Smess Posted December 29, 2019 Share Posted December 29, 2019 Hello, New to the forum and control4, my dealer is great but so busy I don't get consistency in who they send to when I need help with setup I end up with a tech that can only install a cat5 plug. I have a 2800 sq ft one story house with a control4 system that I inherited. All has been upgraded to newest software etc and a new Ea3 a month ago. At the same time I upgraded my xfinity modem to the xfi with higher speeds. The modem covers the house and is plenty fast and reliable but it came with an app that tells when the network is under attack from port forwards and open ports. I have been watching and the system gets hit quite often and has actually gotten through to my dvr and the dvr has adopted VMware which has basically taken down the network unless I reboot. Port forwards are on 67, 68 and 80 when scanned says it is open. I am assuming the 80 is the cameras so I can view them from he outside. 67 and 68 I assume are connected to the Ea-3 and the amp and something that shows as Control4 Glassedge7. My dealer says the control4 system uses ports to talk to the control4 servers and this is why they suggest me putting a router behind the Xfinity. Of course they want me to buy some high end router and with such a small house and so many things hard wired I don't need a high end router as I think they want me to use the new router for wifi and the xfinity for phone service I get from Xfinity. The dealer seems to think from what I understand that the router will protect from the attacks or make the open port/port forwards invisible. My personal IT guy seems to think that the router behind the xfinity with the same port forwards etc will be able to be seen by possible intruders and thinks its a bunch of bs. I can't get simple answers out of the control4 dealer other than spend thousands more and we will get you all fixed up and you will be a prisoner to us for all your network needs unlike now how I can restart my modem from an app on my phone and get a lot of info from the Xfinity xfi app on my phone. Any help with a simple set up would be appreciated or even an explanation of if wifi should come from the new router or xfinity etc. I am lost but more computer technical than the average homeowner. I don't mind paying for help from my dealer, its the waiting days and weeks I can not deal with. Please let me know if I posted this in the wrong section and I can move it, thanks in advance with any help anyone can provide. Quote Link to comment Share on other sites More sharing options...
msgreenf Posted December 29, 2019 Share Posted December 29, 2019 1 minute ago, Smess said: Port forwards are on 67, 68 and 80 when scanned says it is open. I am assuming the 80 is the cameras so I can view them from he outside. 67 and 68 I assume are connected to the Ea-3 and the amp and something that shows as Control4 Glassedge7. My dealer says the control4 system uses ports to talk to the control4 servers and this is why they suggest me putting a router behind the Xfinity. this is 100% wrong - control4 requires no open ports or port forwarding. SouthernSmarthome and KWD 2 Quote Link to comment Share on other sites More sharing options...
-defunct- Posted December 29, 2019 Share Posted December 29, 2019 Rule #1 about security: Don't portforward anything. SouthernSmarthome and KWD 2 Quote Link to comment Share on other sites More sharing options...
SouthernSmarthome Posted December 29, 2019 Share Posted December 29, 2019 If you have the same ports open then yes your still vulnerable. So as far as I’m concerned, your IT guy is correct and your C4 dealer is an idiot. I would recommend that you find a new dealer as this one has no ideas about networking and is putting you at risk. The network is the foundation of your system so while yes you should put in a real network (xfinity has many issues) you should hire a professional. Hell, any good dealer could preprogram a network, drop ship it and then remote in for final tweaks. Sent from my iPhone using Tapatalk msgreenf 1 Quote Link to comment Share on other sites More sharing options...
Smess Posted December 29, 2019 Author Share Posted December 29, 2019 I figured, the IT guy works with extremely high end clients while the control4 dealers guy has an engineering degree but is weak in the IT department. Now my network shows vmware on what appears to be the dvr and coincidentally the port 80 shows as open on my scan and 67 and 68 show as port forwaded. My Xfinity system does the job for my simple house and life, I dont need anything elaborate I just need it set up right. anyone know a good dealer that can do remote work? Sofl is not best place for getting anything done professionally. Quote Link to comment Share on other sites More sharing options...
