...
Source | Destination | Protocol | Port | Security | Description |
|---|---|---|---|---|---|
VERTEX connection with SLS service | |||||
ANY VERTEX (Static IP Address) | HTTPS | 443 | TLS1.0AES256 RSA2048 | Initial authorization of VERTEX in SLS service Sending compressed logs to the SLS service. At the request of the SLS operator. | |
ANY VERTEX (Static IP Address) | MQTT 3.1 | 1883 | TLS1.2AES256 RSA2048 | Continuous connection, updating the luminaire and control units status | |
ANY VERTEX (Static IP Address) | 80.211.241.221 | OpenVPN 2.3.2 | 1194 | TLS 1.0AES256 RSA2048 | Outgoing connection: SLS-VPN. Operated during service work after detecting a failure. At the requestof the SLS operator. |
Automatic updated of Vertex software | |||||
ANYVERTEX (Static IP Address) | HTTP | 17001 | AES256 | Cyclic control every 120 s, checking the availability of the new VERTEX software update. Downloading an encrypted package with software. | |
Automatic time synchronisation in Vertex (optional, the device has a RTC clock) | |||||
ANY VERTEX (Static IP Address) | 0.debian.pool.ntp.org 1.debian.pool.ntp.org 2.debian.pool.ntp.org 3.debian.pool.ntp.org | NTP | 123 | - | Increasingthe accuracy of the clock in VERTEX If necessary, it is possible to set the NTP time server in the internal network infrastructure. For this purpose, individual configuration of each VERTEX over SSH by authorized Glamox employeeis needed. |
Default policy
deny (incoming), allow (outgoing), deny (routed)
Opened ports
TO | Action | From | Desc |
|---|---|---|---|
22/tcp | ALLOW IN | Anywhere | ssh |
8080/tcp | ALLOW IN | Anywhere | swupdate |
127.0.0.1 8080/tcp | ALLOW IN | 127.0.0.1 | dnsmasq local |
5269/tcp | ALLOW IN | Anywhere | prosody |
1880/tcp | ALLOW IN | Anywhere | nodered |
1883/tcp | ALLOW IN | Anywhere | mosquitto |
30333/tcp | ALLOW IN | Anywhere | ndiscovery_bot |
5280/tcp | ALLOW IN | Anywhere | prosody |
5222/tcp | ALLOW IN | Anywhere | prosody |
80/tcp | ALLOW IN | Anywhere | lighttpd |
127.0.0.1 53/udp | ALLOW IN | 127.0.0.1 | dnsmasq local |
30005/udp | ALLOW IN | Anywhere | ndiscovery_bot beacon |
1194/udp | ALLOW IN | Anywhere | VPN |
443/tcp | ALLOW IN | Anywhere | https |
502/tcp | ALLOW IN | Anywhere | modbus |
30500-30600/tcp | ALLOW IN | Anywhere | Free TCP ports for our usage |
22/tcp (v6) | ALLOW IN | Anywhere (v6) | ssh |
8080/tcp (v6) | ALLOW IN | Anywhere (v6) | swupdate |
5269/tcp (v6) | ALLOW IN | Anywhere (v6) | prosody |
1880/tcp (v6) | ALLOW IN | Anywhere (v6) | nodered |
1883/tcp (v6) | ALLOW IN | Anywhere (v6) | mosquitto |
30333/tcp (v6) | ALLOW IN | Anywhere (v6) | ndiscovery_bot |
5280/tcp (v6) | ALLOW IN | Anywhere (v6) | prosody |
5222/tcp (v6) | ALLOW IN | Anywhere (v6) | prosody |
80/tcp (v6) | ALLOW IN | Anywhere (v6) | lighttpd |
30005/udp (v6) | ALLOW IN | Anywhere (v6) | ndiscovery_bot beacon |
1194/udp (v6) | ALLOW IN | Anywhere (v6) | VPN |
443/tcp (v6) | ALLOW IN | Anywhere (v6) | https |
502/tcp (v6) | ALLOW IN | Anywhere (v6) | modbus |
30500-30600/tcp(v6) | ALLOW IN | Anywhere (v6) | Free TCP ports for our usage |