New post
0

BNM Connectivity through Firewall

Avatar
joshk
None
Follow


We have a few HD2000 units that connect to BNM to receive updates. All is well when we open all ports/protocols on the firewall (Internet port). One unit is now needed on a more restrictive network and we can't (easily) allow unrestricted access to the Internet.

The firewall logs show the unit accessing <!-- w --><a class="postlink" href="http://www.brightsignnetworkmanager.com">www.brightsignnetworkmanager.com</a><!-- w -->, as well as an NTP server. If I restrict traffic to the following it doesn't work:

HD2000 -->allow-->http-->www.brightsignnetworkmanager.com
HD2000-->allow-->ntp-->any Internet address

Our subsequent block rule doesn't log any other addresses the HD2000 is attempting to contact.

The following DOES work:

HD2000-->allow-->any port/protocol-->any Internet address


Can you please advise as to the protocols and destination addresses needed for the HD2000 to get BNM content updates? Is NTP necessary? We have configured the time local on the device, what is the NTP call doing?

Thanks,

Josh
Date Votes

2 comments

  • 0
    Avatar
    RokuLyndon


    The unit should only need to access port 80 for web browsing, and ntp is used to maintain the time. If you block just NTP, does it still fail?



    Is it possible to connect a nullmodem cable to the unit while it's trying to connect to the internet? We could capture the serial output, to see what errors are getting generated when it fails to connect.
  • 0
    Avatar
    joshk


    Thanks Lyndon.  I figured it only needed 80.  It's only need to <!-- w --><a class="postlink" href="http://www.brightsignnetworkmonitor.com">www.brightsignnetworkmonitor.com</a><!-- w -->, right?



    If the time is being maintained with NTP, that's fine also -- I can allow.



    I can certainly connect a null modem to the unit - thanks for the suggestion.  What connection settings should I use to grab the output?
Please sign in to leave a comment.