groov Manage.
Thanks
groov Manage.
Thanks
I’m going to add on to this (I think it’s related).
The original groov AT1 had ports 443 and 8443 available for port forward WAN access. I tried setting up 8443 on the EPIC and it doesn’t work. Am I missing something? Our Sonic Wall is not happy with the EPIC and won’t allow the connection…
Ah, yeah… about that… Its a bug.
The good news is that right now the fix is going through our QA process and is due for release next week.
Version 1.3.1 will have this bug fix and a few others.
Got it. growing pains…
Just to be clear, the bug is port forwarding did not resolve correctly to port 443.
Port 8443 does not have anything listening, so will never connect.
Since groov EPIC is not a router, you can not do port forwarding on it (In other words, there is no way on the EPIC to port forward from 8443 to 443).
Once the release is out (hopefully this week) you will be able to access port 443 from outside the network.
If you need 8443, you will need to do a port forward on your router to 443 on the EPICs IP address.
What in the world is the firewall port setup good for then?
8443 was available on the AT1 and is a less common port (security by obscurity). Why is it not available on the EPIC?
So it sounds like you are asking for a new feature request?
‘Please add port 8443 to 443 for groov View’
(Or something like that)
I don’t know. I’m admittedly not a network guru, so excuse the ignorance, but what is the purpose of being able to open a port in the firewall if not to allow it to listen for devices on that port?
Your right, the firewall is there to open and close ports for the different services.
It helps keep your entire groov EPIC device more secure because you are in control of the ports on the firewall. For example, port 502, Modbus is not encrypted, or authenticated, so it could quite rightly be considered a security risk. So for best practices, if you are not using it, close the port to that listening service by using the firewall controls built into groov Manage.
The challenge you face is a little different from the function of a firewall. You want to be able to nominate what port numbers a service is listening on.
So, to use our Modbus example, rather than 502, you want it to listen on port 2202. That’s not what a firewall does, it does not do port forwarding, that’s the function of a router… it just so happens that most routers have firewalls built in and so its easy to get the function of the two devices mixed up a bit.
groov Manage does not allow you to arbitrarily change the port numbers of listening services.
In your case, you want to add a listening service on port 8443 and you want to nominate the service to be groov View.
Another person may want MQTT to listen on port 8443, then what?
I must admit that its a bit ‘odd’ that we have chosen to do it on one product, but not another.
Let me reach out to the right people and see what I can find out.
This is probably the feature request here. To be able to change the listening port (not forwarding) to various services. Of course putting two services on the same port would not work.
nickvnlr, I’m not sure why your Sonicwall won’t allow you to connect to the epic at 443. Are trying to connect to the Sonicwalls public IP at 443 to get to the epic? That won’t work since the Sonicwall itself normally listens on 443.
As Beno mentioned, you will need to setup a port forward on the Sonicwall so it forwards 8443 (or whatever port you want) to the EPICs 443. You could also move the Sonicwalls listening port to something other than 443 (probably not the best idea if other people expect the Sonicwall to be at that port) and then use that to forward to EPIC. There is also the option of setting up virtual IPs on the Sonicwall (if you have more than one public IP) so that the Sonicwall and the EPIC could be listening on 443 at different IP addresses.
The Sonicwall interface makes this more complicated than it needs to be, but it is well documented: https://www.sonicwall.com/support/knowledge-base/170503477349850/
So what’s the point of being able to add new rules/ports if anything other than the pre-assigned ports essentially does nothing?
Its for this;
If you add a listening service that you want to allow others outside of the firewall to access, you need to be able to ‘Add Port’.
That button is the key.
EDIT. A little more info; Having shell (SSH) access allows you to spin up more listening services, you will need to be able to open firewall ports for those services. Add Rule is how you do that.
I still think it’s crazy. My Network/IT consultant thought the same thing I did. He pointed me to the documentation regarding this. Perhaps the documentation needs to be clarified for this?
Can you point me to that documentation please?
Outside port is something completely different (621xx) All I know is, it (groov view android app or trying to pull it up on a PC browser) worked fine with AT1 using 8443 and now the EPIC does not. Not with the sonic wall set to 443 or 8443.
Yes, this is the expected behavior. So, it is the desired feature.
It already blocks ports/won’t allow them to be set that are already in use.
That was where all this started /smile/. Its a bug that we know about that EPIC does not respond to port forwards on 443.
The patch (1.3.1) is currently working its way though QA and it is looking good for very soon.
The EPIC not listening on 8443 is a totally different issue.
Really (really really) don’t want this request to get lost… Please point it out to us here at Opto so we can review it.
Thanks.
