I don't have access (as yet) to change the Siemens login/PW but the login/PW I am attempting to use is the same as I have written down, so unlikely to my keying error.

The Siemens unit is simply plugged into a router network port, the PC there no being part of the system (other that to access the Siemens. Or to put it another way, the PC could be switched off)

We thought we had it working while using a laptop via wifi there, but of course then that did not involve the internet. One option for testing purposes I think is to access via the BT Guest which has a different IP and hope that the route between will be external...

Cheers!

I think I understand what you are saying in the first sentence. (My IT before I retired was more RS232 and proprietary control systems.) My limit seems to be setting up VoIP ATAs. Firewalls are above my paygrade!

I guess that the finer points in the setting up of this system, once found will be very straight forward, but the Siemens documentation is not written for the novice.

Cheers!

It's the router not the Siemen's system. You don't need to change anything on the Siemen's system as that is working correctly.

Do you know the username/password for the router admin pages? I am assuming you do. If so then try entering those on the login page you are getting when accessing externally - my guess is you will then log in to the router interface. If so, then you should be able to turn off the remote administration for the router somewhere in the router options - unless you really need it then this would be good practice any way in order to avoid potential security breaches of the router itself.

Once disabled your port forwarding rules (assuming you set them up for the Siemen's kit) will hopefully start working.

The alternative in the port forwarding rules that are setup for the Siemen's is to change the incoming port to something other than 443. Then you can access the pages using the different port. For example, you could change the port to 8443 and then access it by going to https://myurl:8443 (the :8443 switches it from the default port to the one you are using). This again is better security as standard ports are much more likely to be scanned for vulnerabilities by attackers.

Interesting.

Just to clarify, the Login Screen that I land on from IPaddress:2031 is the same Siemens one as when I log in locally.

In the Siemens manual, they give ports to be opened for remote access as:-

Incoming Connections

TCP / 80 http (general access)
TCP / 443 https (secured access)
UDP / 30000 S1 Discovery
UDP / 30001 S1 Discovery
UDP / 47808 BACnet (changes depending on configuration)
UDP / 47874 BACnet (changes depending on configuration)
UDP / 68 DHCP

Outgoing connections

TCP / 443 Desigo Control Point communicates on a regular basis with skyfoundry.com, current at 208.74.84.249 to check licensing and security.
Note: A connection to skyfoundry.com is not required for Desigo Control Point to operate.

The above is the total info for setting up remote access. The manual being downloadable on the Siemens website.

Quite where the :2031 port comes from I don't know.

I am waiting in for a boiler service, once done will call in and get the username/pw for the BT router.

(I have come across ports before, a network to RS232 device I have, gave a port in its manual, but when speaking with their tech help was advised to ignore it and use another. It worked then! Why the manual PDF had not been edited to correct, I don't know!
Otherwise, I tend to think of ports as either where a ship goes, or nice red stuff in a bottle - which luckily corresponds in colour to the port side of a ship....)

Cheers!

In reply to a post by Ancient_Mariner:

... nice red stuff in a bottle - which luckily corresponds in colour to the port side of a ship....)

Cheers!

What colour is Starboard?

According to Quady it is Red too.

OK, so as you are definitely hitting the Siemens then that blows my theory.

My guess is one of those non-standard ports may be involved in authentication and therefore could be causing the issue. I would also say that with those ports that are required I would guess it was never really designed for Internet based access as if it was they would probably have done everything over HTTPS without the additional ports - do Siemens actually support accessing the software over the Internet?

You certainly shouldn't need the DHCP port opened on the Internet. If Siemens don't provide info on which ports are specifically required for Internet connectivity rather than just internal connectivity then I would say it is not designed to be managed remotely.

EDIT : Just thinking after hitting save. The fact they ask for DHCP incoming is incredibly weird as you would not expect the Siemens device to act as a DHCP server and if it is then it would confuse the hell out of networks as devices could randomly use different DHCP servers which could cause issues. I wouldn't be surprised if they are using the usual DHCP port for a completely different function.

Edited by ian72 (Wed 28-Jul-21 12:04:54)

See page 10 (section 2 overview). That's not the error that your seeing is it?

https://www.downloads.siemens.com/download-center/Do...

The system appears to be intended for external access:
https://www.downloads.siemens.com/download-center/Do...

A bit of Googling also found https://www.youtube.com/watch?v=gga72BRx3Lw entitled "Desigo CC How to access remotely" If it is within, it's well hidden!

But annoyingly they don't have much of a support department. Basically referring to UK installers, which indeed lists the one fitting ours!

One other thing. The IP address that I have used to attempt access is the static IP of the BT router, ie I can ping it without any problem. So, I'm guessing that what "steers" me via my web browser to the Siemens kit, is the :2031 port at the end of the address?

Cheers!

Not quite, but very similar.

What I am getting (from my home pc) in the "red" box is: Wrong user name or password

Going back to day one when access was available through the office pc plugged into the BT router along with the Siemens kit, but access not available through a smartphone on 4G, nor on my pc when I got home, my first thought was whether the office pc was still logged in or not, so I went back and it was not.

As far as I am aware, at home I am using the same User Name and Password as their engineer used (not good practice, I know). Thus I currently should have the same user rights as the installer. Looking at the Siemens' literature, beside remote operation, remote software update etc is possible.

I think it is going to be something as simple as the page you linked to.

Cheers!

I had a look at the BT Router earlier.
Made no changes, but noticed that static IP was set to off. With the suggestion that I could order a static IP from BT. We have a static IP paid for from BT. Although how the router would know this I dont know. Maybe an idea for me to set it to static.

I remember the installer mentioning this, yet the IP is certainly static.

Looking at the Firewall - well out of my comfort zone here, noticed that from the list I posted earlier, all were listed along with 2031

What I need is the 'idiot's guide to port forwarding'. Seems I am not alone since Google just found me this: https://stevessmarthomeguide.com/understanding-port-...

Cheers!