but one that requires a downgrade in security from a GEOIP perspective. If traffic is to be expected inbound, then that absolutely should be published and defined so we can limit traffic to that. However my assumption is that this is not published. So while I have marked your answers as answered, the real intent of the question is unanswered. I want sane firewall rules that don’t require me to open everything up, just so Plex can talk to me from random places. I particularly don’t like seeing something in my logs like Africa talking to me on port 3200. Not cool.
