Jump to content
RESET Forums (homeservershow.com)

Luma behind Sophos UTM


cmccomas
 Share

Recommended Posts

Hi guys and gals, new listener to the pod cast and first time posting here.  Anyway I finally took delivery of my Luma 3 pack.  So far it’s been a bit bumpy road like the rest of you. I can vouch for it’s speed when it’s actually working!  I have mine setup behind a Sophos UTM, I allow TCP 4242, TCP 4505 and TCP 4506 out so that they can connect back to the cloud.  The odd thing is that they seem to be working in bridge mode!  This is something I want them to do but it’s something I don’t think they should be doing with this current firmware. Is anyone else getting behavior like this? Any ideas as to why?  I also get about 3 days of use before they decide to lock up.  Not sure if this is a bug in the internet pause feature or they just wonk out.  It doesn’t kill my wired network traffic just the wifi. The only way to restore connectivity is to unplug them one at a time. Just for the record I have not used the pause feature so it is not user error on my part!

 

Side note, I see a lot of dropped packets in the logs of Sophos and backup pfSense box.  I will snoop around in the log files and check wireshark this weekend and see what I can see.  Anyone have any ideas/solutions or similar experiences?

 

 

 

 

Link to comment
Share on other sites

Hi guys and gals, new listener to the pod cast and first time posting here.  Anyway I finally took delivery of my Luma 3 pack.  So far it’s been a bit bumpy road like the rest of you. I can vouch for it’s speed when it’s actually working!  I have mine setup behind a Sophos UTM, I allow TCP 4242, TCP 4505 and TCP 4506 out so that they can connect back to the cloud.  The odd thing is that they seem to be working in bridge mode!  This is something I want them to do but it’s something I don’t think they should be doing with this current firmware. Is anyone else getting behavior like this? Any ideas as to why?  I also get about 3 days of use before they decide to lock up.  Not sure if this is a bug in the internet pause feature or they just wonk out.  It doesn’t kill my wired network traffic just the wifi. The only way to restore connectivity is to unplug them one at a time. Just for the record I have not used the pause feature so it is not user error on my part!

 

Side note, I see a lot of dropped packets in the logs of Sophos and backup pfSense box.  I will snoop around in the log files and check wireshark this weekend and see what I can see.  Anyone have any ideas/solutions or similar experiences?

Welcome to the forums!

 

1. I would allow all outbound traffic from Luma, I would not restrict it in anyway. I have mine setup on a DMZ because I need to keep the FiOs router in place.

 

2. What makes you think Luma is setup in 'bridge mode' ?

 

3. What is the subnet or IP address of a device connect to Luma? Also in the Luma app on the main page if you tab on one of the connected Luma's it will give you the IP address of the Luma, Please tell me what that is. If its 192.168.55.x its not in 'bridge mode' Luma says there going to add support for it but like everything else Luma there no ETA.

 

4. As for the lockups, Are you you using Ethernet backhaul or wireless mesh on the two nodes?

 

5. Do you have any restrictions set on the default user profile and if yes what rating is it set on?

 

6. Did you setup users and add devices for those users and if yes what is the filter rating set to?

 

7. Does the lockup happen for all users?

Edited by itGeeks
Link to comment
Share on other sites

Welcome to the forums!

 

1. I would allow all outbound traffic from Luma, I would not restrict it in anyway. I have mine setup on a DMZ because I need to keep the FiOs router in place.

 

2. What makes you think Luma is setup in 'bridge mode' ?

 

3. What is the subnet or IP address of a device connect to Luma? Also in the Luma app on the main page if you tab on one of the connected Luma's it will give you the IP address of the Luma, Please tell me what that is. If its 192.168.55.x its not in 'bridge mode' Luma says there going to add support for it but like everything else Luma there no ETA.

 

4. As for the lockups, Are you you using Ethernet backhaul or wireless mesh on the two nodes?

 

5. Do you have any restrictions set on the default user profile and if yes what rating is it set on?

 

6. Did you setup users and add devices for those users and if yes what is the filter rating set to?

 

7. Does the lockup happen for all users?

 

Hi itGeeks,

 

 

1.  I'll give it a try in a DMZ honestly didn't think to try that!

 

2.  When I first power them on and my client (iPhone) connects I'm given a 192.168.55.0/24 address.  If I wait a min or two and then re-connect I'm popped onto 192.168.1.0/24  my normal network. It then works for a few days without a hitch and then hangs up.  I see some IGMP traffic getting blocked but I think this is the luma to luma traffic on multicast.

