A silly Firewall question - home automation

Notice: Page may contain affiliate links for which we may earn a small commission through services like Amazon Affiliates or Skimlinks.
N

NYCone

Member
Jun 23, 2017
36
8
8
61
I'm not sure if this is the right place for this question, but I'll give it a try.

I'm about to remodel my home and as part of the remodel, we are putting in all the smart house stuff you can think of - lighting, alarm, sound, shades, video cams, wifi... I usually do this work myself, but the job is large enough that my wife prefers to have it "done professionally".

The most well known group in our area has their turn key system, but they will only agree to do the work if they administer the firewall. I asked if they could settle for a VPN or some open ports to their devices, they refuse.

I've never heard of such a thing, and I'm extremely worried about having an outside home automation company administering my firewall. Are my concerns reasonable, or am I being too conservative?
 
E

Evan

Well-Known Member
Jan 6, 2016
3,346
598
113
Can you put all the home automation in own network segment and they just manage the firewall for that ? (Better to separate home IoT things from clients anyway !)

Not that I like the idea at all either, but I have seen many a managed setup like this for machinery and factory equipment.
 
JustinH

JustinH

Active Member
Jan 21, 2015
124
76
28
48
Singapore
Is this a control4 solution? They have some good stuff but are absolutely anal about letting the owners "configure" or tinker with it. Personally if your into DYI/Maker stuff I'd avoid them.

They say that around the firewall as they will VPN in every time you request a change (and charge for it).

Personally I'd look at a Z-Wave solution. Thousands of devices, no interoperability concerns, some solid controllers out there (both commercial and open source) and most of these controllers have great API's etc.

Commercially, id look at homeseer or Vera for controllers. For devices, anything from Aeotec or Fibaro are decent quality with a good range of devices.

If your really into tinkering, try anything that uses the OpenZWave Library (OSA, Jeedom, Domitiks, Domitiga etc)

(Disclaimer: I'm the author of OpenZWave and actually got so popular the ZWave owners (Sigma) asked my help to open up their specifications and create a community around Open source Zwave solutions - I even got quoted in their PR when they announced it - kinda my proud moment)




Sent from my iPhone using Tapatalk
 
  • Like
Reactions: ecosse, epicurean and PigLover
JustinH

JustinH

Active Member
Jan 21, 2015
124
76
28
48
Singapore
Btw, with 99% of Zwave devices, they can operate without a controller - so even if you crash it, you can still turn on the lights etc. something that things like Control4 etc can't do that well (without added costs).

Biggest advice on the renovation side I can give that will solve a lot of headaches latter - run a neutral wire to each switch outlet. This is so you can power any HA switch there (Zwave or not).

And I would definitely avoid a all-in-one solution for now. Get stuff that is best in breed for each HA domain you want to automate now and the leverage the API's to integrate them.

(Or in the case of the above controllers someone might have already done it for you)

(I have a friend with a control4 solution with whole home audio. Problem is there a few seconds latency on the audio, and in his home theater room, it lags on his TV, and is annoying as hell to watch. He ended up spending another few thousand on a Sonos wireless speaker setup for that room and it sounds and works better than the control4 solution!


Sent from my iPhone using Tapatalk
 
Angus

Angus

Member
Mar 3, 2015
48
8
8
43
I do have Control4 and there is no need for a firewall solution... if that's what it is find a new dealer..

Mine works well.. no complaints.. but it can depend on who is setting it up and supporting it.



The controller uses a VPN and dealer can connect remotely...
 
N

NYCone

Member
Jun 23, 2017
36
8
8
61
Evan said:
Can you put all the home automation in own network segment and they just manage the firewall for that ? (Better to separate home IoT things from clients anyway !)

Not that I like the idea at all either, but I have seen many a managed setup like this for machinery and factory equipment.
Click to expand...
If the automation guys admin the firewall, can't they change the segmenting? How can you set it up so they do not have access if they are the admin?
 
E

Evan

Well-Known Member
Jan 6, 2016
3,346
598
113
NYCone said:
If the automation guys admin the firewall, can't they change the segmenting? How can you set it up so they do not have access if they are the admin?
Click to expand...
Inside and outside FW, you also FW everything that have access to as well :)
 
wildchild

wildchild

Active Member
Feb 4, 2014
389
57
28
I personally would never allow a company to fully control everything , without atleast having the root/admin creds to the equipment.
This is vendor lock in pur sang, and if you ever deside to leave them, they will force you to stay.
This principal goes both private and proffesional for me
 
  • Like
Reactions: T_Minus, Evan, PigLover and 1 other person
P

pricklypunter

Well-Known Member
Nov 10, 2015
1,709
517
113
Canada
Me either. I can't envision any scenario where I would personally want an outside source that, I have no control over, having unfettered access to my internal equipment, for support or otherwise. There may be the odd remote support case for a teamviewer type "helping hand", in support of a particular piece of hardware/ software causing havoc, but that's a million miles away from handing over the keys to the kingdom :)

I have never quite understood the whole "safety in numbers" mentality argument either, that these companies push. The larger the target, the bigger the haul when/ if it gets hacked. If they were to be hacked and vital data stolen, everything you have in your home that they wanted control over then becomes vulnerable to manipulation, "hacked by association" so to speak. So I would say pass on this wonderful offer and look for a better solution :)
 
  • Like
Reactions: wildchild
K D

K D

Well-Known Member
Dec 24, 2016
1,439
320
83
30041
Control4 system allows the dealer to administer the controller remotely. They do not need access to the firewall or any other network function. As long as the controller can access the internet they should be able to perform what is needed. With Control4 the dealer must have access. You will be able to change some basic programming with a composer home edition but anything like adding devices, drivers or renaming objects will have to be done by the dealer.

if you are setting up something new I would recommend looking into z wave based systems. The cost a fraction of control4. Some tinkering is needed for initial setup but then it works cleanly. I recently helped a friend setup his whole house with zwave devices using openhab as a controller. This is the way I would have gone if I needed to setup a system now. My control4 system is rock solid and I've programmed everything so that I rarely have to touch a switch it a thermostat, especially with the new echo integration. But i know that today u can replicate the whole setup at less than tenth of the cost and have more control with zwave devices and openhab.
 
  • Like
Reactions: Evan
K D

K D

Well-Known Member
Dec 24, 2016
1,439
320
83
30041
JustinH said:
Btw, with 99% of Zwave devices, they can operate without a controller - so even if you crash it, you can still turn on the lights etc. something that things like Control4 etc can't do that well (without added costs).
Click to expand...
That is incorrect. All Control 4 switches, dimmers and thermostats etc work normally even when the controller is not available. Any custom programming and triggers that are setup will require the controller to execute them wont be available but the devices will work. This is the behavior in almost all smart devices.

JustinH said:
(I have a friend with a control4 solution with whole home audio. Problem is there a few seconds latency on the audio, and in his home theater room, it lags on his TV, and is annoying as hell to watch. He ended up spending another few thousand on a Sonos wireless speaker setup for that room and it sounds and works better than the control4 solution!
Click to expand...
I agree with part of it. I have one audio zone directly via Control4 and 4 that are controlled via Sonos. The Sonos zones will have a second's delay when starting playback. Even my workstation is connected to my Office Speakers via Sonos. Especially when you use Control4+Sonos integrated, the load on your controller adds to the delay in switching. I've noticed this even when using sonos as a stand-alone system without control4.
 
N

nitrobass24

Moderator
Dec 26, 2010
1,087
131
63
TX
The OP never said it was Control4

Anyways I find this request a bit odd and would find another dealer. None of this automation stuff is particularly exotic these days.


Sent from my iPhone using Tapatalk
 
K D

K D

Well-Known Member
Dec 24, 2016
1,439
320
83
30041
Yup. I saw that. I was just responding to comments about Control4 because i had answers.
 
You must log in or register to reply here.
Top Bottom