Networking issues
Thanks to its robust security the CPU IP offers you great flexibility in how it integrates into an existing network structure. The CPU IP is designed to reside either on an internal network, behind a firewall/router or alternatively with its own direct Internet connection.
Positioning CPU IP in the network
Every network setup is different and great care needs to be taken when introducing a powerful device such as the CPU IP into an existing configuration. A common cause of potential problems can be in clashes with firewall configurations. For this reason the CPU IP is designed to be intelligent, flexible and secure. With the minimum of effort the CPU IP can reside either behind the firewall or alongside with its own separate Internet connection.
Internet | Internet |
Firewall/ router
Firewall/ router
Placing CPU IP behind a router or firewall
A possible point of contention between the CPU IP and a firewall can occasionally arise over the use of IP ports. Every port through the firewall represents a potential point of attack from outside and so it is advisable to minimise the number of open ports. The CPU IP usually uses two separate port numbers, however, these are easily changeable and can even be combined into a single port.
IMPORTANT: The correct configuration of routers and firewalls requires advanced networking skills and intimate knowledge of the particular network. LINDY cannot provide specific advice on how to configure your network devices and strongly recommend that such tasks are carried out by a qualified professional.
Port settings
As standard, the CPU IP uses two ports to support its two types of viewer:
•Port 80 for users making contact with a web browser, and
•Port 5900 for those using the VNC viewer.
When these port numbers are used, VNC viewers and web browsers will locate the CPU IP correctly using only its network address. The firewall/router must be informed to transfer traffic, requesting these port numbers, through to the CPU IP.
When a web server is also on the local network
Port 80 is the standard port used by web (HTTP) servers. If the CPU IP is situated within a local network that also includes a web server or any other device serving port 80 then, if you want to use the web browser interface from outside the local network environment, the HTTP port number of the CPU IP must be changed.
IP
Access Switch Plus
LOC REM VNC 100 LNK PWR
KVM link to host system
IP
Access Switch Plus
LOC REM VNC 100 LNK PWR
| Local |
|
| KVM link to |
| network |
|
| |
|
|
| host system | |
Local | connection |
|
| |
|
|
| ||
|
|
|
| |
network |
|
|
|
|
connection |
|
|
|
|
|
|
|
|
|
When you change the HTTP port to anything other than 80, then each remote browser user will need to specify the port address as well as the IP address. For instance, if you set the HTTP port to ‘8000’ and the IP address is ‘192.168.47.10’ then browser users will need to enter:
http://192.168.47.10:8000
(Note the single colon that separates the IP address and the port number).
The firewall/router would also need to be informed to transfer all traffic to the new port number through to the CPU IP.
If you need to change the VNC port number
CPU IP situated behind | CPU IP situated alongside |
the firewall | the firewall |
IMPORTANT: When the CPU IP is accessible from the public Internet or dial up connection, you must ensure that sufficient security measures are employed.
If you change the VNC port to anything other than 5900, then each VNC viewer user will need to specify the port address as well as the IP address. For instance, if you set the VNC port to ‘11590’ and the IP address is ‘192.168.47.10’ then VNC viewer users will need to enter:
192.168.47.10::11590
(Note the double colons that separate the IP address and port number).
The firewall/router would also need to be informed to transfer all traffic to the new port number through to the CPU IP.
17