 

3. When I first power it on clients are given the 192.168.55.0/24 address.  Then after a min to two it starts handing out 192.168.1.0/24 addresses?!  Not sure what's going on. The IP addresses of the Luma's are listed as 192.168.55.0/24 in the app.  specifically .1, .4 and .5.

 

4.  I'm using Ethernet backhaul on all 3 nodes.  Looks like they are communicating as I see multicast traffic on the network.

 

5. I did set up two profiles for my wife and myself and both are set to unrestricted.  Default policy is unrestricted as well.

 

6.  I added a few devices to each user but most of the devices are unassigned.  Filtering for everything is unrestricted.  Didn't seem to work anyway when I tested it with an adult site!

 

7. Yes all wireless users!  I can still reach it from the app if I drop to cellular data on my phone.  Tried to pause and un-pause in the app but that didn't help much.  All my wired devices continue to work fine.

 

Any ideas?!  I'll try popping it into the DMZ and see if that helps.  Thanks again for your time!

 

 

Link to comment
Share on other sites

Hi itGeeks,

 

 

1.  I'll give it a try in a DMZ honestly didn't think to try that!

 

2.  When I first power them on and my client (iPhone) connects I'm given a 192.168.55.0/24 address.  If I wait a min or two and then re-connect I'm popped onto 192.168.1.0/24  my normal network. It then works for a few days without a hitch and then hangs up.  I see some IGMP traffic getting blocked but I think this is the luma to luma traffic on multicast.

 

3. When I first power it on clients are given the 192.168.55.0/24 address.  Then after a min to two it starts handing out 192.168.1.0/24 addresses?!  Not sure what's going on. The IP addresses of the Luma's are listed as 192.168.55.0/24 in the app.  specifically .1, .4 and .5.

 

4.  I'm using Ethernet backhaul on all 3 nodes.  Looks like they are communicating as I see multicast traffic on the network.

 

5. I did set up two profiles for my wife and myself and both are set to unrestricted.  Default policy is unrestricted as well.

 

6.  I added a few devices to each user but most of the devices are unassigned.  Filtering for everything is unrestricted.  Didn't seem to work anyway when I tested it with an adult site!

 

7. Yes all wireless users!  I can still reach it from the app if I drop to cellular data on my phone.  Tried to pause and un-pause in the app but that didn't help much.  All my wired devices continue to work fine.

 

Any ideas?!  I'll try popping it into the DMZ and see if that helps.  Thanks again for your time!

Something is very wrong with your setup then, Luma does not support 'bridge mode' at this time, It is something they say will be added later via a firmware update with no ETA. Do you have any other WAP's active other then Luma?

 

Could you explain your setup starting with the line coming into your house?

Link to comment
Share on other sites

  • 1 month later...

Another little note about Luma and ethernet backhaul after getting off the phone with support. 

 

Here's my setup: Cable Modem - Sophos UTM 120 - Home Net on Lan - Luma on DMZ

 

I had another Luma in my living room and plugged in the lan cable for an ethernet backhaul. The switch in the living room was tied back to a switch off the Sophos Home Lan. 

 

Because the living room Luma was not connected to the DMZ network, it thought it was the Hub. However, I already had the Hub on the DMZ. Neither was aware of the other. 

 

I have the Sophos acting as a DHCP server for the home lan on a .1.0/24.  Since the Luma was on the Home Lan and thought it was a hub, it was also a DHCP server and running NAT as well for the .55.0/24 network.

 

My network, which was normally rock solid, started having issues because of the above setup. Internet connections started to fail, and my Sophos WAN interface would shut down. 

 

Moral of the story is that the Luma is designed for ethernet back haul from the node to the hub. If you run unmanaged switches in your house (i.e., no VLAN capability) you will have similar issues as i just described. 

 

Per Luma Support, the nodes are meant to be connected to the hub. It would be nice if they had that in their setup guide or other documentation. 

Link to comment
Share on other sites

Welcome to the forums!

