Jump to content
C4 Forums | Control4

Help with Setup with Xfinity xfi please

Smess

By Smess
in General Control4 Discussion

 Share

Recommended Posts

Smess Enthusiast

Smess

Posted
Posted

Hello,

 

New to the forum and control4, my dealer is great but so busy I don't get consistency in who they send to when I need help with setup I end up with a tech that can only install a cat5 plug.

I have a 2800 sq ft one story house with a control4 system that I inherited. All has been upgraded to newest software etc and a new Ea3 a month ago.  At the same time I upgraded my xfinity modem to the xfi with higher speeds.  The modem covers the house and is plenty fast and reliable but it came with an app that tells when the network is under attack from port forwards and open ports.  I have been watching and the system gets hit quite often and has actually gotten through to my dvr and the dvr has adopted VMware which has basically taken down the network unless I reboot.

Port forwards are on 67, 68 and 80 when scanned says it is open.  I am assuming the 80 is the cameras so I can view them from he outside.  67 and 68 I assume are connected to the Ea-3 and the amp and something that shows as Control4 Glassedge7.  My dealer says the control4 system uses ports to talk to the control4 servers and this is why they suggest me putting a router behind the Xfinity.

Of course they want me to buy some high end router and with such a small house and so many things hard wired I don't need a high end router as I think they want me to use the new router for wifi and the xfinity for phone service I get from Xfinity.

The dealer seems to think from what I understand that the router will protect from the attacks or make the open port/port forwards invisible.

My personal IT guy seems to think that the router behind the xfinity with the same port forwards etc will be able to be seen by possible intruders and thinks its a bunch of bs.

I can't get simple answers out of the control4 dealer other than spend thousands more and we will get you all fixed up and you will be a prisoner to us for all your network needs unlike now how I can restart my modem from an app on my phone and get a lot of info from the Xfinity xfi app on my phone.

Any help with a simple set up would be appreciated or even an explanation of if wifi should come from the new router or xfinity etc.

I am lost but more computer technical than the average homeowner.  I don't mind paying for help from my dealer, its the waiting days and weeks I can not deal with.

Please let me know if I posted this in the wrong section and I can move it, thanks in advance with any help anyone can provide.

 

 

 

 

 

 

Link to comment
Share on other sites

msgreenf Grand Master

msgreenf

Posted
Posted
1 minute ago, Smess said:

Port forwards are on 67, 68 and 80 when scanned says it is open.  I am assuming the 80 is the cameras so I can view them from he outside.  67 and 68 I assume are connected to the Ea-3 and the amp and something that shows as Control4 Glassedge7.  My dealer says the control4 system uses ports to talk to the control4 servers and this is why they suggest me putting a router behind the Xfinity.

this is 100% wrong - control4 requires no open ports or port forwarding.

 

 

Link to comment
Share on other sites
SouthernSmarthome Enthusiast

SouthernSmarthome

Posted
Posted

If you have the same ports open then yes your still vulnerable.
So as far as I’m concerned, your IT guy is correct and your C4 dealer is an idiot. I would recommend that you find a new dealer as this one has no ideas about networking and is putting you at risk.
The network is the foundation of your system so while yes you should put in a real network (xfinity has many issues) you should hire a professional.
Hell, any good dealer could preprogram a network, drop ship it and then remote in for final tweaks.


Sent from my iPhone using Tapatalk

Link to comment
Share on other sites
Smess Enthusiast

Smess

Posted
  • Author
Posted

I figured, the IT guy works with extremely high end clients while the control4 dealers guy has an engineering degree but is weak in the IT department.

Now my network shows vmware on what appears to be the dvr and coincidentally the port 80 shows as open on my scan and 67 and 68 show as port forwaded.

My Xfinity system does the job for my simple house and life, I dont need anything elaborate I just need it set up right.

anyone know a good dealer that can do remote work? Sofl is not best place for getting anything done professionally.

 

Link to comment
Share on other sites
msgreenf Grand Master

msgreenf

Posted
Posted

Only locally or when using a compatible camera and 4sight. Since there are tons of non compatible systems out there that can be better you still need another way in many situations


Sent from my iPhone using Tapatalk
True. But most DVRs have solutions today. Really need more info like you said
Link to comment
Share on other sites
SouthernSmarthome Enthusiast

SouthernSmarthome

Posted
Posted
The best security systems have no requirements on portforwarding.
Any security camera portforwarded is a potential doorway into the network.

This isn’t exactly accurate. Many high end systems still need ports to be forwarded as the QR code method is not really used by high end companies.
As i mentioned there are ways to really lock down your network, providing your using professional gear and not the garbage at best buy or most of the trash sold at the av distributors.
So one thing that my companies network does is to auto ban any device that scans for open ports.
Without disclosing other IP about our networks i can tell you that they are fully PCI compliant.


