Network requirements

Here you can find a list of network ports for different types of communication with Vertex. You must ensure the network infrastructure is set up correctly for this to work.

Internal network (LAN)

The work stations and all VERTEX controllers must be set up according to the schematic.

Outbound to GLAMOX infrastructure (remote)

Glamox remote access and maintenance requires that all outgoing traffic is allowed.

Default policy

Incoming

DENY

Incoming

DENY

Outgoing

ALLOW

Routed

DENY

Opened ports

TO

Action

From

Desc

Local/remote

TO

Action

From

Desc

Local/remote

22/tcp

ALLOW IN

Anywhere

ssh

local

8080/tcp

ALLOW IN

Anywhere

swupdate*

local

127.0.0.1 8080/tcp

ALLOW IN

127.0.0.1

dnsmasq local

local

5269/tcp

ALLOW IN

Anywhere

prosody

local

1880/tcp

ALLOW IN

Anywhere

nodered

local

1883/tcp

ALLOW IN

Anywhere

mosquitto*

local

30333/tcp

ALLOW IN

Anywhere

ndiscovery_bot

local

5280/tcp

ALLOW IN

Anywhere

prosody

local

5222/tcp

ALLOW IN

Anywhere

prosody

local

80/tcp

ALLOW IN

Anywhere

lighttpd

local

127.0.0.1 53/udp

ALLOW IN

127.0.0.1

dnsmasq local

local

30005/udp

ALLOW IN

Anywhere

ndiscovery_bot beacon

local

1194/tcp

ALLOW IN

Anywhere

VPN

remote

443/tcp

ALLOW IN

Anywhere

https

local

502/tcp

ALLOW IN

Anywhere

modbus

local

30500-30600/tcp

ALLOW IN

Anywhere

Free TCP ports for our usage

local

9993/tcp

ALLOW IN

Anywhere

remote support

remote

22/tcp (v6)

ALLOW IN

Anywhere (v6)

ssh

local

8080/tcp (v6)

ALLOW IN

Anywhere (v6)

swupdate*

local

5269/tcp (v6)

ALLOW IN

Anywhere (v6)

prosody

local

1880/tcp (v6)

ALLOW IN

Anywhere (v6)

nodered

local

1883/tcp (v6)

ALLOW IN

Anywhere (v6)

mosquitto*

local

30333/tcp (v6)

ALLOW IN

Anywhere (v6)

ndiscovery_bot

local

5280/tcp (v6)

ALLOW IN

Anywhere (v6)

prosody

local

5222/tcp (v6)

ALLOW IN

Anywhere (v6)

prosody

local

80/tcp (v6)

ALLOW IN

Anywhere (v6)

lighttpd

local

30005/udp (v6)

ALLOW IN

Anywhere (v6)

ndiscovery_bot beacon

local

1194/tcp (v6)

ALLOW IN

Anywhere (v6)

VPN

remote

443/tcp (v6)

ALLOW IN

Anywhere (v6)

https

local

502/tcp (v6)

ALLOW IN

Anywhere (v6)

modbus

local

30500-30600/tcp(v6)

ALLOW IN

Anywhere (v6)

Free TCP ports for our usage

local

9993/tcp(v6)

ALLOW IN

Anywhere (v6)

remote support

remote

Ports marked green are for remote connection (Cloud, support).

All other ports are for internal communication (Vertex to Vertex) and are set by default.

Detailed external service description

Use these ports for the following type of access.

Source

Destination

Protocol

Port

Security

Description

Source

Destination

Protocol

Port

Security

Description

VERTEX access for Glamox

ANY VERTEX (Static IP Address)

sls.essystem.pl

HTTPS

443

TLS1.0AES256 RSA2048

Initial authorization of VERTEX in SLS service

Sending compressed logs to the SLS service. At the request of the SLS operator.

ANY VERTEX (Static IP Address)

sls0.essystem.pl

MQTT 3.1

1883

TLS1.2AES256 RSA2048

Continuous connection, updating the luminaire and control units status

ANY VERTEX (Static IP Address)

ANY

OpenVPN 2.3.2 -2.4.7

1194

TLS 1.0AES256 RSA2048

Outgoing connection: SLS-VPN. Operated during service work after detecting a failure. At the request of the SLS operator.

Automatic time synchronisation in Vertex (optional, the device has a RTC clock)

ANY VERTEX (Static IP Address)

0.debian.pool.ntp.org 1.debian.pool.ntp.org 2.debian.pool.ntp.org 3.debian.pool.ntp.org

NTP

123

-

Increasing the accuracy of the clock in VERTEX

If necessary, it is possible to set the NTP time server in the internal network infrastructure. For this purpose, individual configuration of each VERTEX over SSH by Glamox is needed.

For more information go to: