Results 1 to 11 of 11
  1. #1
    Join Date
    Apr 2004
    Posts
    143
    Post Likes

    Jace Port forwarding help

    Im utilizing 2 jace systems, each is independent and requires no exchange of data, ( 2 different towers).
    I would like to connect to both systems over the internet utilizing the same IP line. I left Jace 1 with the standard port settings of 80,1311 and 1911. On Jace 2 I set up the ports as 82,1314 and 1914. Internally I can connect to either with no trouble. However off site and using the internet I cant connect to Jace 2. ( jace one is fine) Im using a standard Linksys router and port forwarding. Has any one done this and can lend a hand on setup with out the use of the server?

  2. #2
    Join Date
    Jan 2008
    Location
    Quebec
    Posts
    71
    Post Likes
    Sometime, some ISP block certain ports... could use 8080 or 8081... concering fox port (1911, 3011) I don't know...

    One thing you could try though is connecting VPN to your router. Linksys RV082 and RV042 (I think) have a PPTP VPN option that work well. You connect to the router, it creates a VPN network with your PC and you just have to use the LAN IP of the Jace you want to access to.

    Done it for a client where 10 Jaces are used and it's really easy.

    Maybe it worth the price of the new router (if the one you have doesn't handle VPN connection (it's less than 150$ I think...)
    Last edited by ctremblay; 01-17-2008 at 10:30 AM. Reason: syntax errors

  3. #3
    Join Date
    Apr 2004
    Posts
    143
    Post Likes
    Thread Starter
    Thanks ctrembly, its all up and running now... it was my gateway setting.

  4. #4
    Join Date
    May 2009
    Posts
    1,163
    Post Likes
    I ran into this yesterday and unfortunately unlike every other IoT device I have come across I found the Jace needs more than port 80, I also did 80,1311 and 1911 to get it working. I am working with AX at the moment.

    How do we feel about exposing this to the internet? Does N4 change this situation so we can minimize exposure to port 80 only? Best practices?
    Scott Jalbert
    WebCTRL ninja
    AX and Smartstruxure newb

    The S in IoT stands for Security

  5. #5
    Join Date
    Sep 2002
    Location
    Hampton Roads, Virginia
    Posts
    1,877
    Post Likes
    #1 on the best practice list would be to use a VPN, not always that easy to either get set up by customer or gain access to their router to set it up yourself, but if everything was easy we would not be needed.
    "There is plenty of room at the top because very few people care to travel beyond the average route. And so most of us seem satisfied to remain within the confines of mediocrity." -- Benjamin Nnamdi Azikiwe, first president of Nigeria

    "It's not the customer's job to know what they want." -- Steve Jobs

  6. #6
    Join Date
    May 2009
    Posts
    1,163
    Post Likes
    I actually have a VPN on site for commissioning but that wasn't part of the bid, just something to help me out. We don't typically supply networking gear and asked the customer for IP addresses etc. I'm hoping to come up with an OpenVPN solution that I would be comfortable with putting on a customer site that we can supply soon.
    Scott Jalbert
    WebCTRL ninja
    AX and Smartstruxure newb

    The S in IoT stands for Security

  7. #7
    Join Date
    Apr 2004
    Posts
    143
    Post Likes
    Thread Starter
    WOW, has it been 9 years already. From the time, I started this thread I’ve learnt quite a bit about AX, networking and security. After the Target stores got hacked, we decided to hire an ethical hacking group to help us understand how to secure our networks. I was blown away at how quickly they were able to gain assess to our systems. Today on the other hand, and completely because of them they have been unable to assess our stations.
    Below is a short list that will secure your system.

    Level 1
    1- Make sure your routers firmware is up to date. As soon as vulnerability is noticed the manufactures are quite quick at patching them. Quite easy to check during each maintenance visit.

    2- Use High security passwords and never duplicate them, generate and log them with a service like Lastpass.

    3- Do not use unencrypted ports like port 80. Instead use 443 and HTTPS

    4- Make sure your running the latest AX security patches.

    Level 2
    Add mac address filtering to the router. This way only registered computers can connect to the network.

    Level 3
    Like MaxBurn said, set up a VPN.

  8. Likes MaxBurn liked this post
  9. #8
    Join Date
    May 2009
    Posts
    1,163
    Post Likes
    Quote Originally Posted by aztra View Post
    WOW, has it been 9 years already. From the time, I started this thread Ive learnt quite a bit about AX, networking and security. After the Target stores got hacked, we decided to hire an ethical hacking group to help us understand how to secure our networks. I was blown away at how quickly they were able to gain assess to our systems. Today on the other hand, and completely because of them they have been unable to assess our stations.
    Below is a short list that will secure your system.

    Level 1
    1-Make sure your routers firmware is up to date. As soon as vulnerability is noticed the manufactures are quite quick at patching them. Quite easy to check during each maintenance visit.

    2-Use High security passwords and never duplicate them, generate and log them with a service like Lastpass.

    3-Do not use unencrypted ports like port 80. Instead use 443 and HTTPS

    4-Make sure your running the latest AX security patches.

    Level 2
    Add mac address filtering to the router. This way only registered computers can connect to the network.

    Level 3
    Like MaxBurn said, set up a VPN.
    On your point 4 is there something else I should look for patch wise for probuilder beyond the software itself?

    How bad is SSL to set up in a jace with a self signed certificate?
    Scott Jalbert
    WebCTRL ninja
    AX and Smartstruxure newb

    The S in IoT stands for Security

  10. #9
    Join Date
    Jan 2003
    Location
    USA
    Posts
    3,292
    Post Likes
    Quote Originally Posted by MaxBurn View Post
    How do we feel about exposing this to the internet? Does N4 change this situation so we can minimize exposure to port 80 only? Best practices?
    Certainly not preferred, but there are thousands of Jaces sitting out there setup this way. I would pick non-default ports for everything required. That should keep the crawlers from immediately finding it at least. Use strong passwords, setup SSL, etc.
    Propagating the formula. http://www.noagendashow.com/

  11. #10
    Join Date
    Jan 2003
    Location
    USA
    Posts
    3,292
    Post Likes
    Quote Originally Posted by MaxBurn View Post
    How bad is SSL to set up in a jace with a self signed certificate?
    Shouldn't take more an hour or two first time reading docSSL. After you have done it once, it takes 15 minutes to generate and install the certs. I'm somewhat torn on installing the cert on the clients machine to avoid the browser self signed warning over just clicking thru the warning every time. If the CA private key you create escapes your control, their bowers will trust any cert generated with it just as it would if verisign's cert gets loose.
    Propagating the formula. http://www.noagendashow.com/

  12. #11
    Join Date
    Apr 2004
    Posts
    143
    Post Likes
    Thread Starter
    [QUOTE=MaxBurn;24636471]On your point 4 is there something else I should look for patch wise for probuilder beyond the software itself?

    Nope just make sure all your modules are up to date. IE right now the latest if i'm not mistaken is 3.8.111

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Related Forums

Plumbing Talks | Contractor MagazineThe place where Electrical professionals meet.