{if there is a better place to report a potential bug, please let me know.]
http access to my EVL-4 from a different network segment seems to be failing after upgrade to 01.01.114 Beta firmware. I believe this was working correctly with the previous 01.00.102 firmware. Looks like the connection gets opened, but then gets reset before the EVL sends any response. The client (browsers firefox or chrome) looks to have sent all the HTTPs headers during the 3 way handshake.
The EVL network page shows the correct gateway (obtained from DHCP).
Ping from the same machine (on a different segment) works. The ICMP request/response messages are traversing the gateway correctly.
The TCP connection is opened, but the EVL sends a reset as soon as the connection is opened.
right now this is reliably reproducible.
Let me know if there is any other information I can provide or things you want me to try.
Please see the release notes on this forum. There is a new firewall feature that is to save users from themselves. The Envisalink will not allow remote connections if the default password is still in place.
Thank you for the very quick response. You are of course correct I missed this the first time around, and it didn't dawn on me since it's not internet exposed, just a different segment.
I don't recall seeing release notes anywhere but the TPI documentation. A very minor documentation nit, the TPI 1.08 documentation says:
"As of Envisalink 4 (1.0.102) and Envisalink 3 (1.12.180) the Envisalink has an internal firewall that will block all TPI
connections that originate outside of the network segment it resides upon."
That doesn't mention HTTP, and I believe that firewall behavior for HTTP wasn't implemented until after 1.0.102. (I believe mine went from 1.0.102 to 1.1.114)
rct wrote:Thank you for the very quick response. You are of course correct I missed this the first time around, and it didn't dawn on me since it's not internet exposed, just a different segment.
I don't recall seeing release notes anywhere but the TPI documentation. A very minor documentation nit, the TPI 1.08 documentation says:
"As of Envisalink 4 (1.0.102) and Envisalink 3 (1.12.180) the Envisalink has an internal firewall that will block all TPI
connections that originate outside of the network segment it resides upon."
That doesn't mention HTTP, and I believe that firewall behavior for HTTP wasn't implemented until after 1.0.102. (I believe mine went from 1.0.102 to 1.1.114)
Sorry, my mistake. It is actually in the 1.0.102 release notes. You probably just didn't notice the firewall before if you had version 1.0.102.
Logging that a connection was blocked by firewall (and therefore nagging that the password is still the default) would be a good use of the new syslog functionality (in my opinion).