OSI Gen2 Alarm System Installation Problems

Hi,
I'm moving to a house with no prewired alarm system. In fact there is no alarm at all. I decided to purchase the OSI GEN2 Alarm system from Amazon for $300. 
When it arrived it seemed to have very easy to follow setup  instructions. I followed the instructions and added Smart Life application to my Android phone. Then with the OSI Alarm in WIFI discovery mode I tried to add the alarm to the Smart Life app. It would discover the alarm but fail to add it to the application. 

I tried resetting the alarm, I tried adding the alarm to the application manually and neither worked. I tried opening all ports and protocols on my firewalls for the IP Subnet of the WIFI. I set my Authentication to WEP2/Personal, I made sure there was no connection from the 2.4Ghz WIFI to Wifi5 or WIFI 6 & the 2.4Ghz WIFI SSID was clearly identified. None of this worked.

Then I assed a friend to use us phone, I created a hotspot with his phone and connected my phone to his hotspot. I was immediately able to add the OSI Alarm to Smart Life using the hot spot. When I disconnected from the hotspot I was still connected to the OSI Alarm and was able to arm and disarm the alarm system, get notifications on my smart phone about the alarm, control settings on the alarm from the Smart Life app.

Since disconnecting from the hot spot and using my own WIFI I was not able to rename accessories like sensors and motion detectors. Renaming these accessories is done on the smart life app and when saved appear in the OSI Alarm screen.  Is this a big problem? I would say no. Default names, custom names, they are just labels therefor in my opinion not important.

Regardless I would like the system to function 100%, so I have asked OSI support for assistance with this issue. Lets see what they come back with.


What you can take from this post is that the hotspot option is a good way to connect to the OSI Alarm when it does not work on your own WIFI network.  In my case I use two hardware firewalls and have enabled dozens of protections and limitations, 

As far as I know so far, the alarm system uses WIFI for its connectivity. I don't see why the internet has anything to do with it. Unless the Smart Life app and the OSI Alarm connect to internet resources. In this case there must be ports and hostnames or IP addresses that it connects to and transmits data, I allow most standard known ports outbound, it must be using non-standard/custom ports.

I will follow up when the accessories name change issue is resolved,
Thanks

Here is the current status of this issue.

OSI described my configuration to "chargpt 4", whatever that is. Here is the response.


"ChatGPT 4
Based on your description, it sounds like there's a connectivity issue between your devices and the Smart Life app or the OSI Alarm system when connected to your home network, but not when using a hotspot. Given your network's complexity with a double firewall and DMZ setup, there are a few factors that could be causing this issue:

1. **Firewall Rules and Security Policies**: The Juniper SRX 220 and Netscreen GT5 firewalls might have strict security policies or firewall rules that block certain ports or IP addresses required by the Smart Life app or OSI Alarm to communicate with their servers. Smart home devices and apps often use specific ports for outgoing connections to their servers, and if these ports are not allowed through your firewall, the devices won't be able to connect to the internet properly.

2. **NAT (Network Address Translation)**: Smart Life and OSI Alarm devices require internet access to communicate with their respective servers. If NAT is not configured correctly on your gateway or the second hop, it might prevent these devices from accessing the internet. This could explain why they work over a hotspot but not your home network, as the hotspot provides a direct internet connection without the complexities of your home network setup.

3. **DMZ Configuration**: While a DMZ can be useful for hosting your own public-facing servers, if the Smart Life or OSI Alarm devices are mistakenly placed in the DMZ, or if the DMZ is not configured correctly, it could lead to connectivity issues due to exposure to the internet and lack of necessary protections.

4. **ISP's Fiber Modem**: There could also be settings on the ISP's Fiber Modem that are interfering with the connectivity. Some modems have their own firewall or filtering features that might need adjustment.

To troubleshoot and potentially resolve the issue, consider the following steps:

- **Review Firewall Rules**: Check the firewall rules on both the Juniper SRX 220 and the Netscreen GT5 to ensure that they allow traffic for the ports and IP addresses used by Smart Life and OSI Alarm. Unfortunately, without specific port and IP details from these services, you might need to use trial and error or contact their support for more information.

- **Check NAT Settings**: Ensure that NAT is configured correctly to allow devices to communicate with the internet. This might involve setting up specific rules for the devices or ensuring they're not being incorrectly handled by the DMZ settings.

- **Inspect DMZ Settings**: Verify that your DMZ configuration is correct and that it's not inadvertently causing issues for your smart home devices. It might be beneficial to remove smart home devices from the DMZ if they are currently placed there.

- **Contact Support**: If you're unable to find the specific ports and IP addresses used by Smart Life and OSI Alarm, reaching out to their customer support might provide you with the necessary details to configure your network correctly.

- **Test with Simplified Network Setup**: As a last resort, temporarily simplifying your network setup (e.g., connecting a device directly to the ISP's modem) could help identify if the issue lies with the network configuration or elsewhere.

Given the complexity of your network, it's understandable to assume the issue lies within the specific configuration or security measures implemented. Adjusting these settings with a focus on connectivity requirements for your smart home devices should help in resolving the issue."

According to Smart Life tech support, The Smart Life application uses the following ports & addresses

443/1883/8883/8884/8885/8886/8887/8657-> mqtt
6666-> udp
6668-> tcp
80-> http
443-> https

Domain whitelist:
tuyacn.com
tuyaus.com
tuyaeu.com
tuya.com

This of course is some good to know information when locking down policies, but I've tested my configuration with "allow all or allow any" policies which should have worked but did not.

