"firewall active" option not settable

pit · February 21, 2018, 11:48am

In my new veraPlus (section net & wifi) I can select “firewall active - only allow connections from the LAN ports”, but this option doesn’t last.
After “save and apply” and the following restart: Again “Firewall disabled - allow any connections from WAN or LAN ports” is selected.
Does veraEdge not allow to secure the network?

In my veraEdge the “firewall active” option was set.
I tested to turn it to “disable” and then to reactivate. Now I have the same problem on veraEdge.

In both cases I use wired LAN (one with DHCP , one with fixed IP) and WIFI deactivated. I tried with web login and local login.

Any idea to set the firewall option?

will335i · February 21, 2018, 3:19pm

Are you using your Veraplus as your router? If not, your router should be the device creating the firewall and your vera is protected because it is behind that firewall.

I am wondering if the selection is not staying since you have DHCP disabled and your vera is not acting as a router so there is no need for a firewall to be enabled.

pit · February 21, 2018, 5:10pm

Thank you for your tip. Your consideration could be true.
Till now I thought vera acts as additional firewall especially for the vera connections behind my Router. But I’m not sure this makes much sense.
Otherwise on veraEdge in the identical network role the firewall option is selectable and stays.

will335i · February 21, 2018, 9:49pm

Then I would be curious to see what happens if you turn the firewall off on the Edge and then turn it on on the Plus.

Why are you running two controllers on the same network? Is it because of distance between controlled devices?

phillid2 · February 22, 2018, 2:35am

Many people run 2 controllers. You typically set one as the primary. One of the advantages is sharing the logic load among 2 processors.

pit · February 22, 2018, 9:41am

I turned off the firewall on Edge and then tried to activate it on Plus: No success.
Then I tried to re-activate the firewall on Edge, but now I have the same behavior as on Plus: The firewall “active” option is selectable but returns to “disable” after restart.

Apparently this problem isn’t caused by Edge or Plus, but by an update of the firmware (UI7).

HSD99 · February 22, 2018, 4:24pm

Can you give us the firmware version on both units?

pit · February 23, 2018, 8:20am

veraEdge firmware version is 1.7.3500
verPlus firmware version is 1.7.3532

I now made a portscan on Edge and Plus (both in wired LAN). In both vera’s there are only a few ports open - I think all neccessary: SMTP [25], SSH [22], POP3 [110], nntp [119], imap [143], smtp 465, nntps [563], smtps 587, imaps [993], pop3s [995], HTTP [80]
WAN acces goes over my internet router, so there cannot be more ports open.

Apparently the “firewall active” selection has no function in my network set. So is confusing that the option is settable and then switches back after restart. But this do no harm - at least in my network setup.

rafale77 · February 27, 2018, 11:16am

I don’t think the vera has any firewall functionality. It probably did a long time ago as it is based on OpenWRT but might have been removed at some point. The Vera is already very short of resources, I would not add a firewall to it, not even a DHCP server.