In order to maintain a dedicated network for all equipment within the EII ecosystem and to ensure that all communication of equipment is segmented as best as possible to a customer's network, EII has implemented the following network setup of its equipment at a site.
The EII equipment is connected to a router, which provides a NAT network of 172.20.1.0/24 to all PCs that are part of EII solutions. In all configurations, the server is set to a static IP address, normally 172.20.1.2, whereas all workstation related PCs are configured for DHCP, with an IP address somewhere along 172.20.1.11-254.
The router, when shipped, is set to automatically obtain an IP address from the customer network via DHCP, and will utilize that IP information to attempt to reach the Internet.
EII Support utilizes the remote connection solution of Splashtop for remote diagnostics and support. In order for EII equipment to connect to the Splashtop tunnel network, a minimum of TCP 443 (HTTPS) should be openly accessible OUTBOUND from the EII-provided router.
If there is a proxy appliance utilized at a customer site, or if firewalls rules have been implemented that may interfere with Splashtop communication, the IT department will need to be contacted so the following may be whitelisted:
- *.api.splashtop.com
- *.relay.splashtop.com
- update-g3.splashtop.com
- update.splashtop.com
- sn.splashtop.com
Additionally, EII utilizes an SFTP server for the transfer of directories and files to/from EII equipment for troubleshooting - such as pulling database backups for analysis. The non-standard port EII uses for SFTP traffic is TCP 424 and should be allowed open for outbound communication.
The router on the machine is accessible for configuration - however, we strongly advise that only the WAN connection properties are modified as necessary and that no other configuration changes be made.
To access the router from an available EII PC, open a browser to https://172.20.1.1 and use the username/password combo of admin/firstclass. This will allow your site to verify which IP address the router has obtained from the network and to modify it if necessary.
You are able to verify whether Splashtop was successful in obtaining a connection to the outside world, by double-click on the Splashtop icon in the system tray by the clock. The symbol for Splashtop looks like this:
If you are successfully connected, the resulting screen should resemble this window:
Otherwise the ID portion will be blank and the status icon will be red instead of green in the bottom left corner.