Jump to content
C4 Forums | Control4

4Sight Port Forwarding/Firewall Requirements


Hammer

Recommended Posts

I’m assuming internet access for Control4 “Basic Internet Services” (LASSO-metadata, TV Channel Lineups, Radio Station Lineups, and Software Updates) do not require any special cable or DSL router port forwarding and/or firewall rules given these are outbound service requests. However, given that the 4Sight Internet Services is an inbound request(s), I’m assuming port forwarding and/or specific firewall rules will need to be open to provide access to the Control4 Media Controller(S) for Remote Home Monitoring and Remote Home Programming Support to work properly.

Can anyone comment on what inbound ports need to be opened/forwarded to the media controller to support 4Sight services in the most secure fashion?

Thanks,

George

Link to comment
Share on other sites


George,

The 4Sight system works by you putting in your 4Sight account information into the controller, which then opens up a VPN connection with Control4's servers. When you connect to the 4Sight system to control your system, it gives you that access through the existing VPN connection.

Because this is how it works, it doesn't need any special port forwarding or NAT settings for most setups.

RyanE

Link to comment
Share on other sites

  • 1 month later...

I've had no success in getting my unit to call home to the 4Sight servers. First, with my ipcop box acting as a router (linux based + iptables), it did not get through, and there was no evidence of attempted VPN connection in any logs. I subbed in a standard, SOHO Netgear (WGT624v2), and it still can't connect to the control4 cloud to enable remote access in. I tried DMZing the unit as well, no dice...

Anyone have any ideas?

EDIT: I can still ping the controller from within the LAN, browse to its HTTP dir listing, browse to its Samba share, Composer ME sees it, etcetera. The problem is getting it to punch out a VPN/IPSec tunnel back to Control4, so my dealer can get some work done...

Link to comment
Share on other sites

  • 2 weeks later...
  • 6 years later...

Sorry to bring up an old post but all I can find are posts that have people port forwarding all system ports (opening themselves up to the internet).

I just installed a SOPHOS UTM and no longer have access to 4sight... not surprising, it has blocked everything so far :)  From Teamviewer, to plex, to pushover, etc... everything was blocked but I can't seem to open up 4sight no matter what I do. What is even more odd, is that in my house the app also seems to have an issue connection and I have to click on Troubleshoot then manually enter my IP (even though it is already showing the correct IP) to have it connect.

I am assuming that 4sight is not establishing a VPN connection over port 80?

Link to comment
Share on other sites

even over https, I am not getting anything from 4sight. I have enough other services running fine over 443 that it is definitely not an issue. Unless it requires a one to one nat rule... in that case.. that is quite brutal.

Link to comment
Share on other sites

Hmm, there's security and then there's paranoia. Sounds like the Sophos UTM out-of-box setup is not too different from simply turning off all your gear. Is it worth the hassle?

 

Sorry to bring up an old post but all I can find are posts that have people port forwarding all system ports (opening themselves up to the internet).

I just installed a SOPHOS UTM and no longer have access to 4sight... not surprising, it has blocked everything so far :)  From Teamviewer, to plex, to pushover, etc... everything was blocked but I can't seem to open up 4sight no matter what I do. What is even more odd, is that in my house the app also seems to have an issue connection and I have to click on Troubleshoot then manually enter my IP (even though it is already showing the correct IP) to have it connect.

I am assuming that 4sight is not establishing a VPN connection over port 80?

Link to comment
Share on other sites

  • 2 weeks later...

I have had a ticket open with C4 for nearly two weeks now and even they can't tell me what the issue is.
The odd part, is that it seems to find my controller, but then it fails on authentication the first time, then continues to tell me that it can't find it. I know it has something to do with my new UTM but I don't think it is actually the firewall nor nat rules that are my limitation at this point. I (for testing only) opened everything wide open yet still nothing. 

I can't tell at this point if it is a cached setting on my controller that won't refresh properly (as the new UTM has the same IP as the old router) or if it is a port issue.

It is pretty brutal that I called Control4 and all they could tell me is "You shouldn't forward ports"... yup.. thanks for the tip. But if I am blocking the connection then they should be able to tell me which external IP their service is on and which ports are needed for that connection. 2 weeks and a few escalations and still... nothing....


 

Link to comment
Share on other sites

  • 2 years later...
On 6/20/2017 at 8:31 PM, Joe Hettiarachchy said:

I run a VPN server on port 1194.  This causes 4sight to break, saying "no openvpn connections available" whenever I have clients connected to the VPN server.  Is there some way to force control4 to try to establish a VPN connection using a different port?

Unlikely.

The VPN functionality built-into Control4 for 4Sight and other remote connections isn't configurable by the installer or homeowner.

Your best bet would be to run your (hopefully configurable) VPN server on a different port.

Sorry.

RyanE

Link to comment
Share on other sites

  • 11 months later...
5 hours ago, qwerty88 said:

Will 4sight work with ISP implementing Carrier Grade NAT?

https://en.m.wikipedia.org/wiki/Carrier-grade_NAT

 

Yes, it should, as everything from your home is client-side.

Your controller reaches out to C4 to create a VPN tunnel.  This should continue to work.

Just curious what ISP is (or is considering) implementing Carrier Grade NAT.  It's horrible for a bunch of reasons and my impression was the idea was pretty much abandoned in the US for residential broadband, in favor of using IPV6 for the last mile. 

Link to comment
Share on other sites

  • 3 weeks later...
On 4/10/2015 at 4:40 PM, badjesus said:

Sorry to bring up an old post but all I can find are posts that have people port forwarding all system ports (opening themselves up to the internet).

I just installed a SOPHOS UTM and no longer have access to 4sight... not surprising, it has blocked everything so far :)  From Teamviewer, to plex, to pushover, etc... everything was blocked but I can't seem to open up 4sight no matter what I do. What is even more odd, is that in my house the app also seems to have an issue connection and I have to click on Troubleshoot then manually enter my IP (even though it is already showing the correct IP) to have it connect.

I am assuming that 4sight is not establishing a VPN connection over port 80?

Did you ever get 4sight working through your UTM? Somewhere along the many updates 4site stopped working for me and I think it's also blocking the Alexa integration.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.