Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 4 replies
  • Answers 1 answer
  • Subscribers 3 subscribers
  • Views 1670 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Vacuum Robot Firewall Rule App Management

Sally

Hello,

i have my vacuum bot installed and connected to my home wifi. I can manage the bot via the app on my smartphone, working fine. But i saw, when im out of the house, not connected to Wifi, and connected to GSM Connection and start the Robot Management APP, i can manage the settings without beeing in the Home WLAN.

Under Firewall Rules i have defined:

Source: Robot Network Definition

Services:

Port 58866 UDP

Port 8883 TCP

Destinations:

Internet IPv4

Is there a way to prevent this, that only when im at home in my WLAN can manage the Robots settings?

Thx

Best regards

Sally



This thread was automatically locked due to age.
Parents
  • 0

    Hello H_Patel,

    thanks for your reply. I have no DNAT Rules related to the Robot Services. I have created yet a FW Drop Rule like this:

    When only Rule 12. is activated, the Robot is in the Mobile App marked as Offline, WLAN and GSM Connection.  When I activate Rule 13. the Robot is again reachable via WLAN but additionally also via GSM Connection, what I try to prevent ..

    What else can I try, do I need an additional Rule

    Thank You!

    Best regards

    Sally

Reply
  • 0

    Hello H_Patel,

    thanks for your reply. I have no DNAT Rules related to the Robot Services. I have created yet a FW Drop Rule like this:

    When only Rule 12. is activated, the Robot is in the Mobile App marked as Offline, WLAN and GSM Connection.  When I activate Rule 13. the Robot is again reachable via WLAN but additionally also via GSM Connection, what I try to prevent ..

    What else can I try, do I need an additional Rule

    Thank You!

    Best regards

    Sally

Children
  • FormerMember
    0 FormerMember in reply to Sally

    Hi ,

    Thank you for the update. 

    Another option is to configure the blockhole DNAT rule and forward robot services to the not existing internal IP address. 

    Did you configure the definition "ROBY" with an internal IP address? Please change it to the WAN IP address of your firewall or change the source as Internet IPv4 and destination "Any" and leave the robot service as it is.

    Thanks,

  • 0 in reply to Sally

    Hello H_Patel,

    thanks for the Information. The Definition Roby is the Robots Host Definition where he get the Internal IP over the UTMs DHCP Server. 

    What you mean exactly with "Please change it to the WAN IP address of your firewall" ?

    Thanks  a Lot!

    Best regards

    Sally

Unfiltered HTML