I have two Sensi 2 thermostats that send TCP traffic on ports 8883 and 443, receives updates on UDP traffic to port 8092 and TCP traffic to port 80. I was able to program these rules on a 6 year Nighthawk R7900P but on my new RAXE300, I enter the data in all the fields, press 'Accept' and it returns to the table with no entries. The 'Disable Port Triggering' checkbox is unchecked. What am I doing wrong? Thanks for any help.... I have firmware V1.0.7.62_1

so, to summarize (?)you carefully fill out the fields per RAXE300 User Manual (p169)click Applythen the screen re-paints and *poof* your work has vanishedYes, that is correct. are you by chance accessing the admin console via https? (port 443). that could be statefully confusing.or maybe it's just the browser and/or its settings causing it. I access the admin console via the Firefox browser. I also tried Chrome with the same results. The Nighthawk app doesn't provide access to this level of configuration - at least I didn't see it. I tried a new test last night. I CAN program port forwarding rules and they get into the table. The port triggers are not being stored (!!)

The RAXE300 is your new router? Which router showed that similar issue before? I had a Netgear Nighthawk R7900P (?). I had similar problems with it. Then, I located that Sensi app note and programmed those rules and if memory serves, everything worked right after. Fast-forward 3 months and my internet service went down for a day. When it came back on and I rebooted my modem and Netgear router (to solve other IoT device issues), the thermostat nightmare began again. At the risk of going down the wrong path, why am I able to program port forwarding rules and not port trigger rules?

VideoGuy wrote: I have two Sensi 2 thermostats that send TCP traffic on ports 8883 and 443, receives updates on UDP traffic to port 8092 and TCP traffic to port 80. I was able to program these rules on a 6 year Nighthawk R7900P but on my new RAXE300, I enter the data in all the fields, press 'Accept' and it returns to the table with no entries. Curiosity question: Where is the idea coming from you need any port forwarding (including port trigger) configured on the NAT router? In general, nothing is establishing a connection from the Internet -to- the IoT device like your thermostats. The IoT devices are establishing outgoing connections to the respective cloud service, from there your thermostats will be reachable. Without any port forwarding, and even less with port triggering. Yes, it's well possible these IoT require -outgoing- connections from your LAN to the Internet, and it's cloud service by TCP on port 8883, 443, and 80. The UDP connection does typically serve as some kind of connection protocol, almost like a VPN.. This is what some unknown guidelines are commonly asking for - sometimes with some questionable wording.

This is the quote from the Sensi 2 app note: Sensi smart thermostat and Sensi Touch send TCP traffic on ports 80, 8091 and UDP traffic on port 8092. Sensi Touch 2 and Sensi Lite send TCP traffic on ports 8883 and 443. To receive over-the-air firmware updates, please make sure UDP traffic to port 8092 (34.233.82.197) and TCP traffic to port 80 (52.55.206.183) is open. For Sensi Touch 2, also make sure that TCP traffic to port 8883 (54.210.127.220) is open. This traffic needs to be able to navigate any network firewalls, proxies, or filter devices. https://sensi.copeland.com/en-us/support/router-compatibility/advanced-troubleshooting-information I can receive information FROM (i.e. request the current temperature) the thermostats (via the Sensi app or Alexa skill), but I cannot SEND commands (i.e. set a temperature) from either method. I assume that the OEM will push out firmware updates to it also. I was able to set these rules up on my prior Netgear router and it was working (it wasn't before I set them up). The RAXE300 is not having it for some reason. I'm not knowledgeable enough to know why. Its got to be something really stupid.

VideoGuy wrote: This is the quote from the Sensi 2 app note: Sensi smart thermostat and Sensi Touch send TCP traffic on ports 80, 8091 and UDP traffic on port 8092. Sensi Touch 2 and Sensi Lite send TCP traffic on ports 8883 and 443. To receive over-the-air firmware updates, please make sure UDP traffic to port 8092 (34.233.82.197) and TCP traffic to port 80 (52.55.206.183) is open. For Sensi Touch 2, also make sure that TCP traffic to port 8883 (54.210.127.220) is open. This traffic needs to be able to navigate any network firewalls, proxies, or filter devices. https://sensi.copeland.com/en-us/support/router-compatibility/advanced-troubleshooting-information This is the standard nomenclature describing all the outgoing connections from the LAN are open to reach the Internet and the Sensi cloud infrastructure, no Proxy infrastructure or similar (as usual on business networks) That's why I wrote there is no word of port forwarding or port trigger. VideoGuy wrote: I can receive information FROM (i.e. request the current temperature) the thermostats (via the Sensi app or Alexa skill), but I cannot SEND commands (i.e. set a temperature) from either method. I assume that the OEM will push out firmware updates to it also. I was able to set these rules up on my prior Netgear router and it was working (it wasn't before I set them up). The RAXE300 is not having it for some reason. I'm not knowledgeable enough to know why. Its got to be something really stupid. These commands are triggered from the IoT App and sent to the cloud infrastructure. Some reverse proxy connections (kind of a VPN) are keeping up the communication between the cloud infrastructure and the IoT devices. All I can confirm is that there is no port forwarding or port trigger required. Typically, having these configured might imply a certain risk, but should not break the communication in either direction. Something stupid might go on, but I doubt this is in your well-intended config. For the moment, I would suggest (keep in mind I'm neither Netgear nor Sensi) to remove the port forwards and trigger config, then cold reboot the router, and finally the IoT devices.

