MTU and iRobot Roomba

Hi,

1/. you don't SU to root on XG, you use the console CLI.

2/. the maximum MTU on the current version of XG is 1500. I believe there is patch for which you will need to search XG forum for. The patch needs to be applied every time there is an upgrade until a feature request is implemented. What is the use of having a device limited to 1500 in a network capable of using 9000?

Thank you Ian. The only issue is the Roomba communication. From my research, this has been an issue with MTU settings. I assumed it would be the case for XG as well. I see the MTU in the GUI as 1500. 

For now, Roomba can't communicate out to the Internet and we can't control it through its app. In UTM, changing the MTU made things work. 

Hi,

that screenshot indicates the robot is communicating with something in a big way. How does the IOS app connect to the robot, obviously not by a direct local connection?

Ian

I have an iRobot sitting behind my UTM-9.x and I had to create a rule to allow 8883 out to allow communication to roomba servers. Make sure that you are not proxying this traffic.

Hope this helps.

-Ron

Ron and Ian - thank you. 

I am going to setup these ports on the firewall. https://homesupport.irobot.com/app/answers/detail/a_id/9025/~/optimal-firewall-configurations.

Quick question. When it says UDP port 5353/5678 - what is the source and destination port? So I would go into services and select UDP. Source port is 5353? and the destination is 5678? Or is that incorrect. 

I have good feeling once I do the above this should work. 

Hi,

looking at the website that should be two ports. Source can either be * which XG translates to 1:65535 or just 1:65535.

Ian

Ugh - why in the world did iRobot plan this way of communication. What a pain. I added these ports with LAN as source and WAN as the destination. I assigned this rule specific to the robot IP. Still does not work. I see traffic on the rule. Any other suggestions?

There is something wrong if you can see traffic on the rule when you should only have the irobot passing traffic?

Looking at the logviewer can you identify which device is also using that rule because it sounds like the irobot is not using that rule.

Ian

ahh finally I see errors in the log for the robot IP. 

Not sure why this is denied. 

The above log shows that there is no rule associated so the traffic is denied. Assuming that your iRobot is in your LAN zone try the following:

• Firewall Rule:
  • Source ZONE: LAN           Source Network/Host: <iRobot>    
  • Destination Zone: WAN    Destination Network/Host: Any      Service: Any

Disable all protections and make sure you have your NAT set to MASQ and save. Make sure this is the first rule and test.

If the above works you can tweak the rule and its position. Keep in mind Sophos XG process firewall rules in the order you see them and once it matches a rule all other rules for that connection are no longer processed.

Hope this helps.

-Ron

This is embarrassing. Seems like my phone was the issue. I tried with my wife's phone and these rules work. So anyone with an iRobot. here is what you have to do. 

Thank you, Ian and Ron, for all the help. 

1. Assign a static IP for the robot. 

2. Create a user - see Ian's post in this thread. 

3. Create a user firewall rule with the following ports. I have some duplicates cause I was tinkering around so please clean this up in your settings. 

5. Make sure this is the first rule in the list of firewall rules. 

That should be it. Hope your Robot works. 

Thanks so much, it really helped me a lot.

My Roomba`s recovered!

Regards, Ava

Thanks so much, it really helped me a lot.

My Roomba`s recovered!

Regards, Ava