Smess Posted December 29, 2019 Author Share Posted December 29, 2019 Some port has to be open to see in to cameras, no? Quote Link to comment Share on other sites More sharing options...
msgreenf Posted December 29, 2019 Share Posted December 29, 2019 Some port has to be open to see in to cameras, no?No. Control4 handles it all Quote Link to comment Share on other sites More sharing options...
-defunct- Posted December 29, 2019 Share Posted December 29, 2019 23 minutes ago, Smess said: Some port has to be open to see in to cameras, no? The best security systems have no requirements on portforwarding. Any security camera portforwarded is a potential doorway into the network. Quote Link to comment Share on other sites More sharing options...
SouthernSmarthome Posted December 29, 2019 Share Posted December 29, 2019 Some port has to be open to see in to cameras, no?It really depends on the camera server, however a properly secured network does not show them being open. To access cameras on my networks you enterClient.mydomain.com This then uses our secure remote access to view your cameras. Sent from my iPhone using Tapatalk Quote Link to comment Share on other sites More sharing options...
SouthernSmarthome Posted December 29, 2019 Share Posted December 29, 2019 No. Control4 handles it all Only locally or when using a compatible camera and 4sight. Since there are tons of non compatible systems out there that can be better you still need another way in many situations Sent from my iPhone using Tapatalk Quote Link to comment Share on other sites More sharing options...
msgreenf Posted December 29, 2019 Share Posted December 29, 2019 Only locally or when using a compatible camera and 4sight. Since there are tons of non compatible systems out there that can be better you still need another way in many situations Sent from my iPhone using TapatalkTrue. But most DVRs have solutions today. Really need more info like you said Quote Link to comment Share on other sites More sharing options...
SouthernSmarthome Posted December 29, 2019 Share Posted December 29, 2019 The best security systems have no requirements on portforwarding. Any security camera portforwarded is a potential doorway into the network.This isn’t exactly accurate. Many high end systems still need ports to be forwarded as the QR code method is not really used by high end companies. As i mentioned there are ways to really lock down your network, providing your using professional gear and not the garbage at best buy or most of the trash sold at the av distributors. So one thing that my companies network does is to auto ban any device that scans for open ports. Without disclosing other IP about our networks i can tell you that they are fully PCI compliant. Sent from my iPhone using Tapatalk Quote Link to comment Share on other sites More sharing options...
Smess Posted December 29, 2019 Author Share Posted December 29, 2019 DVR is older SnapAV, Yes 4sight. still dont need port forwards? Before I rip someone a new one for taking thousands for equipment and programming. Quote Link to comment Share on other sites More sharing options...
SouthernSmarthome Posted December 29, 2019 Share Posted December 29, 2019 DVR is older SnapAV, Yes 4sight. still dont need port forwards? Before I rip someone a new one for taking thousands for equipment and programming.Depends on if your using the snap app as wellSent from my iPhone using Tapatalk Quote Link to comment Share on other sites More sharing options...
-defunct- Posted December 29, 2019 Share Posted December 29, 2019 1 hour ago, SouthernSmarthome said: This isn’t exactly accurate. Many high end systems still need ports to be forwarded as the QR code method is not really used by high end companies. As i mentioned there are ways to really lock down your network, providing your using professional gear and not the garbage at best buy or most of the trash sold at the av distributors. So one thing that my companies network does is to auto ban any device that scans for open ports. Without disclosing other IP about our networks i can tell you that they are fully PCI compliant. Sent from my iPhone using Tapatalk If PCI Compliance allows for open ports for security system access, PCI Compliance is out dated. Absolutely nobody should be portforwarding anything nowadays. The only things that should be on the public net are servers with an API, web pages on https, and vpn servers. I don't know how you can justify those networks are secure. Quote Link to comment Share on other sites More sharing options...
