mountainman3520 Posted July 30, 2013 Posted July 30, 2013 Hello, I'm setting up a few ISYs for external access and working on port forwarding setup in my firewall. So far I've setup user defined external inbound ports for HTTP and HTTPS: - 51194 forwards and remaps to 80 (unsecure HTTP) - 61194 forwards and remaps to 443 (secure HTTPS) I have all outbound ports open. I plan to generally leave the port 51194/80 HTTP port forward disabled to avoid exposing my ISY to unsecure connections. What do people think of this? Better to block external HTTP connections to the ISY? Does it cause any problems to only leave 443 open? I generally like to leave the end device such as the ISY in its default state, ie configured for normal port 80 and 443, and use the port mapping feature of my router to map to the unique external ports for that device. Anyone see a problem with that? Are there any other ports that are needed by the ISY? I saw some article on portforward.com that included inbound ports 49168-49187. What are these? Are they needed for some ISY function or was that an error? Everything seems to be working via HTTP or HTTPS to open the basic ISY web based manager. But I get errors when I then try to run the java admin client over HTTPS: "Socket Open Failed java.net.SocketTimeoutException" "XML Parse Error https://.dyndns.org:61194/desc" What is causing these? Is it some timeout error? If so, what can I do to resolve it? I'd like to be able to run the full java client remotely over a secure HTTPS connection. Thanks!
mountainman3520 Posted July 30, 2013 Author Posted July 30, 2013 Another piece of information, I can launch the java client via HTTPS and it seems to load correctly, albeit slowly. The ISY admin app window opens and looks normal, but after around 30 seconds, instead of properly prompting for user login credentials, instead I get two popup error boxes containing the messages listed in the prior post. I can clear the messages and navigate around the ISY admin app screen but it is mostly blank, not showing anything from my ISY and only some of the top menus are populated. Logging in to the ISY externally via HTTP works perfectly, including loading the java client. So the problem is unique to external HTTPS with the java gui. I tried to check the certificates but the menu choice doesn't work right. Instead of opening a window to configure certificates, it opens a PDF file from here: http://www.universal-devices.com/docs/I ... 0Guide.pdf This file contains instructions for setting up networking, except that it looks like it is out of date. The photos of the configuration menus do not match what my ISY displays. I can't find the menu containing license settings.
Michel Kohanim Posted July 31, 2013 Posted July 31, 2013 Hello mountainman3520, First of all - and as you suggested - please do NOT forward to port 80. This will expose ISY's traffic to hackers. For https, please do make sure you have the latest Java (that supports TLS) and then: 1. Clear your Java cache 2. Go to http://isy.universal-devices.com/admin.jnlp ... this will install the Admin Console icon on your desktop 3. Once you get the ISY Finder dialog, then click on the Add button and then enter the remote URL (https) for your ISY With kind regards, Michel
mountainman3520 Posted July 31, 2013 Author Posted July 31, 2013 Hello mountainman3520, First of all - and as you suggested - please do NOT forward to port 80. This will expose ISY's traffic to hackers. For https, please do make sure you have the latest Java (that supports TLS) and then: 1. Clear your Java cache 2. Go to http://isy.universal-devices.com/admin.jnlp ... this will install the Admin Console icon on your desktop 3. Once you get the ISY Finder dialog, then click on the Add button and then enter the remote URL (https) for your ISY With kind regards, Michel Thanks Michel. A few follow-ups: - The link you included on (2) above doesn't work. Could you please fix or add the correct link? Is it better to use the locally installed admin GUI application instead of clicking on the admin console link from the ISY's internal webpage, which I assume downloads a java app each time? - Why do the menus and configuration options look different on my admin console than in the UD network config guide? I don't seem to have choices to configure the security certificates. Thanks again.
mountainman3520 Posted July 31, 2013 Author Posted July 31, 2013 Hello mountainman3520, First of all - and as you suggested - please do NOT forward to port 80. This will expose ISY's traffic to hackers. For https, please do make sure you have the latest Java (that supports TLS) and then: 1. Clear your Java cache 2. Go to http://isy.universal-devices.com/admin.jnlp ... this will install the Admin Console icon on your desktop 3. Once you get the ISY Finder dialog, then click on the Add button and then enter the remote URL (https) for your ISY With kind regards, Michel Thanks Michel. A few follow-ups: - The link you included on (2) above doesn't work. Could you please fix or add the correct link? Is it better to use the locally installed admin GUI application instead of clicking on the admin console link from the ISY's internal webpage, which I assume downloads a java app each time? - Why do the menus and configuration options look different on my admin console than in the UD network config guide? I don't seem to have choices to configure the security certificates. Thanks again. I found another way to install the admin console link, using the ISY internal webpage. So I'm set on that. I'm running an ISY 994i/IR PRO with firmware 4.0.5. So I think I've got all the latest versions. But the menus do not match the UD instruction document and I can't find the network setup options anywhere. When I click the menu choice under help, called "Request/Manage SSL Certificates", it opens a webpage with the instruction doc but nothing seems to match. What's going on?
Michel Kohanim Posted July 31, 2013 Posted July 31, 2013 Hi mountainman3520, In the instructions there's a link to the dashboard (http://isy.universal-devices.com/99i/dashboard.jnlp) . That's what you should use to install certificates. With kind regards, Michel
Recommended Posts