Configuring Wifi routers/Firewalls for Particle devices HELP

All information I have seen on configuring Particle for use behind firewall states an open outbound port on TCP 5683. When I do this, I can sniff traffic on this port, but the Photon fails to connect.

If I enable ‘All outbound TCP’ traffic to pass, then the Photon works perfectly. I’ve tried enabling DNS explicitly as well, as I can see there are DNS requests from the device.

There must be something else I’m missing here that is required. I can’t leave all outbound TCP open on our enterprise router due to company policy. Any ideas?

Thanks in advance, Phill.

Hi @philfrog,

Hmm, I’m only aware of the DNS lookup and outgoing coap TCP connection for Cores/Photons/etc. So in theory allowing outgoing TCP on 5683 and DNS for that device should be adequate. Are you sure the device is getting an internal IP address from your DHCP server in the prior configuration?

In particular you can see the cloud connection routine here:

I could be out of date, but I’ll pass this along to our firmware team as well in case I’ve missed something.

Thanks,
David

My Sophos firewall was barfing with ports 16384,16385 & 16386 - Once I enabled them things seemed to be good (I know about 5683 - must find out what the other 3 are for)

Stan

Hi @Stan It’s unclear to me wether those ports were being used by the Photon, or some other device on your network. Do you think you could do a bit more sleuthing to narrow it down so that we can make this a priority to resolve? You can help me with ideas here since you know your hardware and network best, but what if you temporarily change the router password with a computer connected over LAN, and only put the new password on the Photon. Block all ports on your firewall. With Photon off, make sure your firewall is happy. Fire up the Photon… see which ones are complaining. Open the normal ones and see if you can gain a Cloud connection on your Photon without 16284-16386. I would also like to get a firmware dump from your device before you change anything on it, in case we may use it to replicate what you are seeing.

With your Photon in DFU mode, this command will upload all flash to a 1MB binary:

dfu-util -d 2b04:d006 -a 0 -s 0x8000000:0x100000 -U photon-ports.bin

If you could email that to me at that would be appreciated!


After capturing the firmware from the Photon and also confirming these ports are required by the Photon, please try running the following command and see if it continues:

particle flash --usb tinker && particle update

Thanks!!

Hi - I am pretty sure those ports were blocked (originally) from the ip address of the photon.

I will make some changes - but this will require careful coordination - I got ripped a new one last night after applying a firmware change to the firewall - which required a firewall restart - and my wife was in the middle of a battle on a game on her Ipad…

Will see what I can do in the next few days.

STan

I started reading thinking this might be at work… but haha, that’s even worse. Yes I’ve been there many times in the past, good luck to you :smile: and thanks for helping verify this!

1 Like