This document presents a list of network ports on which communication of particular functionalities of VERTEX controllers takes place. In order for all functionalities to work correctly, you must ensure proper network rules for controllers.
Internal network (LAN)
Operator stations and all VERTEX controllers in the local area network must be set up according to the following rules.
Outbound to GLAMOX infrastructure (remote)
For proper operation of Glamox remote access and maintenance, it is required to allow outgoing traffic in accordance with the following rules.
Default policy
deny (incoming), allow (outgoing), deny (routed)
Opened ports
TO | Action | From | Desc | Local/remote |
|---|---|---|---|---|
22/tcp | ALLOW IN | Anywhere | ssh | local |
8080/tcp | ALLOW IN | Anywhere | swupdate* | local |
127.0.0.1 8080/tcp | ALLOW IN | 127.0.0.1 | dnsmasq local | local |
5269/tcp | ALLOW IN | Anywhere | prosody | local |
1880/tcp | ALLOW IN | Anywhere | nodered | local |
1883/tcp | ALLOW IN | Anywhere | mosquitto* | local |
30333/tcp | ALLOW IN | Anywhere | ndiscovery_bot | local |
5280/tcp | ALLOW IN | Anywhere | prosody | local |
5222/tcp | ALLOW IN | Anywhere | prosody | local |
80/tcp | ALLOW IN | Anywhere | lighttpd | local |
127.0.0.1 53/udp | ALLOW IN | 127.0.0.1 | dnsmasq local | local |
30005/udp | ALLOW IN | Anywhere | ndiscovery_bot beacon | local |
1194/tcp | ALLOW IN | Anywhere | VPN | remote |
443/tcp | ALLOW IN | Anywhere | https | local |
502/tcp | ALLOW IN | Anywhere | modbus | local |
30500-30600/tcp | ALLOW IN | Anywhere | Free TCP ports for our usage | local |
9993/tcp | ALLOW IN | Anywhere | remote support | remote |
22/tcp (v6) | ALLOW IN | Anywhere (v6) | ssh | local |
8080/tcp (v6) | ALLOW IN | Anywhere (v6) | swupdate* | local |
5269/tcp (v6) | ALLOW IN | Anywhere (v6) | prosody | local |
1880/tcp (v6) | ALLOW IN | Anywhere (v6) | nodered | local |
1883/tcp (v6) | ALLOW IN | Anywhere (v6) | mosquitto* | local |
30333/tcp (v6) | ALLOW IN | Anywhere (v6) | ndiscovery_bot | local |
5280/tcp (v6) | ALLOW IN | Anywhere (v6) | prosody | local |
5222/tcp (v6) | ALLOW IN | Anywhere (v6) | prosody | local |
80/tcp (v6) | ALLOW IN | Anywhere (v6) | lighttpd | local |
30005/udp (v6) | ALLOW IN | Anywhere (v6) | ndiscovery_bot beacon | local |
1194/tcp (v6) | ALLOW IN | Anywhere (v6) | VPN | remote |
443/tcp (v6) | ALLOW IN | Anywhere (v6) | https | local |
502/tcp (v6) | ALLOW IN | Anywhere (v6) | modbus | local |
30500-30600/tcp(v6) | ALLOW IN | Anywhere (v6) | Free TCP ports for our usage | local |
9993/tcp(v6) | ALLOW IN | Anywhere (v6) | remote support | remote |
*Marked ports are not available in Vertex 2. They are used only with Vertex 3.
Detailed external service description
Source | Destination | Protocol | Port | Security | Description |
|---|---|---|---|---|---|
VERTEX access for Glamox | |||||
ANY VERTEX (Static IP Address) | HTTPS | 443 | TLS1.0AES256 RSA2048 | Initial authorization of VERTEX in SLS service Sending compressed logs to the SLS service. At the request of the SLS operator. | |
ANY VERTEX (Static IP Address) | MQTT 3.1 | 1883 | TLS1.2AES256 RSA2048 | Continuous connection, updating the luminaire and control units status | |
ANY VERTEX (Static IP Address) | ANY | OpenVPN 2.3.2 -2.4.7 | 1194 | TLS 1.0AES256 RSA2048 | Outgoing connection: SLS-VPN. Operated during service work after detecting a failure. At the request of the SLS operator. |
Automatic time synchronisation in Vertex (optional, the device has a RTC clock) | |||||
ANY VERTEX (Static IP Address) | 0.debian.pool.ntp.org 1.debian.pool.ntp.org 2.debian.pool.ntp.org 3.debian.pool.ntp.org | NTP | 123 | - | Increasing the accuracy of the clock in VERTEX If necessary, it is possible to set the NTP time server in the internal network infrastructure. For this purpose, individual configuration of each VERTEX over SSH by Glamox is needed. |
Add Comment