RAXE300-100NAS will not accept port triggering rules

14 Replies

schumaku
Guru
Jun 16, 2024
VideoGuy wrote:

I have two Sensi 2 thermostats that send TCP traffic on ports 8883 and 443, receives updates on UDP traffic to port 8092 and TCP traffic to port 80. I was able to program these rules on a 6 year Nighthawk R7900P but on my new RAXE300, I enter the data in all the fields, press 'Accept' and it returns to the table with no entries.

Curiosity question: Where is the idea coming from you need any port forwarding (including port trigger) configured on the NAT router? In general, nothing is establishing a connection from the Internet -to- the IoT device like your thermostats. The IoT devices are establishing outgoing connections to the respective cloud service, from there your thermostats will be reachable. Without any port forwarding, and even less with port triggering.

Yes, it's well possible these IoT require -outgoing- connections from your LAN to the Internet, and it's cloud service by TCP on port 8883, 443, and 80. The UDP connection does typically serve as some kind of connection protocol, almost like a VPN.. This is what some unknown guidelines are commonly asking for - sometimes with some questionable wording.
- VideoGuy
  Star
  Jun 16, 2024
  This is the quote from the Sensi 2 app note:
  
  Sensi smart thermostat and Sensi Touch send TCP traffic on ports 80, 8091 and UDP traffic on port 8092. Sensi Touch 2 and Sensi Lite send TCP traffic on ports 8883 and 443. To receive over-the-air firmware updates, please make sure UDP traffic to port 8092 (34.233.82.197) and TCP traffic to port 80 (52.55.206.183) is open. For Sensi Touch 2, also make sure that TCP traffic to port 8883 (54.210.127.220) is open. This traffic needs to be able to navigate any network firewalls, proxies, or filter devices.
  
  https://sensi.copeland.com/en-us/support/router-compatibility/advanced-troubleshooting-information
  
  I can receive information FROM (i.e. request the current temperature) the thermostats (via the Sensi app or Alexa skill), but I cannot SEND commands (i.e. set a temperature) from either method. I assume that the OEM will push out firmware updates to it also.
  
  I was able to set these rules up on my prior Netgear router and it was working (it wasn't before I set them up). The RAXE300 is not having it for some reason. I'm not knowledgeable enough to know why. Its got to be something really stupid.
  - schumaku
    Guru
    Jun 17, 2024
    VideoGuy wrote:
    
    This is the quote from the Sensi 2 app note:
    
    Sensi smart thermostat and Sensi Touch send TCP traffic on ports 80, 8091 and UDP traffic on port 8092. Sensi Touch 2 and Sensi Lite send TCP traffic on ports 8883 and 443. To receive over-the-air firmware updates, please make sure UDP traffic to port 8092 (34.233.82.197) and TCP traffic to port 80 (52.55.206.183) is open. For Sensi Touch 2, also make sure that TCP traffic to port 8883 (54.210.127.220) is open. This traffic needs to be able to navigate any network firewalls, proxies, or filter devices.
    
    https://sensi.copeland.com/en-us/support/router-compatibility/advanced-troubleshooting-information
    
    This is the standard nomenclature describing all the outgoing connections from the LAN are open to reach the Internet and the Sensi cloud infrastructure, no Proxy infrastructure or similar (as usual on business networks) That's why I wrote there is no word of port forwarding or port trigger.
    
    VideoGuy wrote:
    
    I can receive information FROM (i.e. request the current temperature) the thermostats (via the Sensi app or Alexa skill), but I cannot SEND commands (i.e. set a temperature) from either method. I assume that the OEM will push out firmware updates to it also.
    
    I was able to set these rules up on my prior Netgear router and it was working (it wasn't before I set them up). The RAXE300 is not having it for some reason. I'm not knowledgeable enough to know why. Its got to be something really stupid.
    
    These commands are triggered from the IoT App and sent to the cloud infrastructure. Some reverse proxy connections (kind of a VPN) are keeping up the communication between the cloud infrastructure and the IoT devices.
    
    All I can confirm is that there is no port forwarding or port trigger required. Typically, having these configured might imply a certain risk, but should not break the communication in either direction.
    
    Something stupid might go on, but I doubt this is in your well-intended config. For the moment, I would suggest (keep in mind I'm neither Netgear nor Sensi) to remove the port forwards and trigger config, then cold reboot the router, and finally the IoT devices.

Forum Discussion

RAXE300-100NAS will not accept port triggering rules