In order to maintain a dedicated network for all equipment within the EII ecosystem and to ensure that all communication of equipment is segemented as best as possible to a customer's network, EII has implemented the following network setup of it's equipment at a site.
The EII equipment is connected to a Cisco router, which provides a NAT network of 172.20.1.0/24 to all PCs part of EII solutions. In all configurations, the server is set to a static IP address, normally 172.20.1.2, whereas all workstation related PCs are configured for DHCP, with an IP address somewhere along 172.20.1.11-254.
The Cisco router, when shipped, is set to automatically obtain an IP address from the customer network via DHCP, and will utilize that IP information to attempt to reach the Internet.
EII Support utilizes the remote connection solution of TeamViewer for remote diagnostics and support. In order for EII equipment to connect to the TeamViewer tunnel network, a minimum of TCP 443 (HTTPS) should be openly accessible OUTBOUND from the EII Cisco router provided. Teamviewer prefers to make a connection on TCP/UDP 5938, but will fall back to TCP 443 if unable to connect. If there is a proxy appliance utilized at a customer site, the domain *.teamviewer.com should be allowed to the IP address assigned to the Cisco router for EII equipment.
Additionally, EII utilizes an SFTP server for the transfer of directories and files to/from EII equipment for troubleshooting - such as pulling database backups for analysis. The non-standard port EII uses for SFTP traffic is TCP 424 and should be allowed open for communication.
The Cisco router on the machine is accessible for configuration - however, we strongly advise that only the WAN connection properties are modified as necessary, and no other configuration changes are made.
To access the Cisco router, from an available EII PC, open a browser to https://172.20.1.1 and use the username/password combo of admin/firstclass. This will allow your site to verify what IP address the Cisco router has obtained from the network, and to modify it if necessary.
You are able to verify if TeamViewer was successful in obtaining a connection to the outside world, by double-click on the TeamViewer icon in the system tray by the clock. The symbol for TeamViewer looks like this:
If you are successfully connected, you will see the resulting screen should look something like this:
Otherwise the ID portion will be blank and the status icon will be red instead of green in the bottom left corner.