What to do in case of a firewall in the company network
If you experience problems connecting to the Octalarm portal (portal.octalarm.com), the most common cause is a firewall in the company network. Connectivity issues can prevent the alarm dialler from maintaining a stable connection, which may cause it to repeatedly try to connect to the server and potentially overload it. As a result, you risk losing VoIP functionality and reliable remote access. This page explains how to configure the firewall so that the alarm dialler can communicate with the portal.
Note: Always configure a fixed IP address for the alarm dialler.
Outgoing firewall settings
A network firewall may block all outgoing connections by default. As the configuration process for the Octalarm alarm dialler is dynamic, you often cannot specify in advance which IP addresses or UDP/TCP ports are required. To ensure stable connectivity:
Choose one of the following firewall approaches:
1. Firewall based on source IP address
Option 1: open all ports
Allow the source IP address of the Octalarm alarm dialler full access (all ports) to the IPv4 and IPv6 internet.
Example: IPv4 address of the Octalarm alarm dialler is 192.168.1.10.
| Source machine | Source port / protocol | Target machine | Target port / protocol |
|---|---|---|---|
| 192.168.1.10/24 | all | 0.0.0.0/0 | all |
Option 2: specific ports/protocols
Allow the source IP of the dialler access to:
- TCP port 443
- TCP/UDP port 53 (DNS)
- ICMP echo request
- All UDP ports
Tip: For increased security, you can place the alarm dialler in its own network zone (VLAN). This allows you to further restrict connections between the dialler and the company network.
Example: IPv4 address of the Octalarm alarm dialler is 192.168.1.10.
| Source machine | Source port / protocol | Target machine | Target port / protocol |
|---|---|---|---|
| 192.168.1.10/24 | all | 0.0.0.0/0 | TCP port 443 |
| 192.168.1.10/24 | all | 0.0.0.0/0 | UDP/TCP port 53 |
| 192.168.1.10/24 | all | 0.0.0.0/0 | ICMP echo request |
| 192.168.1.10/24 | all | 0.0.0.0/0 | all UDP ports |
2. Firewall based on DNS name
Step 1: add the following DNS names to the company firewall
- config.octalarm.nl
- config.octalarm.com
- vpn.octalarm.nl
- vpn.octalarm.com
Good to know: These DNS names include multiple IPv4 (A records) and IPv6 (AAAA records) addresses. Using DNS names means that changes to server addresses are automatically allowed through the firewall.
Step 2: allow communication
Allow the source IP of the dialler to communicate with these DNS names.
Step 3: permit the following outgoing ports
- TCP port 443 on config.octalarm.nl and config.octalarm.com
- TCP port 443, ICMP echo request, and all UDP ports on vpn.octalarm.nl and vpn.octalarm.com
- UDP/TCP port 53 for the configured DNS servers
Tip: You can also place the Octalarm alarm dialler in its own VLAN for extra security.
Good to know: DNS-based firewalling is preferred, as server IP changes require no manual adjustment.
Note: If you use another firewall method, you must manually update the firewall each time a server IP changes.
Example 1: firewall rules based on DNS name, all ports IPv4 address of the Octalarm alarm dialler is 192.168.1.10.
| Source machine | Source port / protocol | Target machine | Target port / protocol |
|---|---|---|---|
| 192.168.1.10/24 | all | config.octalarm.nl config.octalarm.com vpn.octalarm.nl vpn.octalarm.com | all |
Example 2: firewall rules bases on DNS name, source IP and specific port/protocol IPv4 address of the Octalarm alarm dialler is 192.168.1.10. The DNS servers in this example are 192.168.1.254 and 8.8.8.8.
| Source machine | Source port / protocol | Target machine | Target port / protocol |
|---|---|---|---|
| 192.168.1.10/24 | all | config.octalarm.nl config.octalarm.com | TCP port 443 |
| 192.168.1.10/24 | all | vpn.octalarm.nl vpn.octalarm.com | ICMP echo request |
| 192.168.1.10/24 | all | vpn.octalarm.nl vpn.octalarm.com | all UDP ports |
| 192.168.1.10/24 | all | vpn.octalarm.nl vpn.octalarm.com | TCP port 443 |
| 192.168.1.10/24 | all | 192.168.1.254 8.8.8.8 | UDP/TCP port 53 |
Incoming firewall settings
If a firewall blocks incoming connections by default, adjust the settings if you want to use the web interface:
- Allow access to the web interface (TCP port 80) on the Octalarm alarm dialler’s IP address.
- For troubleshooting or monitoring, you may also allow ICMP echo requests to the dialler.
Example: firewall rules on incoming connections (source IP and destination port/protocol) IPv4 address of the Octalarm alarm dialler is 192.168.1.10. The IPv4 addresses of the management PCs are 10.0.0.30 and 172.16.3.40.
| Source machine | Source port / protocol | Target machine | Target port / protocol |
|---|---|---|---|
| 10.0.0.30 | all | 192.168.1.10 | TCP port 80 |
| 10.0.0.30 | all | 192.168.1.10 | ICMP echo request |
| 172.16.3.40 | all | 192.168.1.10 | TCP port 80 |
| 172.16.3.40 | all | 192.168.1.10 | ICMP echo request |
Troubleshooting
To investigate network problems, you can take a TCP dump from the alarm dialler. This captures recent traffic over all of the dialler’s network interfaces for analysis in programs such as Wireshark. With this, you can review the traffic between the dialler and the portal (portal.octalarm.com).
See The portal: portal.octalarm.com | Remote setup (global) | Network: download TCP dump for instructions.