Network requirements
- Katarzyna Stodolny
- Joanna Kozakiewicz
- Sylwester MÄ…cznik
Here you can find a list of network ports for different types of communication with Vertex. You must ensure the network infrastructure is set up correctly for this to work.
Internal network (LAN)
The work stations and all VERTEX controllers must be set up according to the schematic.
Outbound to GLAMOX infrastructure (remote)
Glamox remote access and maintenance requires that all outgoing traffic is allowed.
Default policy
Incoming | DENY |
|---|---|
Outgoing | ALLOW |
Routed | DENY |
Opened ports
TO | Action | From | Desc | Local/remote |
|---|---|---|---|---|
22/tcp | ALLOW IN | Anywhere | ssh | local |
8080/tcp | ALLOW IN | Anywhere | swupdate* | local |
127.0.0.1 8080/tcp | ALLOW IN | 127.0.0.1 | dnsmasq local | local |
5269/tcp | ALLOW IN | Anywhere | prosody | local |
1880/tcp | ALLOW IN | Anywhere | nodered | local |
1883/tcp | ALLOW IN | Anywhere | mosquitto* | local |
30333/tcp | ALLOW IN | Anywhere | ndiscovery_bot | local |
5280/tcp | ALLOW IN | Anywhere | prosody | local |
5222/tcp | ALLOW IN | Anywhere | prosody | local |
80/tcp | ALLOW IN | Anywhere | lighttpd | local |
127.0.0.1 53/udp | ALLOW IN | 127.0.0.1 | dnsmasq local | local |
30005/udp | ALLOW IN | Anywhere | ndiscovery_bot beacon | local |
1194/tcp | ALLOW IN | Anywhere | VPN | remote |
443/tcp | ALLOW IN | Anywhere | https | local |
502/tcp | ALLOW IN | Anywhere | modbus | local |
30500-30600/tcp | ALLOW IN | Anywhere | Free TCP ports for our usage | local |
9993/tcp | ALLOW IN | Anywhere | remote support | remote |
22/tcp (v6) | ALLOW IN | Anywhere (v6) | ssh | local |
8080/tcp (v6) | ALLOW IN | Anywhere (v6) | swupdate* | local |
5269/tcp (v6) | ALLOW IN | Anywhere (v6) | prosody | local |
1880/tcp (v6) | ALLOW IN | Anywhere (v6) | nodered | local |
1883/tcp (v6) | ALLOW IN | Anywhere (v6) | mosquitto* | local |
30333/tcp (v6) | ALLOW IN | Anywhere (v6) | ndiscovery_bot | local |
5280/tcp (v6) | ALLOW IN | Anywhere (v6) | prosody | local |
5222/tcp (v6) | ALLOW IN | Anywhere (v6) | prosody | local |
80/tcp (v6) | ALLOW IN | Anywhere (v6) | lighttpd | local |
30005/udp (v6) | ALLOW IN | Anywhere (v6) | ndiscovery_bot beacon | local |
1194/tcp (v6) | ALLOW IN | Anywhere (v6) | VPN | remote |
443/tcp (v6) | ALLOW IN | Anywhere (v6) | https | local |
502/tcp (v6) | ALLOW IN | Anywhere (v6) | modbus | local |
30500-30600/tcp(v6) | ALLOW IN | Anywhere (v6) | Free TCP ports for our usage | local |
9993/tcp(v6) | ALLOW IN | Anywhere (v6) | remote support | remote |
Ports marked green are for remote connection (Cloud, support).
All other ports are for internal communication (Vertex to Vertex) and are set by default.
Detailed external service description
Use these ports for the following type of access.
Source | Destination | Protocol | Port | Security | Description |
|---|---|---|---|---|---|
VERTEX access for Glamox | |||||
ANY VERTEX (Static IP Address) | HTTPS | 443 | TLS1.0AES256 RSA2048 | Initial authorization of VERTEX in SLS service Sending compressed logs to the SLS service. At the request of the SLS operator. | |
ANY VERTEX (Static IP Address) | MQTT 3.1 | 1883 | TLS1.2AES256 RSA2048 | Continuous connection, updating the luminaire and control units status | |
ANY VERTEX (Static IP Address) | ANY | OpenVPN 2.3.2 -2.4.7 | 1194 | TLS 1.0AES256 RSA2048 | Outgoing connection: SLS-VPN. Operated during service work after detecting a failure. At the request of the SLS operator. |
Automatic time synchronisation in Vertex (optional, the device has a RTC clock) | |||||
ANY VERTEX (Static IP Address) | 0.debian.pool.ntp.org 1.debian.pool.ntp.org 2.debian.pool.ntp.org 3.debian.pool.ntp.org | NTP | 123 | - | Increasing the accuracy of the clock in VERTEX If necessary, it is possible to set the NTP time server in the internal network infrastructure. For this purpose, individual configuration of each VERTEX over SSH by Glamox is needed. |
For more information go to: