Network problems can be difficult to diagnose until there's at least some connection to the Internet. Here are Firewall, Ethernet, DHCP, DNS, and UDP, and SSL candidate problems to check with your network administrator.
Firewall
Make sure outbound port 443 is allowed to contact these servers.
Ethernet Port
Are the Ethernet port(s) connected to the correct network(s)?
The Network Interface Card (NIC) inside port (closest to center) of the Box Pro is the primary NIC connected to the WAN/Internet and used for registration using the MAC address printed on the package labeling. So the Ethernet cable that connects to the Internet should use that interior port.
The outside port (closest to the edge) of the Box Pro is the secondary NIC, most often connected to a private camera/NVR LAN. That port is active (blinking) only when configured, and it is not configured by default. See Dual NIC Configuration.
DHCP Filters
The default way to obtain an IP address is via DHCP. But some corporate networks may use DHCP filters that allow only specified MAC addresses to obtain an IP address. Make sure your network admin either a) allows the MAC addresses of the Box to use DHCP or b) assigns a static IP address to the Box.
DNS Servers
Box uses Google's DNS Servers 8.8.8.8 and 8.8.4.4. If your network blocks those DNS servers and relies on different DNS Servers, then make sure to configure the primary NIC to use your preferred DNS servers.
UDP Filters
Box locates cameras and NVRs on the LAN by looking for MAC addresses recognized by OUI. The Box relies on nmap to scan the LAN and fill the ARP cache with the mappings of MAC to IP address to know the IP address of each video source even if its IP address changes over time. This network scan is optional and obviated by assigning static IP addresses to video sources.
SSL Inspection
If your corporate network uses "SSL Inspection" to monitor encrypted network traffic, then the self-signed intermediate certificates inserted by those tools will be rejected as unsafe man-in-the-middle (MITM) connection attempts. The Box's TLS 1.3 encrypted outbound connections to these servers will fail.
SSL Inspection Bypass
- Create a DHCP Reservation for the MAC address of the primary NIC of the Box and record that reserved IP Address (e.g. 192.168.0.55).
- Bypass SSL Inspection by configuring your firewall to exempt the reserved IP Address (e.g. add a rule for 192.168.0.55 to exempt that IP from SSL Inspection)
Comments