Balok Posted September 12, 2015 Posted September 12, 2015 Somehow, despite my not having changed settings since August (when I changed a port number to resolve a conflict - the settings didn't change for a long time prior to that), my ISY-994i became unable to reach the Internet. That is, when I choose File -> Enable Internet Access [my system name] I get the Busy screen with progress bar for a second or so, and then a message "Failed Enabling Internet Access". I've tried rebooting both the ISY and the router, and it did not help. The ISY shows up in my router's list of attached devices. UPnP is selected on the ISY configuration screen and enabled in the router. Automatic DHCP is turned on on the router, and the router is configured to reserver a particular IP address for a device with the ISY's MAC address; the address that shows up in the attached devices list is the correct address. I'm not sure what's wrong. The ISY isn't even two years old; it seems unlikely that it would fail so soon. I did upgrade to 4.2.30 a few weeks ago, but communication was possible after I did that. Anyone have any ideas what I could try? What can cause the Administrative Console to issue this message? Thanks.
MWoods329 Posted September 12, 2015 Posted September 12, 2015 I've had the same issue lately too. On 4.3.18 Sent from my iPhone using Tapatalk
Balok Posted September 12, 2015 Author Posted September 12, 2015 My ISY can run programs and adjust scenes. The router's port light shows amber, meaning 10/100, and blinks periodically with activity indicators, leading me to remove "bad cable" from the list of possibilities. The cable hasn't changed since I installed it years ago, and no part of it is damaged. I doubt it's that.
MWareman Posted September 12, 2015 Posted September 12, 2015 (edited) All 'Enable Internet Access' does is use upnp to setup a port forward in your router, and report the external IP and port the router assigned. If your router didn't do upnp (most are defaulted not to these days) then 'Enable Internet Access' will fail, and that's expected. I believe if ISY already has a port mapping it will also display the failed message. Edited September 12, 2015 by MWareman
Balok Posted September 12, 2015 Author Posted September 12, 2015 (edited) My router supports UPnP, and that function is turned on. No configuration changes were made to the router between a period where the ISY could communicate, and a period where it could not. And its firmware has not been updated. The only firmware update recently is to the ISY. I did that to get the security improvements (doesn't use SSL any longer); I sure hope it wasn't a mistake, because I haven't got an installer for 4.2.18, the version I was using. I've been burned a few times by software and firmware updates, as a result of which I don't generally take them immediately, and then only when I am trying to solve a problem. Edited September 12, 2015 by Balok
LeeG Posted September 12, 2015 Posted September 12, 2015 When uPnP is turned On, is that in the ISY and the router? It is better to have set up port forwarding in router and not use File | Enable Internet Access.
MWareman Posted September 12, 2015 Posted September 12, 2015 Upnp is a security risk. As @LeeG said - best to leave it off and manually map the port. A routers listing of devices is often flawed and incomplete. I would never rely on this.
Balok Posted September 12, 2015 Author Posted September 12, 2015 (edited) When uPnP is turned On, is that in the ISY and the router? It is better to have set up port forwarding in router and not use File | Enable Internet Access. It might be... if I knew better how to do that. I think I have it working. I set the external port to the same value as the internal port and chose the correct IP address, and that seems to have solved the problem. Can you recommend somewhere I can read why UPnP is a security risk? Thanks. Edited September 12, 2015 by Balok
LeeG Posted September 13, 2015 Posted September 13, 2015 Try Google search for "upnp security risk router". Several hits on UPnP security
MWareman Posted September 13, 2015 Posted September 13, 2015 Upnp allows programs on internal machines to setup port forwarding without any authentication - by design. Imagine what malware could do! It's one of those 'what could possibly go wrong?' technologies....
Balok Posted September 13, 2015 Author Posted September 13, 2015 (edited) Okay, thanks. My theory was that since the router has a firewall and all my internal machines have software firewalls and run AV software, and I'm careful what sites I visit, I was reasonably safe from downloading malware that could then make holes for itself without me knowing about it. But you're probably right; it should be shut off. Thanks for the help; it seems to be working with manual port forwarding. Edited September 13, 2015 by Balok
Recommended Posts