Network setup AX: Difference between revisions
m Chime.Center formatting |
|||
| (14 intermediate revisions by 2 users not shown) | |||
| Line 8: | Line 8: | ||
* Continual time clock synchronization | * Continual time clock synchronization | ||
* [[Remote_AX|Remote control]] experience is enhanced | * [[Remote_AX|Remote control]] experience is enhanced | ||
* Advanced music, seasons and schedules using [[Using_Chime_Center|Chime Center]] | * Advanced music, seasons and schedules using [[Using_Chime_Center|Chime.Center]] | ||
* Automatic software and security updates | * Automatic software and security updates | ||
== Check your connection == | == Check your connection == | ||
| Line 14: | Line 14: | ||
You can tell if the system is connected to the Internet by checking the connection icon found on the PIN login screen at the top right corner, just below the system status icon. It will display one of the following states: | You can tell if the system is connected to the Internet by checking the connection icon found on the PIN login screen at the top right corner, just below the system status icon. It will display one of the following states: | ||
* Check mark on the globe - indicates the system has full Internet connectivity | * Check mark on the globe - indicates the system has full Internet connectivity | ||
* X mark on the globe - indicates the system is not able to reach the Chime Center server | * X mark on the globe - indicates the system is not able to reach the Chime.Center server | ||
* '''AP''' (no globe) - indicates the system is in Access Point (AP) mode for local remote control | * '''AP''' (no globe) - indicates the system is in Access Point (AP) mode for local remote control | ||
** Turn on Access Point mode whenever you cannot connect the ringing system to the Internet, even if you do not need the local remote control. This will turn off Internet services so that errors resulting from these missing connections will not degrade your ringing system's performance. | ** Turn on Access Point mode whenever you cannot connect the ringing system to the Internet, even if you do not need the local remote control. This will turn off Internet services so that errors resulting from these missing connections will not degrade your ringing system's performance. | ||
| Line 23: | Line 23: | ||
* Status: '''Access Point Mode''' - System is in Access Point (AP) mode for local remote control. | * Status: '''Access Point Mode''' - System is in Access Point (AP) mode for local remote control. | ||
* Status: '''Not Connected''' - System is not making connections to any network. Check cabling and if using antenna, retry WiFi setup. | * Status: '''Not Connected''' - System is not making connections to any network. Check cabling and if using antenna, retry WiFi setup. | ||
=== System time === | |||
The system will not be able to properly negotiate connections with our servers if the ringing system's time is incorrect. Go the the Settings - Date and Time screen to verify the correct date, time and time zone. Make sure the switches for DST and Automatic Time Sync are on. | |||
== Connection modes == | == Connection modes == | ||
| Line 36: | Line 38: | ||
=== Wireless === | === Wireless === | ||
These connections require the available wireless adapter antenna. Screw the two parts together and | These connections require the available wireless adapter antenna. Screw the two parts together and power down the ringing system before plugging in the antenna. Keep the system level while the antenna is plugged in, as tipping the system can cause damage to the antenna or port connection. | ||
==== WiFi network ==== | ==== WiFi network ==== | ||
WiFi is trickier to set up, but has the advantage that it provides an air gap between the lightning prone outside components of your ringing system and your other wired network | WiFi is trickier to set up, but has the advantage that it provides an air gap between the lightning prone outside components of your ringing system and your other wired network components. | ||
[[File:Wifi.jpg|frameless|right|450px]] | [[File:Wifi.jpg|frameless|right|450px]] | ||
| Line 76: | Line 78: | ||
* Leave the WiFi antenna plugged in only if you are ''not'' connecting using an Ethernet cable. | * Leave the WiFi antenna plugged in only if you are ''not'' connecting using an Ethernet cable. | ||
Restart the system as described below. When the system starts with the Access Point switch set to '''Normal''', update, backup and other Chime Center remote features are enabled. | Restart the system as described below. When the system starts with the Access Point switch set to '''Normal''', update, backup and other Chime.Center remote features are enabled. | ||
==== Verify connection and reset Remote ==== | ==== Verify connection and reset Remote ==== | ||
| Line 82: | Line 84: | ||
* Return to the home page, then tap the Remote button. | * Return to the home page, then tap the Remote button. | ||
* After entering your PIN, the system will check its network connection status. | * After entering your PIN, the system will check its network connection status. | ||
* Above the QR code the system will indicate that this code is for the Chime Center Remote. | * Above the QR code the system will indicate that this code is for the Chime.Center Remote. | ||
* Make sure your phone has Internet access and scan the QR code with your phone’s camera or QR reader. Tap the link which is provided from the QR code to open the '''Chime Remote''' in your phone's browser. | * Make sure your phone has Internet access and scan the QR code with your phone’s camera or QR reader. Tap the link which is provided from the QR code to open the '''Chime Remote''' in your phone's browser. | ||
| Line 108: | Line 110: | ||
While connected only to your network (mobile data off), a test device (phone or PC) must be able to access | While connected only to your network (mobile data off), a test device (phone or PC) must be able to access | ||
'''https://chime.center''' | '''https://chime.center''' | ||
'''https://sf.chime.center''' | |||
