Firewall settings

Table of Internet Ports

Outgoing Port	Protocol	Function	Server

Outgoing Port	Protocol	Function	Server
53	DNS	Name resolution	8.8.8.8 (Google Public DNS) 8.8.4.4 (Secondary Google DNS) custom settings are possible
80	HTTP	Connection to Solar-Log WEB Enerest™ 4 Firmware Update Licenses Update	data.enerest.world pool0.solarlog-web.com pool1.solarlog-web.com pool2.solarlog-web.com pool3.solarlog-web.com pool4.solarlog-web.com pool5.solarlog-web.com pool6.solarlog-web.com pool7.solarlog-web.com pool8.solarlog-web.com pool9.solarlog-web.com
123	NTP	Time synchronization	0.pool.ntp.org 1.pool.ntp.org 2.pool.ntp.org 3.pool.ntp.org ntps1-1.cs.tu-berlin.de bonehed.lcs.mit.edu navobs1.gatech.edu 130.149.17.8 130.207.244.240
502	TCP/IP	access to internal data of Solar-Log™	Solar-Log™ IP address

Deprecated Features

Outgoing Port	Protocol	Function	Server	Notes

Outgoing Port	Protocol	Function	Server	Notes
21	FTP	FTP	ftp.enerest.world	Since it is a passive FTP connection, additional ports (high port > 1023) are required depending on the FTP server used.

Internet Connections of the Solar-Log™

In general, it is rather useful to set up the Solar-Log™ so that it has Internet access. Most importantly, Internet access is required when the Solar-Log™ connects to the online portal. Additionally, the firmware can be updated via the Internet and the internal clock of the Solar-Log™ can be regularly synchronized with time servers when the function is active. The Solar-Log™ should only be used in a secure network – a network that cannot be accessed from the Internet or one that has suitable security mechanisms in place. Almost every commercially available router comes equipped with a firewall that usually has sufficient security settings activated by default. In some cases, settings made in the router/firewall may block Solar-Log™ functions, thus preventing flawless operations. Here is a list of the protocols and ports used which need to be allowed to ensure that all of the desired functions work properly.

Ports and protocols used by the Solar-Log™

Only outbound connections are required for regular Solar-Log™ operations. Access to the web interface and the Modbus TCP interface of the Solar-Log™ are the exceptions, but generally, this is only required within the local network. All functions listed below are not necessary and need to be specifically activated in the configuration when they are to be used. In large networks with a high level of security, it is often not allowed to open the required outgoing ports. Usually, a proxy server is available in such networks to allow HTTP and FTP export connections via a tunnel. The Solar-Log™ can also establish HTTP and FTP connections via proxy servers that use the "CONNECT" method. Use the following table as a guide on which ports need to be opened if you have problems with one of the functions that require Internet access – specific router/firewall configurations.

Setting up remote access to the Solar-Log™ via Internet

There is the option to access the web interface and other Solar-Log™ network interfaces via the Internet. This requires either a VPN (virtual private network) or port forwarding. Grid operators and direct marketers may use such mechanisms to access data from the Solar-Log™ via the Internet or to control the Solar-Log™'s feed-in management. This remote access is convenient but has its risks.

Using VPN for remote access

This is a relatively secure option to access the Solar-Log™ directly from the Internet. However, the proper setup of the VPN may require the service of a professional.

Using port forwarding for remote access

This method of direct remote access to the Solar-Log™ is not particularly secure and Solar-Log GmbH does not recommend its long-term use. Nevertheless, if port forwarding is still needed, be sure that the access rights have been adequately set up to make third-party access extremely difficult. Access should be definitely limited to the required port (e.g. 80) and the device should be password protected.