Network setup AX: Difference between revisions

Line 124:

=== Your network ===

No inbound ports need to be open on your firewall. Most router firewalls default to allow outgoing connections on all ports while blocking incoming connections.

In more secure facilities, your IT people may configure the firewall also to not allow outgoing connections to ports other than those needed for typical web browsing.

In more secure facilities, your IT people may configure the firewall also to not allow outgoing connections to ports other than those needed for typical web browsing. Keep these outbound ports open for the ringing system:

Keep these outbound ports open for the ringing system:

* '''SSH 22''' (to *.sf.chime.center - remote tunnel for API and backups)

* '''TCP 443''' (to *.sf.chime.center - updates)

* '''UDP 123''' (time sync)

* Chime Master ringing systems do not support Deep Packet Inspection of SSH packets (DPI-SSH). If your network security has DPI enabled, disable it for the ringing system's IP or mac address to allow API tunneling.

'''Best Practices'''

* Use a strong WiFi password on your router or access point.

* Test your firewall for unneeded open inbound ports. Gibson Research provides the [https://www.grc.com/shieldsup Shields Up!] tool. After clicking the Proceed button, click the All Service Ports button to begin testing.

@@ Line 124: / Line 124: @@
 === Your network ===
 No inbound ports need to be open on your firewall. Most router firewalls default to allow outgoing connections on all ports while blocking incoming connections.
-In more secure facilities, your IT people may configure the firewall also to not allow outgoing connections to ports other than those needed for typical web browsing.
+In more secure facilities, your IT people may configure the firewall also to not allow outgoing connections to ports other than those needed for typical web browsing. Keep these outbound ports open for the ringing system:
-Keep these outbound ports open for the ringing system:
   * '''SSH 22'''  (to *.sf.chime.center - remote tunnel for API and backups)
   * '''TCP 443''' (to *.sf.chime.center - updates)
   * '''UDP 123''' (time sync)
+ * Chime Master ringing systems do not support Deep Packet Inspection of SSH packets (DPI-SSH). If your network security has DPI enabled, disable it for the ringing system's IP or mac address to allow API tunneling.
+'''Best Practices'''
 * Use a strong WiFi password on your router or access point.
 * Test your firewall for unneeded open inbound ports. Gibson Research provides the [https://www.grc.com/shieldsup Shields Up!] tool. After clicking the Proceed button, click the All Service Ports button to begin testing.