This documentation is for older software versions (up to 3.1.29). If you have software version 3.1.30 or higher, go to MODERN Home

(Classic) Network requirements

This document presents a list of network ports on which communication of particular functionalities of VERTEX controllers takes place. In order for all functionalities to work correctly, you must ensure proper network rules for controllers.

Internal network (LAN)

Operator stations and all VERTEX controllers in the local area network must be set up according to the following rules.

Outbound to GLAMOX infrastructure (remote)

For proper operation of Glamox remote access and maintenance, it is required to allow outgoing traffic in accordance with the following rules.

Default policy

deny (incoming), allow (outgoing), deny (routed)

Opened ports

TO

Action

From

Desc

Local/remote

TO

Action

From

Desc

Local/remote

22/tcp

ALLOW IN

Anywhere

ssh

local

8080/tcp

ALLOW IN

Anywhere

swupdate*

local

127.0.0.1 8080/tcp

ALLOW IN

127.0.0.1

dnsmasq local

local

5269/tcp

ALLOW IN

Anywhere

prosody

local

1880/tcp

ALLOW IN

Anywhere

nodered

local

1883/tcp

ALLOW IN

Anywhere

mosquitto*

local

30333/tcp

ALLOW IN

Anywhere

ndiscovery_bot

local

5280/tcp

ALLOW IN

Anywhere

prosody

local

5222/tcp

ALLOW IN

Anywhere

prosody

local

80/tcp

ALLOW IN

Anywhere

lighttpd

local

127.0.0.1 53/udp

ALLOW IN

127.0.0.1

dnsmasq local

local

30005/udp

ALLOW IN

Anywhere

ndiscovery_bot beacon

local

1194/tcp

ALLOW IN

Anywhere

VPN

remote

443/tcp

ALLOW IN

Anywhere

https

local

502/tcp

ALLOW IN

Anywhere

modbus

local

30500-30600/tcp

ALLOW IN

Anywhere

Free TCP ports for our usage

local

9993/tcp

ALLOW IN

Anywhere

remote support

remote

22/tcp (v6)

ALLOW IN

Anywhere (v6)

ssh

local

8080/tcp (v6)

ALLOW IN

Anywhere (v6)

swupdate*

local

5269/tcp (v6)

ALLOW IN

Anywhere (v6)

prosody

local

1880/tcp (v6)

ALLOW IN

Anywhere (v6)

nodered

local

1883/tcp (v6)

ALLOW IN

Anywhere (v6)

mosquitto*

local

30333/tcp (v6)

ALLOW IN

Anywhere (v6)

ndiscovery_bot

local

5280/tcp (v6)

ALLOW IN

Anywhere (v6)

prosody

local

5222/tcp (v6)

ALLOW IN

Anywhere (v6)

prosody

local

80/tcp (v6)

ALLOW IN

Anywhere (v6)

lighttpd

local

30005/udp (v6)

ALLOW IN

Anywhere (v6)

ndiscovery_bot beacon

local

1194/tcp (v6)

ALLOW IN

Anywhere (v6)

VPN

remote

443/tcp (v6)

ALLOW IN

Anywhere (v6)

https

local

502/tcp (v6)

ALLOW IN

Anywhere (v6)

modbus

local

30500-30600/tcp(v6)

ALLOW IN

Anywhere (v6)

Free TCP ports for our usage

local

9993/tcp(v6)

ALLOW IN

Anywhere (v6)

remote support

remote

*Marked ports are not available in Vertex 2. They are used only with Vertex 3.

Detailed external service description

Source

Destination

Protocol

Port

Security

Description

Source

Destination

Protocol

Port

Security

Description

VERTEX access for Glamox

ANY VERTEX (Static IP Address)

sls.essystem.pl

HTTPS

443

TLS1.0AES256 RSA2048

Initial authorization of VERTEX in SLS service

Sending compressed logs to the SLS service. At the request of the SLS operator.

ANY VERTEX (Static IP Address)

sls0.essystem.pl

MQTT 3.1

1883

TLS1.2AES256 RSA2048

Continuous connection, updating the luminaire and control units status

ANY VERTEX (Static IP Address)

ANY

OpenVPN 2.3.2 - 2.4.7

1194

TLS 1.0AES256 RSA2048

Outgoing connection: SLS-VPN. Operated during service work after detecting a failure. At the request of the SLS operator.

Automatic time synchronisation in Vertex (optional, the device has a RTC clock)

ANY VERTEX (Static IP Address)

0.debian.pool.ntp.org 1.debian.pool.ntp.org 2.debian.pool.ntp.org 3.debian.pool.ntp.org

NTP

123

-

Increasingthe accuracy of the clock in VERTEX

If necessary, it is possible to set the NTP time server in the internal network infrastructure. For this purpose, individual configuration of each VERTEX over SSH by Glamox is needed.

TROUBLESHOOTING

Main WebApplication

The user interface and access to system functionality:

  • Displaying information from individual modules/luminaires, monitoring

  • Triggering actions on devices in the system

  • Communication with a user who is on the same network through the website page

Consequences resulting from lack of access to the service:

  • Lack of possibility to monitor the system

  • No possibility to trigger any actions in the system

LogicEditor WebApplication

Logic editing interface of the lighting system:

  • Graphical logic editor of lighting system operation

  • Using it to create a logic of the lighting system

  • Communication with a user who is on the same network through the website page

Consequences resulting from lack of access to the service:

  • Lack of possibility to adapt the logic of the lighting system operation

VERTEX2VERTEX InternalMessageBUS

Service launched on VERTEX control units that are in the same local network, responsible for:

  • exchange of messages between VERTEX control units

  • synchronization of data between VERTEX control units

Consequences resulting from lack of access to the service:

  • Total lack of control on lighting devices

VERTEX-DISCOVERY NeighbourhoodDISCO

The service is used to communicate with the netconfig application. The application is used for the initial configuration of VERTEX control units. The configuration is made once during the system setup or in emergency situations that require service.Enables changing:

  • The group in which Vertex works (1-8 or ungrouped)

  • The default gateway for each selected group

  • Subnets for each of the selected groups

  • DNS for each selected group

  • IP address for each device

Consequences resulting from lack of access to the service:

  • It is impossible to correctly start the VERTEX controller (change network parameters, remember addresses of modules/luminaires)

SSH-port

Service that allows direct service access to the VERTEX controllers. Login and access only by Glamox.

Consequences resulting from lack of access to the service:

  • There is no possibility to carry out service work remotely.

ServicePort

The service is used for local failure diagnostics. Login and access only by Glamox.

The consequences resulting from lack of access to the service:

  • There is no possibility to carry out service work remotely.