Setting up remote access to the TDX, requires a public IP address, but connecting a 'host' directly to the internet is never a good idea. You expose the host for unwanted threats. The TDX (and TDH800 for that matter) is a 'host' in this consideration. Therefore you will prefer to 'hide' the host behind a firewall/router.


Depending on your existing setup, there could be several solutions.

This is our setup, where we have the TDX conencted to a router. The router is assigned with a public IP address (86.23.45.117).

Note: The examples below uses the IP scope 192.168.1.1/24, therefore the default IP address of the TDX is changed to 192.168.1.100




Directly access without a router (Not recommended !)

TRIAX will never recommend, that you connect any type of equipment directly to the internet (access without a router). Connecting a host directly to the internet will always be considered as 'Bad Practise'. Connecting a switch to you modem/uplink and then the headend to the switch, is also considered as a direct connection.


Connecting a host directly to the internet, exposes the the host and renders it vulnerable to malicious intrusions and attacks. For security reasons, you will always be advised to protect your hosts. You do this, by 'hiding' them behind a router/firewall.


The TDX (or any equipment from Triax) is categorized as host, like your PC, laptop, printer or other networking equipment.




Router/Firewall & VPN (Preferable)

This is the preferred solution, if your router/firewall supports VPN connections!


  1. Assign a Static Public IP address to the WAN connection to your Router/Firewall at the TDX (In this example the router has 86.23.45.117).
  2. Configure a VPN server on router at the TDX, accepting connections through a L2TP or PPTP tunnel.
  3. Configure either a New Network connection as a VPN connection or install a VPN client on your PC.
  4. When you wish to connect to your TDX, you simply connect to the VPN server on the router/firewall at the TDX.
  5. You now have a secure connection to everything behind the router/firewall. You are practically a part of the network behind the router at the TDX. This is called a 'VPN Tunnel'
  6. Connect to the TDX with your browser: http://192.168.1.100




Router/Firewall & Port forwarding

This is the preferred solution, if your router/firewall does not support VPN connections!


  1. Assign a Static Public IP address to the WAN connection to your Router/Firewall at the TDX (In this example the router has 86.23.45.117).
  2. Configure port forwarding on router at the TDX, forwarding the required ports depending on the software version on the TDX (please see table below illustration).
  3. In this example, the GUI port is forwarded from port 8080 to 80. This adds a layer of security to the port forwarding. You may choose any port for the 'HTTP GUI' - not for the 'Policy' and 'Silverlight' ports. You may choose any port above 1024, preferable above 49152. Please see below, in "IANA assigned ports".
  4. Connect to the TDX with your browser: http://86.23.45.117:8080





Forward the traffic to the TDX, depending on the software on the TDX, your need to forward the following ports.


SW
Port
Description
3.x

TCP 80
TCP 943
TCP 4530
TCP 4531
HTTP GUI
Policy
Silverlight
Silverlight
4.x

TCP 80
HTTP GUI




Additional information

Triax Support doesn't cover setting up the Router/Firewall. Triax Academy do offer courses in IP Network and in WiFi. Please read more about this, on the Triax website


If you don't know how to change the IP address on the TDX, follow this guide on how to change the IP address: Changing the management IP address

IANA assigned ports:

A port is always associated with an IP address of a host and the type of communication. Ports are assigned as a number (port number):
  • 0-1023: System Ports (Well known ports)
  • 1024-49151: User Ports (Registered ports, assigned by IANA)
  • 49152-65535: Dynamic / Private Ports (Dynamic ports)

Specific port numbers are commonly reserved to identify specific services.

If interested, you can find more info at:  IANA homepage