Question:
-How do I setup my FireWall and Network to support Bryx Station Alerting
Answer:
Network Traffic:
The station control unit does not need access to, and will not access, any internal network or intranet of
the department, agency, or municipality that it’s installed in. All access required to alert the station is
retrieved from the outside internet. As such, wherever possible, it is recommended to set up a private,
secure, VLAN for the Station Control Unit and open it up to all outbound traffic. If that is not possible,
then at a minimum the following domains/ports will be required. Because IPs are not fixed, and many
services utilize content delivery services, it is recommended that domains, not IP addresses be
whitelisted for HTTP/HTTPS traffic.
Recommended Router Configuration:
-Don't use "symmetric" NAT. Use "full cone" or "port restricted cone" NAT. Symmetric NAT is
extremely hostile to peer to peer traffic and will degrade VoIP, video chat, games, WebRTC, and
many other protocols as well as the Bryx secondary remote access VPN.
-No more than one layer of NAT should be present between the station control unit and the
Internet. Multiple layers of NAT introduce connection instability due to chaotic interactions
between states and behaviors at different levels.
-NATs should have a port mapping or connection timeout no shorter than 60 seconds.
-Place no more than about 16,000 devices behind each NAT-managed external IP address to
ensure that each device can map a sufficient number of ports.
These guidelines are consistent with the vast majority of typical deployments using commodity
gateways and access points
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article