 

Not to sound mean but with your configuration the results you got would be what I would of expected. For one Luma can't be put into 'bridge mode' so there is no way to disable the routing and DHCP server on Luma. 2nd the the subnet on Luma can't be changed so it uses 192.168.55.x and hands out IP address in that rang like it or note. 3rd you did the rite thing by setting up the first Luma on the DMZ but each node that is connected using 'Ethernet backhaul' also needs to be on a switch off the DMZ so they can communicate on a totally different network in the 192.168.55.x network. If you had used wireless mesh for the nodes it would of worked fine. Luma has told me support for setting up Luma in 'bridge mode' is on the list but no ETA. I agree support for setting up Luma in 'bridge mode' is needed and I can't wait for it to be supported. Many of us run our own routers with UTM and I am not interested in changing that.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Similar Content

    • Dave
      By Dave
      I learned this at CES 2018 and First Alert didn't like it.  Didn't like it at all.  In fact, they brought over someone else for me to speak with so they could try to save face and hush me up.
       
       
      Luma was once a darling in the Wi-Fi industry.  Well, all the way up to releasing their product.  It seems they couldn't fill orders fast enough and when they did the folks waiting the longest still stood empty handed.  It was feature short and owners and fans quickly realized it would be consumed by another product.  It didn't have the features or the customer service to keep up with companies like Eero and Netgear.  Fast forward to January 2018 and First Alert now is the proud owner of a mesh Wi-Fi company!  Can you guess what they will put in their smoke alarm next?
       
      I ask the person I was handed off to, "Why no announcement?"  Answer, "We don't announce these type of things."  He air-quoted, "Corporate."  I grilled him more and encouraged an announcement if for anything, the people who have purchased Luma devices.  They deserve to know.  I got nowhere with First Alert.  They were not going to budge and politely asked me not to write it.  No scoop for you!  I like this company so I obliged.  Did they follow up? No. Did they thank me? No.  I don't need a thank you but I kept my word.  Well, I did call @jcollison to file the report with him so someone would believe me when the news finally did break.  I knew it would, but I made a promise to a company, and I kept it.
       
      This is a good fit for Luma because as I stated earlier they were no match for their rivals.  I don't know if it is a good fit for their customers, early adopters, and fans however.  I sold my Luma gear so nobody contacted me telling me the roadmap.  Did they contact you?
      It could be a better product now, I have no idea! I spoke with them at CES 2017 and they were excited for the new year but with reservation as they knew the road behind them was bumpy.  
       
      But hey, now we can have a smoke alarm with Wi-Fi in it!   Let's just hope they don't do anything silly like put Alexa in it or make it a speaker.  
      https://www.firstalert.com/product/safe-sound/
       
       

       
      Oh, guess I'm too late on that request.  I hear it sounds "Onederful."  All kidding aside, I like the idea of Wi-Fi in a product like this.  Their roadmap will bear that fruit.  I don't like "Alexa in the sky" and the sound of this speaker at CES was abysmal and will not compete with Sonos and all the new countertop smart speakers.  Maybe it was just show floor noise but let's hope they improve upon that sound.
       
      They hurriedly packaged the Luma app into their own in order to demo the Wi-Fi enabled Smart Smoke Alarm Combo device.  So hurried in fact that they failed to remove a  Luma Logo.  Ya, busted.  I knew prior to that though.  I kept telling the demo person that this app looks familiar.  "Isn't this the Luma app I asked?"  Wow, did she freeze and stammer throughout the rest of the demo.  "This looks like the Luma app," I proclaimed, and then boom.  One little screen deep into the app. Luma Logo. BUSTED!!!
       
      Not even a demo unit. You think they would at least send me a demo unit to hush me up!
       
      There is a bright side for you Luma fans!  
      You can get a 3 Pack for $99
      https://computers.woot.com/offers/luma-whole-home-wi-fi-router-3-pack-9?ref=w_cnt_wp_1_16

       
      Source:  Me, at CES 2018
      These guys published first though. I kept my word.
      https://www.axios.com/scoop-first-alert-buys-wifi-system-maker-luma-1515771029-93e9ef01-4345-4f42-884b-b86b1f437628.html
       
    • boats4chris
      By boats4chris
      New Luma owner here. Have to say that I am not that impressed with the Luma system as a whole. I like the WiFi signal, but frankly that is only a part of a home network. I am really disappointed in the lack of visibility to the system. I get that it might gear more toward "Plug and Forget" type people, but you still have to have some visibility to troubleshoot problems.
       
      So... here is mine...
       
      Setup the new Luma 3-Pack last night throughout my house. The main Luma is connected to the cable modem on the in port and the out port is connected to an 8 port 10/100/1000 switch (#1). It seems like the other wired devices on the switch are working fine. I have another hub/switch (#2) connected to #1. I have a Tivo box that I plugged into #2 and it does not seem to pick up a DHCP address.
       
      For troubleshooting purposes I moved the Tivo connection to #1 and still no DHCP. I reset the master Luma (pulled the power) and it eventually came back online and did offer a DHCP address to the Tivo. I thought that was the trick and so I reconnected Tivo back to #2 and no DHCP. So... I connected back to #1 and still no DHCP. I ran out of time to try the whole reset Luma thing again, but I was wondering if anyone else has seen issues with DHCP and wired devices? It seems like once it sends them out, it does not try again. 
       
      It is also very disappointing that there is no visibility to any of the configuration aspects of the Luma settings. Like how long the lease time is, etc.
       
      I guess I might have to spend the weekend using wireshark to see if I can see what is going on, just wondering if anyone else has worked through any DHCP issues with them.
       
      On a side note... very nice site, lots of great information! Thanks!
       
    • pk1
      By pk1
      As LUMA's wireless mesh devices start to roll out, I imagine this topic will come up more than once so permit me to relate my experiences getting LUMA to play nicely in the sandbox with Sonos.  Because there is so little literature on the topic at this point, my experience (and ultimate success) was mostly the product of trial and error.  My setup is the ubiquitous antiquated MI424WR Verizon Actiontec cable modem/router.  I have the following paired Sonos components:  2 sets of paired Play 1s, 1 set of paired Play 5s (1st edition), and 2 Sonos Connects.  With the new wireless network, I had previously removed the Ethernet cable from my Play 5 located closest to the router.  Once I installed all 3 LUMAs from my newly arrived 3-pack, and without any adjustments to my Verizon router settings, my Sonos app could no longer find the Sonos network.  I tinkered with a variety of solutions, getting one pair of Play 1's to be recognized when my phone was in close proximity to them.  However, as soon as I walked about 30 feet away, the phone app. could once again no longer find the Sonos network.
       
      Well to make a long story short, with several solutions proving to be dead ends, I decided to plug an ethernet cable from the back of one of my Play 5 stereo pairs (the one that had formerly been plugged into the Actiontec router before Sonos went completely wireless) into the OUT port on the back of the LUMA,  The In port of that device was plugged into my Actiontec router. All my Sonos components magically appeared.  Moreover, I was able to travel throughout the house and even into my backyard without losing the connection to the Sonos components. I note that I did this first without disabling the wireless on the Actiontec router.  That's the curious thing about LUMA - although you can run it as your only wireless, it appears you don't have to. Effectively, this means you can have some components on your 192.168.1.XX Actiontec DNS range, and others on the LUMA 192.168.55.XX range.  
       
      But my next test was to see if it would still work when I turned off the wireless on the Actiontec router. (I note that keeping the Actiontec wireless enabled effectively circumvented LUMA's ability to cut off internet service; devices would just reroute to the Actiontec router.)  So I wanted to see if I could maintain my Sonos connection after disabling the wireless on the router.  With the Play 5 now plugged into the LUMA and the LUMA, in turn, plugged into an open LAN port in the back of my router, I was pleased to see that the Sonos app continued to work even after the Actiontec wireless was set to off.  
       
      In sum, the simple, if not intuitive, solution turned out to be the best.  No resetting the controllers or fooling around with the DNS server ended up being necessary.  Just a spare ethernet cord was all it took. 
       
      Incidentally, while I am not blown away by the speed of the LUMA (which never seems to change according to the app and seems to be about double what my Speedtest app says it is), I am impressed by its range.  I have a 4000 square foot house with very poor wifi range using the Actiontec router.  With the 3 LUMAs strategically placed on the left, center and right sides of the houses, I was able to get excellent coverage throughout the house and a good 50 feet into the backyard.  That alone has made the purchase worthwhile.  
       
      Hope this helps.
       
       
×
×
  • Create New...