Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 3 subscribers
  • Views 17725 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Nest Thermostat Not Working Behind Astaro

jprez1980
Hello,

I've reviewed the logs and am not finding anything indicating what is no longer working.  If I remove Astaro from the equation, everything works fine - I can see the nest thermostats from the Internet as well as locally on my iPhone.

However, with Astaro back in the picture - something is being blocked or filtered as everything shows offline.  

The thermostats have a valid LAN IP and show to be connected to the network.  For whatever reason though, communication appears to be one way (from LAN to Internet).  There isn't a specific set of ports to open for the Nest Thermostat.

I've also turned off intrusion protection and web filtering all together but no change.  

Any other ideas?

Thanks again from a newbie =)


This thread was automatically locked due to age.
  • 0
    Seems that I need to open port 9543 - at least that's what I see occurring via a Wireshark dump.  Any ideas how to do that in Sophos?

    Thanks
  • 0
    Hi,

    Create a Service Definition 'NEST SVC' for TCP/UDP 0:65535 1:65535 -> 9543

    Create a Network Defintion 'Nest Thermostat' for the thermostat (use the Static Mapping in the DHCP Lease page if using DHCP)

    Create a Firewall rule:
    Source: Nest Thermostat
    Dest: ANY
    Service: Nest SVC

    and turn on the rule.

    Barry
  • 0 in reply to BarryG
    BarryG - thanks for all your help on my questions, much appreciated.

    Would you mind "eyeballing" this image to see if I placed your suggested values in the right fields?  On a side note, it wouldn't accept 0:65535, said 1 was the minimum value - or I put it in the wrong field.

    thanks again

  • 0
    Hi,

    Looks good.

    You're right that my '0' was incorrect.

    If you have more trouble, check the firewall, IPS, and application control logs.

    Also, I'm assuming you have Masquerading setup for your LAN already.

    Barry
  • 0 in reply to BarryG
    I was having a similar issue. Nest Thermostat could connect to the WiFi, saw accepted traffic on the proxy and firewall but the iOS app and the website indicated it was offline. As BarryG mentioned above make sure Masquerading is setup. I've seen this nowhere else as a suggestion and that is what solved my issue. This is how I set mine up.

    community.sophos.com/.../FT_2D00_NAT.jpg
Unfiltered HTML