Thread Info
  • State Suggested Answer
  • +2 person also asked this people also asked this
  • Locked Locked
  • Replies 21 replies
  • Answers 1 answer
  • Subscribers 13 subscribers
  • Views 52814 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos UTM 9 and iRobot Roomba 980 Port 8883

Joshua Van Buskirk

Want to take a quick moment to say hello before asking my question.  I've been a long time lurker on these forums, and this seems to be a great community.  I'm a corporate Sophos end user as we employ UTM on Sophos hardware in our IT environment.  However, I'm also now using UTM home edition at home so I can better learn how to take advantage of the hardware we use in our corporate environment.

So onto the question with a bit of background first.  Several weeks ago I purchase an iRobot Roomba 980 vacuum cleaner.  This model has the ability to connect to the Internet for the purpose of downloading firmware updates, and for remote control and scheduling.  The initial firmware that the robot came with communicated with the iRobot cloud via HTTP and HTTPS.  This posed no issue with my home UTM and I was able to access and control the robot remotely from outside of my home network.  However, after the first night the robot received an update.  The robot now communicates via HTTP, HTTPS, and MQTT (TCP Port 8883).  The problem is, after the firmware update to the robot I can no longer access the robot from outside of my home network.  iRobot also isn't receiving communications from the robot regarding its status.

My home UTM is running 9.413-4 and I have created several rules to allow the 8883 traffic (which I believe is the issue) but the remote access is still not working. I pulled a packet capture off the UTM for traffic going to the robot or from the robot.  I provided that capture to the iRobot Corporation and they said that it appears as though the robot is having trouble communicating via 8883.

Here's what I've done so far to fix:

  1. Created a DNAT rule to allow Any traffic via TCP 8883 to the external WAN address, change destination to robot, service to field was left blank - set automatic firewall rule
  2. Created a DNAT rule to allow Any traffic via TCP 1883 to the external WAN address, change destination to robot, service to field was left blank - set automatic firewall rule
  3. Created a firewall rule to allow Any traffic from the robot to Any and the Internal address
  4. Added robot to Transparent Mode Skiplist for both source and destination under the Misc tab of Web Protection Filtering Options
  5. Created an Exception in Intrusion Prevention skipping Intrusion, Portscan, TCP SYN Flood, UDP Flood, and ICMP Flood Protection for all requests from the robot OR going to the robot

If anyone can help me with my struggle to get this robot working properly online it would be greatly appreciated.  The robot has even been replaced once as iRobot wasn't sure it wasn't the robot when I told them I had forwarding rules in place for port 8883.

Any assistance would be greatly appreciated!

Kindest regards,

Josh



This thread was automatically locked due to age.
Unfiltered HTML