When I tried to populate the Smart Life app with sensor info using a hotspot, it did not work either.

Here is the current status of this issue.
OSI described my configuration to "chargpt 4", whatever that is. Here is the response.
"ChatGPT 4
Based on your description, it sounds like there's a connectivity issue between your devices and the Smart Life app or the OSI Alarm system when connected to your home network, but not when using a hotspot. Given your network's complexity with a double firewall and DMZ setup, there are a few factors that could be causing this issue:
1. **Firewall Rules and Security Policies**: The Juniper SRX 220 and Netscreen GT5 firewalls might have strict security policies or firewall rules that block certain ports or IP addresses required by the Smart Life app or OSI Alarm to communicate with their servers. Smart home devices and apps often use specific ports for outgoing connections to their servers, and if these ports are not allowed through your firewall, the devices won't be able to connect to the internet properly.
2. **NAT (Network Address Translation)**: Smart Life and OSI Alarm devices require internet access to communicate with their respective servers. If NAT is not configured correctly on your gateway or the second hop, it might prevent these devices from accessing the internet. This could explain why they work over a hotspot but not your home network, as the hotspot provides a direct internet connection without the complexities of your home network setup.
3. **DMZ Configuration**: While a DMZ can be useful for hosting your own public-facing servers, if the Smart Life or OSI Alarm devices are mistakenly placed in the DMZ, or if the DMZ is not configured correctly, it could lead to connectivity issues due to exposure to the internet and lack of necessary protections.
4. **ISP's Fiber Modem**: There could also be settings on the ISP's Fiber Modem that are interfering with the connectivity. Some modems have their own firewall or filtering features that might need adjustment.
To troubleshoot and potentially resolve the issue, consider the following steps:
- **Review Firewall Rules**: Check the firewall rules on both the Juniper SRX 220 and the Netscreen GT5 to ensure that they allow traffic for the ports and IP addresses used by Smart Life and OSI Alarm. Unfortunately, without specific port and IP details from these services, you might need to use trial and error or contact their support for more information.
- **Check NAT Settings**: Ensure that NAT is configured correctly to allow devices to communicate with the internet. This might involve setting up specific rules for the devices or ensuring they're not being incorrectly handled by the DMZ settings.
- **Inspect DMZ Settings**: Verify that your DMZ configuration is correct and that it's not inadvertently causing issues for your smart home devices. It might be beneficial to remove smart home devices from the DMZ if they are currently placed there.
- **Contact Support**: If you're unable to find the specific ports and IP addresses used by Smart Life and OSI Alarm, reaching out to their customer support might provide you with the necessary details to configure your network correctly.
- **Test with Simplified Network Setup**: As a last resort, temporarily simplifying your network setup (e.g., connecting a device directly to the ISP's modem) could help identify if the issue lies with the network configuration or elsewhere.
Given the complexity of your network, it's understandable to assume the issue lies within the specific configuration or security measures implemented. Adjusting these settings with a focus on connectivity requirements for your smart home devices should help in resolving the issue."
According to Smart Life tech support, The Smart Life application uses the following ports & addresses
443/1883/8883/8884/8885/8886/8887/8657-> mqtt
6666-> udp
6668-> tcp
80-> http
443-> https
Domain whitelist:
tuyacn.com
tuyaus.com
tuyaeu.com
tuya.com

This of course is some good to know information when locking down policies, but I've tested my configuration with "allow all or allow any" policies which should have worked but did not.

When I tried to populate the Smart Life app with sensor info using a hotspot, it did not work either.
However, we need to remind you that we can not guarantee that the assigned IP address will be permanently exhausted. Although IP addresses do not change frequently under normal circumstances, customers are still recommended to monitor possible changes during the period and update their system configuration accordingly.

China:
a1.tuyacn.com  122.51.123.21
a2.tuyacn.com  42.192.31.36
a3.tuyacn.com  81.69.183.170
m1.tuyacn.com  42.192.34.178
m2.tuyacn.com  42.192.31.13
EU:
a1.tuyaeu.com  18.193.211.120  3.124.85.154  18.194.193.183
a2.tuyaeu.com  35.157.101.18  3.125.199.146  3.125.234.101
a3.tuyaeu.com  18.185.182.159  3.121.131.36  18.195.249.137
m1.tuyaeu.com  18.194.10.142  18.196.142.136  18.197.183.192
m2.tuyaeu.com  18.192.43.219  3.64.85.28  3.65.95.68
US:
a1.tuyaus.com  34.215.2.189  54.185.41.35  52.11.46.148
a2.tuyaus.com  44.231.176.168  44.230.212.240  100.21.15.118
a3.tuyaus.com  54.69.37.156  54.187.112.38  34.218.147.23
m1.tuyaus.com  44.241.48.186  44.238.208.26  44.239.154.208
m2.tuyaus.com  35.162.13.26  34.210.19.179  34.211.189.2

Port 80 443 1883 8883 8886

Hello,
All the ports and addresses are great when locking down policies on a firewall. I was trying to connect using "allow everything policies" and using a hot spot. I was never able to add sensors to Smart Life and rename them. 

When I move in April I will try to configure the system from scratch using my new ISP and without any firewalls added. If it works I will then lock it all down using the addresses and ports OSI has provided.

So to summarize what the status is art this time. I was able to add the OSI Alarm to my wifi network & controllable through  Smart Life on my smart phone.  I am not able to see sensors in smart life & rename them.