* This site may need to be white-listed in firewall or DNS rules | * This site may need to be white-listed in firewall or DNS rules | ||
=== Bandwidth === | |||
Typically you can expect around 50MB to 100MB per day (less than 3GB/month) of usage by the bell system, depending on the frequency of remote control and management usage. | |||
== Security == | == Security == | ||
AX ringing systems do not require static IP addresses or any special inbound port forwarding through your firewall. Chime Center's routing will make sure that only you have control of your bells. Best practices should be followed whenever connecting anything other than computers and printers to your network and the Internet. The following are a few suggestions that you should consider. The easiest are at the top and should be complied with first. | AX ringing systems do not require static IP addresses or any special inbound port forwarding through your firewall. Chime.Center's routing will make sure that only you have control of your bells. Best practices should be followed whenever connecting anything other than computers and printers to your network and the Internet. The following are a few suggestions that you should consider. The easiest are at the top and should be complied with first. | ||
=== Ringing system === | === Ringing system === | ||
* [[User_profile_setup_AX|Change the default login PIN number]] for the login screen. Users who have (or guess) this code can use the front panel remote screen to authenticate remote access. You can use up to 10 digits. | * [[User_profile_setup_AX|Change the default login PIN number]] for the login screen. Users who have (or guess) this code can use the front panel remote screen to authenticate remote access. You can use up to 10 digits. | ||
* Use a strong password to login to Chime Center. Use a password manager to generate unique and strong passwords for each of your site logins. Never re-use your email password on other sites. | * Use a strong password to login to Chime.Center. Use a password manager to generate unique and strong passwords for each of your site logins. Never re-use your email password on other sites. | ||
* Do not attempt to simultaneously use the wired Ethernet connection and the WiFi antenna connection. Make sure the Access Point is set to '''Normal''' (see above) if you are connected to a network. Necessary services are inhibited by the Access Point mode such as: | * Do not attempt to simultaneously use the wired Ethernet connection and the WiFi antenna connection. Make sure the Access Point is set to '''Normal''' (see above) if you are connected to a network. Necessary services are inhibited by the Access Point mode such as: | ||
** Automatic clock synchronization | ** Automatic clock synchronization | ||
** Software updates | ** Software updates | ||
** Chime Center access | ** Chime.Center access | ||
* Do not connect the ringing system directly to the Internet without a firewall (router based or dedicated). | * Do not connect the ringing system directly to the Internet without a firewall (router based or dedicated). | ||
| Line 126: | Line 132: | ||
No inbound ports need to be open on your firewall. Most router firewalls default to allow outgoing connections on all ports while blocking incoming connections. | No inbound ports need to be open on your firewall. Most router firewalls default to allow outgoing connections on all ports while blocking incoming connections. | ||
In more secure facilities, | In more secure facilities, outgoing connections may also be blocked to ports other than those needed for typical web browsing. Keep these outbound ports open for the ringing system: | ||
* '''SSH 22''' (to *.sf.chime.center - remote tunnel for API and backups) | * '''SSH 22''' (to *.sf.chime.center - remote tunnel for API and backups) | ||
* '''TCP 443''' (to *.sf.chime.center - updates) | * '''TCP 443''' (to *.sf.chime.center - updates) | ||
* '''TCP 7443''' (to *.chime.center - update systems with firmware < 1.4.20) | |||
* '''UDP 123''' (time sync) | * '''UDP 123''' (time sync) | ||
''' | ==== Issues with firewalls ==== | ||
'''Verizon''' router/modem firewalls often default to closing connections to port 22. Check if your security settings is set to maximum. If so, manually add SSH 22. | |||
Chime.Center does not support Deep Packet Inspection of SSH packets (DPI-SSH), typically encountered on '''SonicWall''' products. If your network must enable DPI-SSH (very rare circumstances), disable it for the ringing system's (static) IP or mac address to allow API tunneling. Otherwise, the Chime.Center server will detect your firewall as a man-in-the-middle attacker and drop the connection. | |||
==== Best Practices ==== | |||
* Use a strong WiFi password on your router or access point. | * Use a strong WiFi password on your router or access point. | ||
* Test your firewall for unneeded open inbound ports. Gibson Research provides the [https://www.grc.com/shieldsup Shields Up!] tool. After clicking the Proceed button, click the All Service Ports button to begin testing. | * Test your firewall for unneeded open inbound ports. Gibson Research provides the [https://www.grc.com/shieldsup Shields Up!] tool. After clicking the Proceed button, click the All Service Ports button to begin testing. | ||
* Have your IT personnel configure a [https://robpickering.com/ubiquiti-configure-micro-segmentation-for-iot-devices/ segmented VLAN or Internet-of-Things sub-network] for the ringing system and other appliances. [https://www.zdnet.com/article/fbi-recommends-that-you-keep-your-iot-devices-on-a-separate-network The FBI recommends] you do this at home as well. | * Have your IT personnel configure a [https://robpickering.com/ubiquiti-configure-micro-segmentation-for-iot-devices/ segmented VLAN or Internet-of-Things sub-network] for the ringing system and other appliances such as security cameras. [https://www.zdnet.com/article/fbi-recommends-that-you-keep-your-iot-devices-on-a-separate-network The FBI recommends] you do this at home as well. | ||
<br/> | <br/> | ||
<span class="crumbs"><div style="font-size:84%"> | <span class="crumbs"><div style="font-size:84%"> | ||