Please follow these points to make your installation secure:
1. Do not use port forwarding. Use OpenVPN or ZeroTier for commissioning. Use LM cloud for remote control.
2. Do not enable unnecessary services – FTP, Remote Diagnostics, Remote services, etc.
3. Change the default admin passwords
4. Disable KNX/IP features (System config -> Network -> KNX connection) if:
- You have finished programming your KNX devices from ETS and this is not needed anymore.
- KNX/IP routing is not needed for this project.
5. Use HTTPS where possible. Install SSL certificate app on your LM to get a valid SSL certificate.
6. If FTP is used, use SSL/TLS
7. If communication between several LMs is required in one building:
- Provide a KNX Backbone key and set “Enable only secure communication” option.
- Enable TOS (type of service) if your switch/router supports this. This way you can enable prioritization for KNX telegrams (7 – highest priority, 0 – lowest). It means other IP packets will have lower priority over KNX telegrams – KNX telegrams will be always delivered first.
Document release data: April 1, 2022