FYI. Automated "push" firmware updates will continue for the foreseeable future so people with strict firewalls should be aware of this information.
Firmware updates are requested by the EnvisAlerts server and initiated by the Envisalink 2DS' via TCP on outbound port 4022. The outbound IP can be any of our servers in our namespace for load balancing reasons.
If you have a firewall in place, allow outbound communications from your Envisalink to any IP address on port 4022. Otherwise we cannot update your firmware.
Automated Firmware Updates and Firewalls
Moderators: EyezOnRich, GrandWizard
-
- Posts: 2320
- Joined: Tue Nov 16, 2010 4:08 pm
Re: Automated Firmware Updates and Firewalls
I am revamping my firewall to only allow the needed traffic. I already placed the D2S and TL260GS on their own VLAN. I want to make sure I have the correct firewall rules:
Source: D2S Destination: DNS
Source: D2S: Destination: any IP on port 4021 UDP for communication
Source: D2S: Destination: any IP on port 4022 UDP for firmware
Source: D2S Destination: DNS
Source: D2S: Destination: any IP on port 4021 UDP for communication
Source: D2S: Destination: any IP on port 4022 UDP for firmware
-
- Posts: 2320
- Joined: Tue Nov 16, 2010 4:08 pm
Re: Automated Firmware Updates and Firewalls
Firmware updates use TCP, not UDP. I can't imagine we'll change the ports but the destination IPs will certainly change in the future for load balancing reasons. Considering the growth in customers, that is a given.
Re: Automated Firmware Updates and Firewalls
I just set up outbound firewall rules for the 2DS on my Juniper SSG5. I don't know about updates, but communication is definitely UDP and NOT TCP. I created a rule to allow outbound TCP and UDP ports 4021-4025. Nothing worked (got supervision failure) until I added the UDP ports.
-
- Posts: 2320
- Joined: Tue Nov 16, 2010 4:08 pm
Re: Automated Firmware Updates and Firewalls
Firmware updates use TCP. Envisalerts uses UDP.