34
DST group policy [No filter / Accept selected group addresses / Drop selected group
addresses] policy to apply to the list of destination group addresses
Group address list list of group addresses. One address/range per line. Use * (e.g.
1/1/*) to filter all addresses in the given line.
Note! KNX IP features should be on for filter to work. Filtering lists are updated at
once, changing policies requires restart.
3.11. Security notes for LogicMachine installation
1. Do not connect LM to an external IP, use it with a local IP. In this case you will be able to
control which ports/services can communicate with LM from outside through your router
2. Always disable unnecessary services FTP, Remote Diagnostics, Remote services, IP
Features in System config
3. Change all passwords. We created the annoying reminder on password change because of
FTP/APPs (System
config -> Services -> FTP server), admin (System config -> System -> Admin access), remote
services (System config -> Services -> Remote Services)
4. Change the default KNX physical address in System config -> Network -> KNX connection
5. Disable KNX/IP features (System config -> Network -> KNX connection) if:
You have finished programming your KNX devices from ETS and this is not
needed anymore. This will protect from situation when somebody is in the
No IP filter tables are used
6. If you are not sure of your ISP or there is public access, we recommend using HTTPS access
to LM instead of HTTP https://192.168.0.10 (you can block all ports except HTTPS 433 in this
case on your router). Do not be afraid if you receive browser warning, because LM uses a self-
signed certificate (we cannot use normal certificates because it can only be assigned to a
domain, not an IP address). If you are located in a local network and connecting to LM directly,
you can stay on port 80/HTTP in this way the communication will be slightly faster and there
will be no browser warnings
7. For external connection to LM we do not recommend using IP port forwarding because all
the services and group addresses becomes available in an unsecured form. If you want to use
port forwarding, do it only with secure port 443 (HTTPS). The best solution is to use our cloud
service as described here: http://openrb.com/logicmachine-cloud-solution/ (you can control
only selected group addresses remotely, data exchange between LM/cloud and cloud/client is
done in secure encrypted way)
To Next Page
Loading...
Need help?
General
