BI5 UI3 / W10P FIREWALL QUESTION

windguy

Getting comfortable
Joined
Sep 25, 2019
Messages
285
Reaction score
289
Location
Pacific Coast
Wasn't sure where exactly to post this question so sorry in advance (UI3 thread, Dual NIC thread, ??)

Been using BI5 for several months with three Dahua cams and all is working well so far. Still have two more cams to get going.
Next step is to setup a new Lenovo Duet Chromebook with UI3 so we can monitor BI activity away from the BI host PC.

I'm getting hung up in not being able to access the BI host PC. Can't even ping it so I'm betting it has something to do with the Windows 10 Defender Firewall after doing some web searching. I don't want to create an inbound rule to let the Chromebook through and create some security hazard since I have very limited networking skills. Thought it was best to ask for help from Team IPCT.

Setup wise the BI host PC has a dual NIC both with static IP addresses but separate subnets, one for the cams, one connected to the home LAN.
The IP address I'm trying to browse to was pulled from the BI WEB SERVER screen.
I do think it's a firewall issue blocking outside devices from talking to the BI host.
Below is a screen shot of Win 10 Defender Firewall Inbound Rules when I was poking around there to see what options are available.

Thanks in advance for the help!

Win 10 Defender Firewall Inbound Rules.png
 
Last edited:

lcam

Getting the hang of it
Joined
Aug 29, 2018
Messages
158
Reaction score
38
Location
US
If the Chromebook is on the same network as the BI server then you should be able to just open the correct inbound port on the BI server firewall. To lock it down even more you should be able to specify the inbound IP you want to use for the Chromebook.
 

windguy

Getting comfortable
Joined
Sep 25, 2019
Messages
285
Reaction score
289
Location
Pacific Coast
@lcam - thanks for the reply.
The Chromebook is on the same subnet as the BI server.
I can try to create an INBOUND RULE for the port or the specific IP address of the Chromebook.
Was just wondering what other Windows 10 Pro users had to do to get their UI3 working with a device on a local network.
 
Last edited:

windguy

Getting comfortable
Joined
Sep 25, 2019
Messages
285
Reaction score
289
Location
Pacific Coast
UPDATE - Getting closer but not quite there yet

I disabled the three firewalls as a test and was able to get the login screen for UI3 on both the Chromebook and a Win 10H laptop.
That proved to me that it's indeed a Firewall problem in blocking my access to BI UI3. Firewalls were re-enabled.

I then setup an INBOUND RULE for a range of IPs and can now ping the BI server from multiple devices on the network. That's good news.

Then I tried to access BI UI3 using the IP string in a browser and it's still a no go. Not sure why. Perhaps access to the BI application is being blocked by the Firewall.
The INBOUND RULE has "all programs" selected but maybe something more specific has to be done.

Appreciate the help!
 

bp2008

Staff member
Joined
Mar 10, 2014
Messages
12,666
Reaction score
14,005
Location
USA
Pings are typically allowed or blocked by the firewall rule named "File and Printer Sharing" or something like that.

For Blue Iris, you just need to look at the port number you have assigned in the BI web server configuration, and create a firewall rule that enables inbound access on that port (TCP only), and after you get that working, if you want to you can edit the firewall rule to add source IP address restrictions. When asked, have that firewall rule take effect on all network types (private, public, domain).

Technically the rules you screenshotted are supposed to already allow this kind of remote access, but there are a lot of ways a firewall rule associated with a particular program might fail or not work as intended. A firewall rule that defines a specific port (like 81) and protocol (TCP) should be a lot more reliable.
 

windguy

Getting comfortable
Joined
Sep 25, 2019
Messages
285
Reaction score
289
Location
Pacific Coast
@bp2008 - appreciate the reply and info from the UI3 guru himself.

I gave it another try by first deleting the IP address range rule and then adding a new Inbound Rule just for Port Number 8081.
Still doesn't work. Can't browse to start UI3.

Some screen shots below if that helps. Sorry for being such a Noob!

SNIP - BI Web Server.pngSNIP Inbound Rule - Port 8081 - General.pngSNIP Inbound Rule - Port 8081 - Protocols and Ports.pngSNIP Inbound Rule - Port 8081 - Advanced.png
 

lcam

Getting the hang of it
Joined
Aug 29, 2018
Messages
158
Reaction score
38
Location
US
Use local port 8081 and all ports for remote.
 

windguy

Getting comfortable
Joined
Sep 25, 2019
Messages
285
Reaction score
289
Location
Pacific Coast
@lcam - thanks for the suggestion.
I made that change to the port settings and still can't access Ui3.

