Configure your Firewall with a Ring Doorbell Pro

As the number of Internet of Things (IOT) Devices grow, you'll probably encounter the need to integrate IOT devices with your Enterprise Firewall.  As a general rule, we suggest segregating these devices on a separate vLAN and SSID and block all access from the IOT subnet to other internal networks.  We recently sucessfully configured a Sonicwall to work with a Ring Doorbell.  There isn't too much technical documentation on this subject so I decided to write this Blog post to hopefully save you a lot of troubleshooting time.

  1. Initial Setup - Ring Doorbell cannot connect to the Internet.  Of course perform the basic troubleshooting steps to verify that other devices can connect to the same SSID as the Ring Doorbell.  We configured the Sonicwall DHCP's server with a reservation for the Ring Doorbell so it would receive the same IP address everytime.  We configured the WAN interface on the Sonicwall to use the ISP's recommended DNS servers.  But after reviewing a packet capture for some reason the Ring Doorbell was attempting to use our internal DNS servers which were blocked by the Sonicwall from the WifI network.  This caused the Ring Doorbell setup to fail.  Support verified that they could see the Doorbell connect, but then it sent a bunch of zeros, probably right after it performed a failed DNS query.  After I specifically configured the Sonicwall DHCP server with specific Public DNS Servers, I was able to successfully complete the initial setup.
  2. Live view was not working.  Live View is a feature which allows you to view who is at the door with the Ring Doorbell Camera.  I had to open up some additional ports to get Live View working.  I spoke to Level 2 support and they recommended opening up inbound ports as well, but I was able to get it working by only allowing outbound ports.  After these ports were opened I was able to access Live View from a Cellular signal, but not from a device that was connected to the same Wireless Access Point (WAP) as the Ring Doorbell.  Here's a summary of the ports I opened from the Ring Doorbell Outbound to the Internet:

    1. ICMP
    2. TCP Port 53
    3. TCP Port 80
    4. TCP Port 123
    5. TCP Port 443
    6. TCP Port 8557 (recently added  on 12/28/2020 to get LiveView to work)
    7. TCP 15063-15064
    8. TCP 7078
    9. TCP 9078
    10. TCP 9998-9999
    11. UDP 15063-15064
    12. UDP 15600-65535
    13. UDP 5001
  3. Allow devices on the same Wireless Access Point (WAP) to access Live View.  If you have an iPAD or Smartphone that is connected to the same WAP as the Ring Doorbell with the Ring App installed, you have to open some additional outbound ports on the firewall to access Live View.  I created a rule from any device that has the Ring Doorbell App Outbound to the Internet on these ports:
    1. TCP 80
    2. TCP 443
    3. TCP 5228
    4. TCP 15064
    5. UDP 16500-65535

 

After opening up these ports it's working.  Yeah! Subscribe!

FirewallInternet of thingsVoice over ip (voip)

Get updated on the latest Information Technology news, Cybersecurity, Information Technology Trends, and recent real-world troubleshooting experiences.

SUBSCRIBE NOW!