Sent from my iPhone using Tapatalk
Link to comment
Share on other sites
-defunct- Mentor

-defunct-

Posted
Posted
1 hour ago, SouthernSmarthome said:


This isn’t exactly accurate. Many high end systems still need ports to be forwarded as the QR code method is not really used by high end companies.
As i mentioned there are ways to really lock down your network, providing your using professional gear and not the garbage at best buy or most of the trash sold at the av distributors.
So one thing that my companies network does is to auto ban any device that scans for open ports.
Without disclosing other IP about our networks i can tell you that they are fully PCI compliant.


Sent from my iPhone using Tapatalk

If PCI Compliance allows for open ports for security system access, PCI Compliance is out dated.

 

Absolutely nobody should be portforwarding anything nowadays. The only things that should be on the public net are servers with an API, web pages on https, and vpn servers.

I don't know how you can justify those networks are secure.

Link to comment
Share on other sites
Smess Enthusiast

Smess

Posted
  • Author
Posted

You lost me but if I was using snap app then i would only see cameras when going straight to app or when i go to control4 remotly i can choose the security icon and the cameras will display. In the second scenario if this is case then c4 would be linking to the snap app to get the cameras feed?

Link to comment
Share on other sites
-defunct- Mentor

-defunct-

Posted
Posted
19 minutes ago, Smess said:

You lost me but if I was using snap app then i would only see cameras when going straight to app or when i go to control4 remotly i can choose the security icon and the cameras will display. In the second scenario if this is case then c4 would be linking to the snap app to get the cameras feed?

If you are watching them through the Control4 app, then no portforwarding is necessary. All you would need is to make sure the cameras installed are compatible with Control4. Any dealer would be able to let you know that.

Link to comment
Share on other sites
SouthernSmarthome Enthusiast

SouthernSmarthome

Posted
Posted
If PCI Compliance allows for open ports for security system access, PCI Compliance is out dated.
 
Absolutely nobody should be portforwarding anything nowadays. The only things that should be on the public net are servers with an API, web pages on https, and vpn servers.
I don't know how you can justify those networks are secure.

I don’t think you quite understand. No PCI in general does not want ports to be forwarded.
I was stating multiple things. One being that our networks are pci compliant even on systems that require it as it’s part of our standard.
As for ports being forwarded, it can be done in such a way that the outside can’t reach them if your using professional networking gear and not the cheap stuff.
This is the joy of the Internet where it is easy to misinterpret what is meant.


Sent from my iPhone using Tapatalk
Link to comment
Share on other sites
Smess Enthusiast

Smess

Posted
  • Author
Posted

I am watching the cameras through the control4 app now. If you kill the one port forward I think its 80 then you lose the ability to see the cameras outside the house

when you kill port forwards 67 and 68 you lose the ability to see control4 outside the house entirely. Error 401

 

this is set up wrong?

Link to comment
Share on other sites
SouthernSmarthome Enthusiast

SouthernSmarthome

Posted
Posted
In other words i read one thing that says no port forwards no way no how then i read oh wait unless you are doing it this other way. 

If your only viewing your cameras thru the C4 app then no you do t need ports forwarded.
If you use the snap app then yes you need the ports forwarded.


Sent from my iPhone using Tapatalk
Link to comment
Share on other sites
-defunct- Mentor

-defunct-

Posted
Posted
9 minutes ago, Smess said:

I am watching the cameras through the control4 app now. If you kill the one port forward I think its 80 then you lose the ability to see the cameras outside the house

when you kill port forwards 67 and 68 you lose the ability to see control4 outside the house entirely. Error 401

 

this is set up wrong?

That doesn't sound right. I have an Xfinity Modem and Pakedge RK1 and don't need to have anything portforwarded.

It would likely be a router setting blocking the traffic that the portforward possibly bypasses.

 

In any case, ISP routers are usually not the ideal to use with a Control4 system.

 

Link to comment
Share on other sites
SouthernSmarthome Enthusiast

SouthernSmarthome

Posted
Posted
That doesn't sound right. I have an Xfinity Modem and Pakedge RK1 and don't need to have anything portforwarded.
It would likely be a router setting blocking the traffic that the portforward possibly bypasses.
 
In any case, ISP routers are usually not the ideal to use with a Control4 system.
 

I would agree with this.
In the past I’ve seen a xfinity router block traffic to google’s dns.


Sent from my iPhone using Tapatalk
Link to comment
Share on other sites
  • 3 weeks later...
This thread is quite old. Please consider starting a new thread rather than reviving this one.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept