Please follow these points to make your installation secure and protected:


1. Do not connect LM to an external IP, use it with a local IP. In this case you will be able to control which ports/services can communicate with LM from outside through your router
2. Always disable unnecessary services – FTP, Remote Diagnostics, Remote services, IP Features in System config
3. Change all passwords. We created the annoying reminder on password change because of this, don’t push the OK button every time. Change all three passwords – FTP/APPs (System config -> Services -> FTP server), admin (System config -> System -> Admin access), remote services (System config -> Services -> Remote Services)
4. Change the default KNX physical address in System config -> Network -> KNX connection
5. Disable KNX/IP features (System config -> Network -> KNX connection) if:


6. If you are not sure of your ISP or there is public access, we recommend using HTTPS access to LM instead of HTTP – (you can block all ports except HTTPS 433 in this case on your router). Do not be afraid if you receive browser warning, because LM uses a self-signed certificate (we cannot use normal certificates because it can only be assigned to a domain, not an IP address). If you are located in a local network and connecting to LM directly, you can stay on port 80/HTTP – in this way the communication will be slightly faster and there will be no browser warnings

7. For external connection to LM we do not recommend using IP port forwarding because all the services and group addresses becomes available in an unsecured form. If you want to use port forwarding, do it only with secure port 443 (HTTPS). The best solution is to use our cloud service as described here: (you can control only selected group addresses remotely, data exchange between LM/cloud and cloud/client is done in secure encrypted way)

8. If FTP is used, use SSL/TLS . Also, change default FTP/APPs password in System config -> Services -> FTP server

9. If communication between several LMs is required in one building:

10. There are cases when somebody tries to reprogramm KNX devices. We can supply KNX devices that blocks all peer-to-peer telegrams (which are used for device rogramming) while keeping group communication unchanged

Document release data: February 13, 2017