Back to Help and Support
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
1

Ask

2

Reply

3

Solution

V3 Suresignal IP addresses and ports to allow on firewall

wigwammer
2: Seeker
2: Seeker

‎12-11-2014 09:19 AM

Hi,

 

We have successfully installed a Suresignal V3 on our network. However at the moment the firewall is allowing all ports from all IP addresses. We did try the device with the recommended settings from this document

 

https://www.vodafone.co.uk/cs/groups/public/documents/webcontent/vftst061123.pdf

 

But this did not work. While the device was attempting to register with these settings we could also see it trying to communicate with the following IP addresses on port 4500.

 

88.82.13.174

88.82.13.171

 

We would like to configure the firewall to include only ports and ip addresses that are absolutely necessary for the suresignal. So my question: Is there an updated version of the above document to allow proper configuation of the firewall.

 

Regards

0 Thanks
19 REPLIES 19

Retired-Matt_B
Moderator (Retired)
Moderator (Retired)

‎14-11-2014 05:15 PM

Hi @wigwammer,

 

The full list is detailed below:

 

Manually configure your router to allow port-forwarding.
In most cases, routers support a system called Universal Plug-n-Play (UPnP), which sets up port-forwarding for you automatically. If you’ve got a complicated network setup, or a complex router, you may need to enter these settings manually.

Please see the following for a list of IP addresses and port numbers that need to be forwarded to your Sure Signal's internal IP address. For instructions on how to do this, we recommend you contact your ISP or Router Manufacturer, or refer to the default guide for your particular make and model, over at http://portforward.com.

 

Destination IP Addresses:

  • 212.183.133.177
  • 212.183.133.178
  • 212.183.133.179
  • 212.183.133.181
  • 212.183.133.182
  • 212.183.131.128/26


Ports and Protocols:

  • 8 – TCP/UDP                 (All routers)
  • 50 – TCP/UDP               (All routers)
  • 53 – TCP/UDP               (Virgin Super Hubs)
  • 67 – UDP                      (Virgin Super Hubs)                                                    
  • 68 – UDP                      (Virgin Super Hubs)                                        
  • 123 – UDP                    (All routers)     
  • 500 – UDP                    (All routers)     
  • 1723 – TCP/UDP           (BT Home Hubs)          
  • 4500 – UDP                   (All routers)     
  • 33434 – 33445 – UDP    (Virgin Super Hubs)

 

Please note that in the above list of IP addresses, the notation "212.183.131.128/26" means the complete range of IP addresses between 212.183.131.128 and 212.183.131.191

Your router also needs to assign the Sure Signal with a DNS (Domain Name Server) address via DHCP (Dynamic Host Configuration Protocol).

 

Thanks,

Matt B

wigwammer
2: Seeker
2: Seeker
In response to Retired-Matt_B

‎17-11-2014 01:51 PM

Hi Matt,

 

Thanks for the additional information.

 

The Firewall we are using is a Cisco ASA so the list of additional ports will be useful.

 

Since your recommendations do not mention the 88.82.13.174 & 88.82.13.171 ip addresses I assume that we can safely exclude these even though the device attempts to connect with them and they appear to be vodafone ip addresses.

 

 

0 Thanks

JakubWz
2: Seeker
2: Seeker
In response to wigwammer

‎15-08-2016 10:52 AM

Hello there,

 

This is exactly what I was looking for. We are in the same situation but using Cisco Meraki kit. I added all TCP/UDP ports with the IP restictions as highlighted above but the SureSignal is still not working.

 

Can you please confirm that the above is current and complete or anything else needs to be added or changed?

 

Thank you.

0 Thanks

Retired-Charles
Moderator (Retired)
Moderator (Retired)
In response to JakubWz

‎16-08-2016 12:17 PM

@JakubWz - Yes, the above information is still correct. Please take a look at our Sure Signal Troubleshooting thread. If this doesn’t resolve your query, please post your reply either below, or in the relevant thread, together with the details requested, including the following information.

  • Your speed test results from here.

  • Your ping test results from here.

  • Your external IP address from here.

  • The results of a traceroute.

  • Your Sure Signal serial number: 

     

VSS Traceroute command

On a PC:

  1. Click on Start and select Run

  2. Type CMD into the Run box and press enter/click ok

  3. A black box will appear.

  4. In this box type tracert 212.183.133.177 press Enter

  5. Paste the output of this command into your reply.


This will help us get the quickest possible resolution for you.

