This documentation is for older software versions (up to 3.1.29). If you have software version 3.1.30 or higher, go to MODERN Home |
---|
(Classic) Network requirements
This document presents a list of network ports on which communication of particular functionalities of VERTEX controllers takes place. In order for all functionalities to work correctly, you must ensure proper network rules for controllers.
Internal network (LAN)
Operator stations and all VERTEX controllers in the local area network must be set up according to the following rules.
Outbound to GLAMOX infrastructure (remote)
For proper operation of Glamox remote access and maintenance, it is required to allow outgoing traffic in accordance with the following rules.
Default policy
deny (incoming), allow (outgoing), deny (routed)
Opened ports
TO | Action | From | Desc | Local/remote |
---|---|---|---|---|
22/tcp | ALLOW IN | Anywhere | ssh | local |
8080/tcp | ALLOW IN | Anywhere | swupdate* | local |
127.0.0.1 8080/tcp | ALLOW IN | 127.0.0.1 | dnsmasq local | local |
5269/tcp | ALLOW IN | Anywhere | prosody | local |
1880/tcp | ALLOW IN | Anywhere | nodered | local |
1883/tcp | ALLOW IN | Anywhere | mosquitto* | local |
30333/tcp | ALLOW IN | Anywhere | ndiscovery_bot | local |
5280/tcp | ALLOW IN | Anywhere | prosody | local |
5222/tcp | ALLOW IN | Anywhere | prosody | local |
80/tcp | ALLOW IN | Anywhere | lighttpd | local |
127.0.0.1 53/udp | ALLOW IN | 127.0.0.1 | dnsmasq local | local |
30005/udp | ALLOW IN | Anywhere | ndiscovery_bot beacon | local |
1194/tcp | ALLOW IN | Anywhere | VPN | remote |
443/tcp | ALLOW IN | Anywhere | https | local |
502/tcp | ALLOW IN | Anywhere | modbus | local |
30500-30600/tcp | ALLOW IN | Anywhere | Free TCP ports for our usage | local |
9993/tcp | ALLOW IN | Anywhere | remote support | remote |
22/tcp (v6) | ALLOW IN | Anywhere (v6) | ssh | local |
8080/tcp (v6) | ALLOW IN | Anywhere (v6) | swupdate* | local |
5269/tcp (v6) | ALLOW IN | Anywhere (v6) | prosody | local |
1880/tcp (v6) | ALLOW IN | Anywhere (v6) | nodered | local |
1883/tcp (v6) | ALLOW IN | Anywhere (v6) | mosquitto* | local |
30333/tcp (v6) | ALLOW IN | Anywhere (v6) | ndiscovery_bot | local |
5280/tcp (v6) | ALLOW IN | Anywhere (v6) | prosody | local |
5222/tcp (v6) | ALLOW IN | Anywhere (v6) | prosody | local |
80/tcp (v6) | ALLOW IN | Anywhere (v6) | lighttpd | local |
30005/udp (v6) | ALLOW IN | Anywhere (v6) | ndiscovery_bot beacon | local |
1194/tcp (v6) | ALLOW IN | Anywhere (v6) | VPN | remote |
443/tcp (v6) | ALLOW IN | Anywhere (v6) | https | local |
502/tcp (v6) | ALLOW IN | Anywhere (v6) | modbus | local |
30500-30600/tcp(v6) | ALLOW IN | Anywhere (v6) | Free TCP ports for our usage | local |
9993/tcp(v6) | ALLOW IN | Anywhere (v6) | remote support | remote |
*Marked ports are not available in Vertex 2. They are used only with Vertex 3.
Detailed external service description
Source | Destination | Protocol | Port | Security | Description |
---|---|---|---|---|---|
VERTEX access for Glamox | |||||
ANY VERTEX (Static IP Address) | HTTPS | 443 | TLS1.0AES256 RSA2048 | Initial authorization of VERTEX in SLS service Sending compressed logs to the SLS service. At the request of the SLS operator. | |
ANY VERTEX (Static IP Address) | MQTT 3.1 | 1883 | TLS1.2AES256 RSA2048 | Continuous connection, updating the luminaire and control units status | |
ANY VERTEX (Static IP Address) | ANY | OpenVPN 2.3.2 - 2.4.7 | 1194 | TLS 1.0AES256 RSA2048 | Outgoing connection: SLS-VPN. Operated during service work after detecting a failure. At the request of the SLS operator. |
Automatic time synchronisation in Vertex (optional, the device has a RTC clock) | |||||
ANY VERTEX (Static IP Address) | 0.debian.pool.ntp.org 1.debian.pool.ntp.org 2.debian.pool.ntp.org 3.debian.pool.ntp.org | NTP | 123 | - | Increasingthe accuracy of the clock in VERTEX If necessary, it is possible to set the NTP time server in the internal network infrastructure. For this purpose, individual configuration of each VERTEX over SSH by Glamox is needed. |
TROUBLESHOOTING
Main WebApplication
The user interface and access to system functionality:
Displaying information from individual modules/luminaires, monitoring
Triggering actions on devices in the system
Communication with a user who is on the same network through the website page
Consequences resulting from lack of access to the service:
Lack of possibility to monitor the system
No possibility to trigger any actions in the system
LogicEditor WebApplication
Logic editing interface of the lighting system:
Graphical logic editor of lighting system operation
Using it to create a logic of the lighting system
Communication with a user who is on the same network through the website page
Consequences resulting from lack of access to the service:
Lack of possibility to adapt the logic of the lighting system operation
VERTEX2VERTEX InternalMessageBUS
Service launched on VERTEX control units that are in the same local network, responsible for:
exchange of messages between VERTEX control units
synchronization of data between VERTEX control units
Consequences resulting from lack of access to the service:
Total lack of control on lighting devices
VERTEX-DISCOVERY NeighbourhoodDISCO
The service is used to communicate with the netconfig application. The application is used for the initial configuration of VERTEX control units. The configuration is made once during the system setup or in emergency situations that require service.Enables changing:
The group in which Vertex works (1-8 or ungrouped)
The default gateway for each selected group
Subnets for each of the selected groups
DNS for each selected group
IP address for each device
Consequences resulting from lack of access to the service:
It is impossible to correctly start the VERTEX controller (change network parameters, remember addresses of modules/luminaires)
SSH-port
Service that allows direct service access to the VERTEX controllers. Login and access only by Glamox.
Consequences resulting from lack of access to the service:
There is no possibility to carry out service work remotely.
ServicePort
The service is used for local failure diagnostics. Login and access only by Glamox.
The consequences resulting from lack of access to the service:
There is no possibility to carry out service work remotely.