The station control unit does not need access to, and will not access, any internal network or intranet of the department, agency, or municipality in which it is installed.
The SCU requires access to the outside internet to alert the station properly. As such, it is recommended to set up a private, secure, VLAN for the Station Control Unit and open it up to all outbound traffic.
If that is not possible, then at a minimum, the following domains/ports will be required. Because IPs are not fixed, and many services utilize content delivery services, it is recommended that domains, not IP addresses be whitelisted for HTTP/HTTPS traffic.
Recommended Router Configuration:
-Don't use "symmetric" NAT. Use "full cone" or "port restricted cone" NAT. Symmetric NAT is
extremely hostile to peer-to-peer traffic and will degrade VoIP, video chat, games, WebRTC, and
many other protocols as well as the Bryx secondary remote access VPN.
-No more than one layer of NAT should be present between the station control unit and the
Internet. Multiple layers of NAT introduce connection instability due to chaotic interactions
between states and behaviors at different levels.
-NATs should have a port mapping or connection timeout of at least 60 seconds.
-Place no more than 16,000 devices behind each NAT-managed external IP address to
ensure that each device can map a sufficient number of ports.
These guidelines are consistent with the vast majority of typical deployments using commodity
gateways and access points
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article