Skip to main content

Network and firewall requirements for Browzwear applications

Comprehensive IT firewall and networking checklist for Browzwear (VStitcher, Lotta, Stylezone): add Amazon Root CA, whitelist Browzwear and Stylezone license servers, application domains, regional endpoints, and configure SSL inspection bypass.

IT Checklist

Add Amazon Root CA 1 to the trusted repository

Whitelisting main Browzwear Cloud License Manager server

  • accounts.browzwear.com

  • license.stylezone.com (Default, must be in the list)

  • license.stylezone.cn (China Specific)

Whitelisting regional Browzwear Cloud License Manager servers

Wildcards are preferred as these will cover future regions

  • *.stylezone.com

  • *.browzwear.com

  • *.stylezone.cn

  • *.browzwear.cn

If Wildcards are not possible, add current regions:

  1. us-east-1-license.stylezone.com

  2. eu-west-1-license.stylezone.com

  3. ap-southeast-1-license.stylezone.com

  4. license.stylezone.cn

Whitelisting Browzwear Application services

Wildcards are preferred as these will cover future services

  • *.browzwear.com

If Wildcards are not possible, add:

  • config.prd01.prod.browzwear.com (application configuration)

  • dpc.prd01.prod.browzwear.com (auto stitch)

  • libraries.browzwear.com (asset library)

  • api.browzwear.com (integrated search)

  • help.browzwear.com (help center)

  • *.support.browzwear.com (in-app help, e.g. en-us.support.browzwear.com)

  • support.browzwear.cn (Chinese help center)

Whitelisting Stylezone server

  • [yourbrand].stylezone.com (coordinate this DNS with us first)

Handling corporate proxy SSL inspection

If your organization uses a proxy that performs SSL inspection (decrypts and re-signs HTTPS traffic with a corporate CA certificate), traffic between the Browzwear applications and Browzwear cloud services may fail because the applications do not trust the corporate CA. Whitelisting the URLs above allows traffic through the firewall, but it does not prevent SSL inspection. Three options are available to address this:

  1. Bypass SSL inspection for Browzwear executables (recommended): Configure your proxy or endpoint agent (e.g. Zscaler, Palo Alto, Symantec, Forcepoint) to bypass SSL inspection for the Browzwear processes listed below. This option is the most robust as it covers all current and future Browzwear domains, including third-party resources loaded by the applications.

    1. Windows executables:

      1. VStitcher.exe Lotta.exe

      2. StylezoneConnect.exe

      3. VStitcherHtmlRenderer.exe (shared by VStitcher and Lotta)

      4. StylezoneConnectHtmlRenderer.exe

    2. macOS bundle identifiers:

      1. Main applications (installed under /Applications/Browzwear/):

        1. com.browzwear.VStitcher

        2. com.browzwear.Lotta

        3. com.browzwear.StylezoneConnect

      2. CEF helper processes (four per main app, nested inside Contents/Frameworks/):

        1. com.browzwear.VStitcherHelper, com.browzwear.VStitcherHelperRenderer, com.browzwear.VStitcherHelperGPU, com.browzwear.VStitcherHelperPlugin com.browzwear.LottaHelper, com.browzwear.LottaHelperRenderer, com.browzwear.LottaHelperGPU, com.browzwear.LottaHelperPlugin com.browzwear.StylezoneConnectHelper, com.browzwear.StylezoneConnectHelperRenderer, com.browzwear.StylezoneConnectHelperGPU, com.browzwear.StylezoneConnectHelperPlugin

    3. If your proxy agent does not support bundle identifiers, match by executable path or by code signing identity (“Browzwear Ltd”).

  2. Bypass SSL inspection for Browzwear domains: If your proxy does not support per-application bypass, configure it to bypass SSL inspection for the same domains listed in items 2–5 above (the *.browzwear.com, *.browzwear.cn, *.stylezone.com, *.stylezone.cn wildcards, plus [yourbrand].stylezone.com). Note that this option requires ongoing maintenance as new Browzwear services are added

  3. Enable the internal Browzwear proxy (per-workstation configuration): Browzwear applications support an on-workstation delivery mode in which

    outbound HTTPS requests are handled by a local Browzwear component

    (StylezoneConnect) running on the same machine. Communication between the

    Browzwear executables and StylezoneConnect is confined to the local loopback

    interface (127.0.0.1) and never leaves the workstation. StylezoneConnect then

    establishes the real outbound TLS session to Browzwear Cloud Services and

    performs full certificate validation using the workstation's system trust store, so a corporate CA that IT has already deployed to the machine is honored. No OSlevel security setting, firewall rule, or system certificate store is modified by

    enabling this mode. Configuration is per-workstation via common.ini. Full

    instructions are available in the Browzwear help center: https://help.browzwear.com/en/articles/13065056-internet-connectivityconfiguration

Related Articles
Installing Lotta or VStitcher Using a Network License
Did this answer your question?