Firewall guidelines for CS Professional Suite applications

Show expandable text

View as PDF

What is a firewall?

A firewall is a software application or a hardware system (such as a router or a standalone physical firewall) that acts as a shield between your computer network and the internet to enforce security policies by controlling the traffic flow of information. A firewall prevents malware and other unauthorized attempts to access your computer via your network or the internet by monitoring incoming information. It also monitors outgoing information to prevent your computer or network from sending potentially malicious content.

Thomson Reuters emphasizes the importance of working in a secure environment that includes up-to-date antivirus, antimalware, and firewall solutions when using our CS Professional Suite as well as other applications for processing and storing information for your firm and your firm's clients. Please consult with a qualified IT professional when selecting, implementing, and configuring antivirus, antimalware, and firewall solutions for your firm's network and workstations. Using an appropriate firewall is imperative for ensuring your firm's standards of software performance, stability, and data integrity.

See also: Antivirus guidelines for CS Professional Suite applications

Firewall configuration

Firewall setup considerations

CS Professional Suite applications often need to communicate over your firm's network for multiple reasons, using certain ports and executables in a manner that may not be allowed by default or that could be seen as an unauthorized attempt to access the network. Depending on the configuration of your firewall, that could prevent some features of the CS Professional Suite applications from functioning properly. To avoid problems such as network speed/performance issues, security breaches, and so forth, your firm's IT professional may need to specify certain server and workstation exceptions to your firewall configuration, and the required exceptions depend on which CS applications you use. Application-specific recommendations are detailed in this section.

Beginning with 2016 versions, CS Professional Suite applications communicate with our authentication servers to validate staff credentials. Your firewall may require you to set exceptions to specific web addresses. If so, please create exceptions for the following addresses.

  • *.thomsonreuters.com/*
  • *.tr.com
  • auth.onvio.us
  • gstatic.com

Many CS Professional Suite applications rely on CS Connect for the secure transmission of data (such as license files, application updates, PRP codes, and electronic files) between your computer or network and our secure servers. CS Connect uses the following ports, which must be open for both inbound and outbound traffic.

  • Port 80
  • Port 443 (CS Connect uses SSL for data encryption)
  • Port 8080 (CS Connect uses this port as an HTTP alternative)

Your firewall may require you to set exceptions to specific web addresses. If so, please create exceptions for the following addresses.

  • connect.creativesolutions.com
  • secureconnect.creativesolutions.com
  • csdownloads.thomsonreuters.com

Notes

  • Port configuration should be handled by your firm's qualified IT professional.
  • If your firewall requires IP addresses, open Command Prompt by choosing Start > Run and type cmd. In Command Prompt, type ping secureconnect.creativesolutions.com (to obtain the IP address for Port 443) and ping connect.creativesolutions.com (to obtain the IP address for Port 80). See the Proxy servers section below for more information about using CS Connect with a proxy server.

FileCabinet CS, Fixed Assets CS, and UltraTax CS may require firewall configuration exceptions for CS Connect and the CS Professional Suite login screen. For configuration details, please refer to the details in the CS Connect and CS Security sections above.

Accounting CS, Practice CS, Workpapers CS, and (optionally) FileCabinet CS use SQL databases. The following firewall configuration exceptions may be required, as well as the configurations in the  CS Connect and  CS Security sections above.

Server exceptions

When running on a network, these require additional configuration of the firewall to allow workstations to communicate properly with Microsoft SQL Server. The following port and program exceptions are required:

Ports Program exceptions
TCP Port 1433 sqlservr.exe
UDP Port 1434 sqlbrowser.exe

Note: For more details, see Windows Firewall configuration for SQL-based applications in the CS Professional Suite (applicable only for Accounting CS, Practice CS, Workpapers CS, and FileCabinet CS).

Outbound program exceptions

If the workstations that will access our SQL-based applications use a firewall that runs locally (such as Windows Firewall), outbound program exceptions may also be needed. On those workstations, allow connections in the firewall for the following local executables, as applicable for your firm:

  • Accounting CS
    C:\Program Files\Creative Solutions\Accounting CS\AccountingCS.exe
    On a 64-bit operating system: C:\Program Files (x86)\Creative Solutions\Accounting CS\AccountingCS.exe
  • Practice CS
    C:\Program Files\Creative Solutions\Practice CS\[version]\CreativeSolutions.Practice.exe
    On a 64-bit operating system: C:\Program Files (x86)\Creative Solutions\Practice CS\[version]\ CreativeSolutions.Practice.exe
  • Workpapers CS (if installed as a standalone application without Accounting CS) C:\Program Files\Creative Solutions\Workpapers CS\WorkpapersCS.exe
    On a 64-bit operating system: C:\Program Files (x86)\Creative Solutions\Workpapers CS\WorkpapersCS.exe

Port setup

To launch our CS Professional Suite applications in the Virtual Office CS or SaaS environment, you need both an internet connection and Citrix. See Ports used on Virtual Office CS for a list of ports.  

