Remote Mangement from abroad via Internet
marbella_frank
Posts: 4
How do I configure my Firewall to allow a Programmer from an other country to upload updates of AMX and also get Browser Access myself if I am abroad?
Thanx for any help...
Thanx for any help...
0
Comments
The simplest way is to have them forward the appropriate ports on their router to the master. You may not be able to get browser access, since that is locked to port 80 (or 443 if using SSL), and many ISP's won't allow it unless it's a commercial account ... in which case they also may already have a web server using the port. But the browser interface doesn't give you anything you can't get from diagnostics and Telnet anyway, it's just packaged nicer. It's a major plus if you can talk them into giving you remote access to the router itself, so you can change some of those forwards on-the-fly (especially if you have multiple touch panels or masters). You want to forward ports 21, 23, and 1319 to your master. Forward port 5900 to your main touch panel for VNC access. That covers most of it.
If the system has multiple masters, or a lot of panels that you really need to access independently, have the network admin set you up with a VPN login. Forwarded ports just get awkward in those cases, because you continuously have to re-route the ports, and you can't access them simultaneously. Once logged in, you can treat the entire system as if it were local. This also solves the issue of accessing the browser pages on the master if they have a web server or if their ISP blocks port 80 completely.
In my opinion tho, a much better way to do this would be to add a VPN gateway to the system. This is more secure and should allow you to utilize the same settings abroad as you use locally. There are quite a few VPN gateways available now for reasonable costs. When you consider what is being controlled by most AMX processors, it seems a little careless to just be opening ports directly to masters (IMHO).
Jeff
Also we use business grade switches and routers, the way we see it is if your spending 100s of thousands on your house then why not spend a few grand protecting it.
Just make sure you buy the right network gear and lock it down correctly.
What ever brand you decide to use be certain that you can administer it and lock it down water tight and you should be fine.
I would suggest reading some PC forums on networking and find a few how to guides to get you up to speed a bit more on the inner workings of switches and routers.
The RV sereies supports subnetting, dual wan, Vlans etc but it also comes with an CD application for a client VPN connection. You can also set up a tradidtional Gateway to Gateway Tunnel if you want but the Client to Gateway is very easy to set up in the router and the customer just has to load the VPN client app from the CD on there laptop and your golden.
Of course you first need to set up a dynamic DNS service that will always point to your residence or place of business's public IP and you'll still need to set up a VNC to connect to a TP.
You can do this with out a VPN using port forwarding in almost any router, just set up port 5900 or what ever your VNC port is to your TP' IP, set up a dynamic dns service, have the VNC running, etc.
It's can be relatively easy. VPN is the way to go!