Below is the screen shot and also one for the programming and services page showing BI in the background, flagged as Private.
Is it possible it's not just the port or the ip range set earlier but the program access (BI) that is being blocked by the Firewall?

Thanks!

SNIP Inbound Rule - Port 8081 - Protocols and Ports - B.pngSNIP Inbound Rule - Port 8081 - Programs and Services.png
 

IAmATeaf

Known around here
Joined
Jan 13, 2019
Messages
3,287
Reaction score
3,252
Location
United Kingdom
That up address shown in the BI web settings is that the subject of the cams or your other subnetwork, I suspect the other as you’ve confirmed that when you disable the firewall it works but worth conforming.

As a test try setting the entry you all to all for incoming and outbound. If that works you can then start targeting specific ports.
 

windguy

Getting comfortable
Joined
Sep 25, 2019
Messages
285
Reaction score
289
Location
Pacific Coast
@IAmATeaf - Thanks for the suggestion.
Yes, the IP address is part of the subnetwork and was confirmed as working when the firewalls were disabled. That's my baseline.

I changed the INBOUND rule for ports to ALL PORTS and no help. See screen shot below.

SNIP Inbound Rule - Port 8081 - Protocols and Ports - C.png

I then disabled the three firewalls, one at a time to see which one was creating the access problem to BI.
When the PUBLIC NETWORK firewall was disabled, I was able to get a UI3 login screen. Disabling the other two firewalls (Domain and Private) had no effect.

SNIP - Firewall & Network Protection - Firewall Status.png

SNIP - Firewall & Network Protection - Public Network.png

I tried something new based on my assumption that the firewall was blocking access to BI as an application issue and not an inbound port or IP issue..
Under the settings for "Firewall and Network Protection" then "allow an app through the firewall", the default setting for BI is PRIVATE - enabled, PUBLIC - disabled.
I enabled BI - PUBLIC and was able to get UI3 login screen. Yeah! That makes sense in that when I disabled the PUBLIC firewall I was able to get through.

SNIP - Firewall - allowed apps and features.png

As a test, I backed out the INBOUND rule created for the ports and was still able to get the UI3 login screen. Yeah!

In summary, the INBOUND rules setup for IP's and PORTS was not required. Enabling BI-PUBLIC under ALLOWED APPS & FEATURES was required.
The question to the network gurus is "is it safe to have this setting enabled?".

Thanks for the help!
 

IAmATeaf

Known around here
Joined
Jan 13, 2019
Messages
3,287
Reaction score
3,252
Location
United Kingdom
I have my network which is connected to my home network set as private and the network that the cams are set as public. Set this way the single entry for BI and Web Services within Advanced Firewall Settings is enough for me to get access to UI3.

Do a google and see how you can change/set your network to private, reason I say google is I know I’ve had problems in the past so googling is probably the best way to hopefully achieve this unless somebody here can suggest.

IMG_7600.png
 

windguy

Getting comfortable
Joined
Sep 25, 2019
Messages
285
Reaction score
289
Location
Pacific Coast
@IAmATeaf - thanks for reply and info.
You are spot on about that Private and Public setting.
I checked the BI server LAN side and it's set to PUBLIC.

SNIP - Network Status - default.png

See the link below for a quick explanation about Public vs Private settings.


The naming convention is a bit confusing to me. Seems like it should be the opposite, but it's based on if you're out and about (Public) vs at home (Private).
Perhaps other users already had their network interface set to PRIVATE and that's why they didn't run into the same roadblocks that I had getting UI3 going.
Since it's working now and don't need further outside access to the BI server for file sharing, I'll leave it as PUBLIC until my requirements change.
This fire drill set me back a few days but I learned something about setting inbound rules and the network configuration settings so it was a good experience.
Thanks again to all that helped!

BTW - Many thanks to the creators of UI3 - @bp2008 and @ruppmeister
UI3 is a really nice application for viewing the BI system remotely.
Nice features with a decent user interface, layout and easy to use. Very impressive tool.
 
Last edited:
Top