 

0 Thanks

JakubWz
2: Seeker
2: Seeker
In response to Retired-Charles

‎15-09-2016 10:37 AM

Hello Charles,

 

I finally managed to go to client site to deal with this rathar than bothering them over the phone, and below is the information provided:

 

Tracert:

C:\Users\jakubwz>tracert 212.183.133.177

Tracing route to 212.183.133.177 over a maximum of 30 hops

1 5 ms 6 ms 5 ms 192.168.1.1
2 4 ms 7 ms 4 ms host-80-87-22-1.2i3.net [80.87.22.1]
3 5 ms 5 ms 9 ms 100.66.6.33
4 8 ms 6 ms 6 ms xe-9-2-0.edge5.London1.Level3.net [212.187.138.57]
5 * 7 ms 8 ms ae-1-3101.ear1.London1.Level3.net [4.69.141.62]
6 24 ms 5 ms 7 ms Vodafone-level3-200G.London1.Level3.net [4.68.72.94]
7 7 ms 8 ms 7 ms ae0-xcr1.lsh.cw.net [195.2.24.110]
8 7 ms 6 ms 6 ms ae36-xcr1.lns.cw.net [195.2.25.170]
9 * * * Request timed out.
10 * * * Request timed out.
11 * * * Request timed out.
12 * * * Request timed out.
13 * * * Request timed out.
14 * * * Request timed out.
15 * * * Request timed out.
16 * * * Request timed out.
17 * * * Request timed out.
18 * * * Request timed out.
19 * * * Request timed out.
20 * * * Request timed out.
21 * * * Request timed out.
22 * * * Request timed out.
23 * * * Request timed out.
24 * * * Request timed out.
25 * * * Request timed out.
26 * * * Request timed out.
27 * * * Request timed out.
28 * * General failure.

Trace complete.

C:\Users\jakubwz>

 

Further to your queries, I have attached the Speed Test and Ping Test (which didn't go through even though it's enabled on the FW). See pics below:

 

The internal IP of the SureSignal box is 192.168.1.53 (dynamic) and MAC 98-97-d1-4d-d4-67. Unfortunately the SureSignal doesn't have any web interface for me to check the configuration.

 

Device details: 

SureSignal
Alcate-Lucent
Model: 9361 Home Cell p3.0
Part No: 3JR09113ABBC
Serial No: 42161742343

 

I tried to press the RESET button, no luck and just to be safe, below are our firewall rules:

 

Allow/UDP for Any IP or tried direct DHCP 192.168.1.53

Connection allowed to IPs: 212.183.133.177/32,212.183.133.178/32,212.183.133.179/32,212.183.133.181/32,212.183.133.182/32,212.183.131.128/26

 

Connection ports allowed:

8,50,53,67,68,123,500,1723,4500

 

Allow/UDP for Any IP or tried direct DHCP 192.168.1.53

Connection allowed to IPs:

212.183.133.177/32,212.183.133.178/32,212.183.133.179/32,212.183.133.181/32,212.183.133.182/32,212.183.131.128/26

 

Connection ports allowed:

33434-33445

 

Allow/TCP for Any IP or tried direct DHCP 192.168.1.53

Connection allowed to IPs:

212.183.133.177/32,212.183.133.178/32,212.183.133.179/32,212.183.133.181/32,212.183.133.182/32,212.183.131.128/26

 

Connection ports allowed:

8,50,53,1723

 

Thing is, the IMPORTANT THING IS, if I open all ports Outbound, the Sure Signal seems to be working so problem will be somewehre in the setting above. Did I miss an IP? POrt? Settings?

 

Thank you.

 

Jakub

 

 

0 Thanks

JakubWz
2: Seeker
2: Seeker
In response to JakubWz

‎15-09-2016 11:08 AM - edited ‎15-09-2016 11:42 AM

Hi,

 

So I played around a little bit with packet tracker on our FW and I can see it cetrainly needs more IPs allowed to communicate through listed ports. Please see below the current list of external IPs we had to allow in our FW in order for SureSignal to get that nice white colour and full signal:

 

212.183.133.177/32,212.183.133.178/32,212.183.133.179/32,212.183.133.181/32,212.183.133.182/32,212.183.131.128/26,88.82.13.176/32,88.82.13.173/32,88.82.13.180/32

 

Added IPs starting with 88.x.x.x (2x)

 

 

It seems to be working now!!! Lets hope it wil stay that way.

Rahim
Moderator (Retired)
Moderator (Retired)
In response to JakubWz

‎16-09-2016 03:07 PM

@JakubWz We're delighted to hear that your Vodafone Sure Signal is working again. 

 

Thanks for keeping us updated and letting us know how the issue was resolved! 

0 Thanks

Rahim
Moderator (Retired)
Moderator (Retired)
In response to Rahim

‎16-09-2016 03:07 PM

@JakubWz We're delighted to hear that your Vodafone Sure Signal is working again. 

 

Thanks for keeping us updated and letting us know how the issue was resolved! 

0 Thanks

ChalgroveBlue
2: Seeker
2: Seeker
In response to Rahim

‎10-10-2016 03:40 PM

Hi.

 

We have a similar issue here and I'm hoping someone might be kind enough to offer uis some pointers please?

 

We have a SureSignal v3, behind a company firewall. When switched on, it searches for the network for 30 secs or so (left most of the three iluminated icons) before giving a flashing red bar and a static orange middle and right icons.

 

Our (external) IT people swear blind that the Firewall is set up as per the recommendations (I've had a look myself, but although I'm semi-technical, Fortigates are a little more complex than I'm used to, so I have to take their word for it). To be fair they managed it for the O2 Boost Box with no problems at all.

 

I've been to and fro with our reseller (who in turn has been two and fro to Vodafone tech support), but after 6 months we're at the point where the reseller is saying that Vodafone will not help us unless we plug the device directly into a router (which we can't do).

 

Is someone out there able to help us please?

 

Many thanks

ChalgroveBlue

0 Thanks