Thanks! I’ve just added the IP and will check if this fixes the issue

Would it be possible to send an email notification when the server IP addresses change? I think a good location would be the users & permissions page. Here you can enable “Offline monitors notifications”. Maybe you can add a “Server IP change notification” option which is disabled by default?

Adding 46.225.42.92 fixed it! My monitors haven’t dropped offline since I added the IP address

@Bart_Netherlands I’m glad to hear that it works for you! Please let us know if you need any help.

Regarding your feature request, please let me add this to our list for discussion with my team.

To understand a little more context, would you mind describing your current setup and use case? (for example, you want to make sure about the IoT device security, etc.). This will help us a lot to understand our customers deeply.

Thanks!

Thanks for your quick replies.

My current setup for home is one outdoor monitor and two indoor monitors. I just think it is good practice to have firewall rules in place for IoT devices for improved security. I can imagine business customers (offices, schools etc.) definitely want to use firewall rules for good security.

@Bart_Netherlands safety & security before anything else! Thanks a lot for the insights!

Inbound rules make a lot of sense, even if running NAT, but I question the merit of outbound, since the originating device is in your control, amd runs known code. Locking down unused inbound ports (at least as I see it), is most critical. (Here, for instance, I believe that I have only 3 open, all for email services, and a VPN inbound.

@tadawson Sure the device runs known code. But it also features auto update functionality. And in theory if the AirGradient server gets hacked someone could push out an update with malicious code. So why not lock it down as much as possible?

I don’t consider that a realistic risk, for a couple of reasons:

1. You don’t have to allow auto update if you are that paranoid. Download and apply yourself, or download source, audit it, compile and apply if it makes you feel more secure.
2. If the server is compromised, they can still get to you through it.
3. This kind of stuff should be on an isolated VLAN anyhow, if you are that concerned.
4. The small flash space in these rrally won’t allow anything else and still allow it to function.
5. You worry about a “malicious code push” if the server is compromised, but nothing you have done in any way likits that.

You could also port restrict that device to only allow comm to the ports used by AG (but again, that approaches a similar point of overkill . . .).

All you have done is introduce more potential points of failure, as you have seen, but hey, it’s your network . . .

@tadawson

1. I don’t have time to audit every update.
2. True, but it requires more effort.
3. I agree, and it is isolated at my network.
4. I agree there’s not much risk from this device. It’s just good practice and I have firewall rules for all my IoT.

I actually followed AirGradient’s own advice:
https://www.airgradient.com/documentation/kb/kb-diy-it-security-policy-for-deployment-of-airgradient-monitors
@Tai_AirGradient This document needs to be updated with the new IP address by the way

@Bart_Netherlands Thank you a lot for spotting this. Updated!