Some internet service providers (ISPs) use firewalls that block certain ports by default. If you are not able to connect to our applications in the Virtual Office CS or SaaS environment, try using an alternate port:

  1. In the NetStaff CS tab of the navigation pane, click the Applications link. (If you do not see that link, you do not have access to applications through Virtual Office CS or SaaS.)
  2. In the Setup menu near the upper-right corner of the screen, mark the Use Alternate Port checkbox.

Note: When you use an alternate port to access Virtual Office CS or SaaS applications, you need to open port TCP 1494.

Executables

In some cases, your firewall may be preventing executables from your locally installed Citrix client from communicating properly with our servers. The following Citrix executables should have outbound program exceptions configured in your workstation's firewall settings:

File Location File Name
C:\Program Files (x86)\Citrix\ICA Client concentr.exe
wfcrun32.exe
wfica32.exe
CtxTwnPA.exe
C:\Program Files (x86)\Citrix\SelfServicePlugin SelfService.exe
SelfServicePlugin.exe
C:\Program Files (x86)\Citrix\Receiver Receiver.exe

Proxy servers

A proxy server is a computer or application that acts as an intermediary between your CS applications and the internet - to monitor traffic, to filter data, to cache web pages, and so on.

For CS Professional Suite applications that run in the Virtual Office CS or SaaS environment

Due to the wide range of proxy servers and configurations, the functionality of our applications running in the Virtual Office CS or SaaS environment cannot be guaranteed when accessed via proxy servers, and your results with application performance and stability could vary. Please consult with your firm's qualified IT professional if you require further assistance.

If your firm uses a proxy server to access CS Professional Suite applications in the Virtual Office CS or SaaS environment, make sure that the required ports and IP ranges (specified in the Firewall configuration section above) are open. If you are still unable to connect successfully, you should attempt to launch our applications outside of the proxy server environment.

For locally installed CS Professional Suite applications

At this time, CS Professional Suite applications can transmit data via CS Connect using a proxy server. However, there are many different types of proxy servers and various possible configurations within each proxy server environment. We have listed some setup guidelines below, but contact your firm's qualified IT professional if you require further assistance with that setup.

If you are unsuccessful in transmitting information via CS Connect when using a proxy server, try the following troubleshooting steps.

  • Run the test connection. Click the CS Connect button on the toolbar of your CS Professional Suite application, click the Communications Setup button, and then click the Test Connection button. If any test fails, continue through this list of troubleshooting steps to correct the connection issue.
  • Verify the proxy settings specified for CS Connect. Click the CS Connect button on the toolbar of your CS Professional Suite application, click the Communications Setup button, and then click the Proxy Settings button. Verify that the address and port listed in the Proxy Setup dialog are exactly the same as those listed for your internet browser.
  • Respond to a "403 - Authentication is invalid" (or similar) error message. Click the CS Connect button on the toolbar of your CS Professional Suite application, click the Communications Setup button, click the Proxy Settings button, and clear the Proxy Authentication checkbox. This could be an option that you have marked but don't need because that feature is not set up on your proxy server. However, if you are certain that you use proxy authentication, then you need to verify your network username and password with your network administrator, or try using another username and password (possibly the administrator's).
  • Verify the settings for required ports. Verify that Port 80 (connect.creativesolutions.com) and Port 443 (secureconnect.creativesolutions.com) are open for both inbound and outbound traffic.
  • Determine whether certain firewall and internet security applications interfere with your access to CS Connect. Check to see whether any antivirus programs, spyware, or popup blockers are installed on your workstation; these software applications could prohibit a proxy connection. If any of these are installed, disable them temporarily when attempting to access CS Connect.

Configuration of commonly used firewall products

Thomson Reuters does not endorse a specific firewall vendor or product. If you require additional assistance to configure your firm's firewall, please contact your vendor. Listed below are links to the website support pages for some commonly used firewall vendors.

External link What's this?
This icon appears alongside links to resources that are not developed or maintained by Thomson Reuters. We provide access to these resources for your convenience, but we are not responsible for their accuracy. If you need additional assistance, please consult your qualified technician and/or the vendor who developed the resource.

Was this article helpful?

Thank you for the feedback!