Smess Posted December 29, 2019 Author Share Posted December 29, 2019 You lost me but if I was using snap app then i would only see cameras when going straight to app or when i go to control4 remotly i can choose the security icon and the cameras will display. In the second scenario if this is case then c4 would be linking to the snap app to get the cameras feed? Quote Link to comment Share on other sites More sharing options...
Smess Posted December 29, 2019 Author Share Posted December 29, 2019 In other words i read one thing that says no port forwards no way no how then i read oh wait unless you are doing it this other way. Quote Link to comment Share on other sites More sharing options...
-defunct- Posted December 29, 2019 Share Posted December 29, 2019 19 minutes ago, Smess said: You lost me but if I was using snap app then i would only see cameras when going straight to app or when i go to control4 remotly i can choose the security icon and the cameras will display. In the second scenario if this is case then c4 would be linking to the snap app to get the cameras feed? If you are watching them through the Control4 app, then no portforwarding is necessary. All you would need is to make sure the cameras installed are compatible with Control4. Any dealer would be able to let you know that. Quote Link to comment Share on other sites More sharing options...
SouthernSmarthome Posted December 29, 2019 Share Posted December 29, 2019 If PCI Compliance allows for open ports for security system access, PCI Compliance is out dated. Absolutely nobody should be portforwarding anything nowadays. The only things that should be on the public net are servers with an API, web pages on https, and vpn servers. I don't know how you can justify those networks are secure.I don’t think you quite understand. No PCI in general does not want ports to be forwarded. I was stating multiple things. One being that our networks are pci compliant even on systems that require it as it’s part of our standard. As for ports being forwarded, it can be done in such a way that the outside can’t reach them if your using professional networking gear and not the cheap stuff. This is the joy of the Internet where it is easy to misinterpret what is meant. Sent from my iPhone using Tapatalk Quote Link to comment Share on other sites More sharing options...
Smess Posted December 29, 2019 Author Share Posted December 29, 2019 I am watching the cameras through the control4 app now. If you kill the one port forward I think its 80 then you lose the ability to see the cameras outside the house when you kill port forwards 67 and 68 you lose the ability to see control4 outside the house entirely. Error 401 this is set up wrong? Quote Link to comment Share on other sites More sharing options...
SouthernSmarthome Posted December 29, 2019 Share Posted December 29, 2019 In other words i read one thing that says no port forwards no way no how then i read oh wait unless you are doing it this other way. If your only viewing your cameras thru the C4 app then no you do t need ports forwarded. If you use the snap app then yes you need the ports forwarded. Sent from my iPhone using Tapatalk Quote Link to comment Share on other sites More sharing options...
-defunct- Posted December 29, 2019 Share Posted December 29, 2019 9 minutes ago, Smess said: I am watching the cameras through the control4 app now. If you kill the one port forward I think its 80 then you lose the ability to see the cameras outside the house when you kill port forwards 67 and 68 you lose the ability to see control4 outside the house entirely. Error 401 this is set up wrong? That doesn't sound right. I have an Xfinity Modem and Pakedge RK1 and don't need to have anything portforwarded. It would likely be a router setting blocking the traffic that the portforward possibly bypasses. In any case, ISP routers are usually not the ideal to use with a Control4 system. Quote Link to comment Share on other sites More sharing options...
SouthernSmarthome Posted December 29, 2019 Share Posted December 29, 2019 That doesn't sound right. I have an Xfinity Modem and Pakedge RK1 and don't need to have anything portforwarded. It would likely be a router setting blocking the traffic that the portforward possibly bypasses. In any case, ISP routers are usually not the ideal to use with a Control4 system. I would agree with this.In the past I’ve seen a xfinity router block traffic to google’s dns. Sent from my iPhone using Tapatalk Quote Link to comment Share on other sites More sharing options...
msgreenf Posted December 29, 2019 Share Posted December 29, 2019 Or they checked the externally accessible checkbox in the camera driver and they are using the dyndns name Quote Link to comment Share on other sites More sharing options...
Smess Posted January 18, 2020 Author Share Posted January 18, 2020 Found a new dealer and he got me all straight for now. Thanks for your alls help!! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.