0

Whitelist IP's for Google Home/Assistant

Sem Craeghs 1 year ago in Devices / Other updated by Ricardo Pinto | visiontech pt 12 months ago 5

Hello,

I was exploring the Google Home functionality, by configuring port forwarding on my firewall.

I've noticed in the log files of the firewall a lot of residential IP's (coming from US, Russia, Bangladesh, ...) trying to connect to the port, probably considered "not legit addresses".


Do you have list of IP's that I can whitelist so I can mitigate this thread?

Hello,

If you want to use Google Home / Alexa, you need to open / expose HTTPS port 443 (this port applies to access ComfortClick remotely, and therefore the Google and Alexa skills will communicate with that port).

Nonetheless, you don't need to use the standard port, but rather redirect a different external port to the internal 443 port.

For example, I'm using external port 52443 redirected to the internal 443 (you can go as high as 65535). Higher ports, can at least move away some pseudo-hackers from finding your server (it can obviously be found with a deeper scanning). But usually the standard ports are the most attacked ones, so if you move away from the standard ones at least you can "hide" the server a little bit.

Best regards 

Hello Ricardo,

I'm aware of that possibility, but to further reduce the possibility, it would be nice to have a list of IP's which would connect to my ComfortClick installation.


For example, Microsoft, Google, and Amazon are also publishing their IP ranges so you can limit the sources in your firewall..

Use resource monitor or netstat? Filter by bosservice.exe and whitelist remote addresses?

I'm using the Jigsaw device (so not Windows based)

I would assume ComfortClick can easily share their public IP address of the Comfortclick service handling the Google Home bridge functionality....

That's something that only ComfortClick team can answer I guess.

Nonetheless, the new Remote Access from ComfortClick can also be a solution to you. It's a service where you don't need to expose your connection.


Have a look:


https://www.comfortclick.com/Products/Software/RemoteAccess

Best regards