topic Re: Nest Thermostat in General Topics

Nest Thermostat

BobW — Mon, 21 Mar 2016 21:18:04 GMT

Anyone running a Nest Thermostat behind a Palo Alto Networks firewall? I am seeing an inability to connect to the nest site. Logs show a repating SSL on 443 with session end reason: tcp-rst-from-client

Any thoughts would be appreciated.

Bob

Re: Nest Thermostat

gwesson — Mon, 21 Mar 2016 21:25:22 GMT

I've got a pair of Nests at my house behind a PA-200. Almost all the connections end up with a client reset, but everything works for my Nest reporting and login. My phone can manage them just fine, and I can see all my historical data. I think that Nest is just really aggressive with TCP handling.

Here's a screenshot of my logs. You'll notice that everything ends with rst, but the byte sizes are significant:

Hope this helps,

Greg

Re: Nest Thermostat

BobW — Mon, 21 Mar 2016 21:32:21 GMT

Thanks for the prompt reply.

I have very similar logs. Problem is it is always offline and can not be controlled. As soon as I remove the PA-200 and switch to an old school wireless router it works fine.

Any thoughts on what settings to tweak, what to look for to try and figure it out? etc.

Thanks

Bob

Re: Nest Thermostat

gwesson — Mon, 21 Mar 2016 21:39:35 GMT

I haven't had any issues with it connecting and being controlled. Are you doing NAT on your firewall for the Nest device? That's the only thing I can think of, as it doesn't need any inbound rules and your security rules are probably good.

Re: Nest Thermostat

Kelly_Olivier — Sun, 04 Mar 2018 02:57:02 GMT

Any update on this? I am troubleshooting Nest cameras and thermostat with the same symptoms.

Re: Nest Thermostat

BobW — Mon, 05 Mar 2018 20:16:27 GMT

My solution was to throw up another AP/router with a different SSID for the Nest as well as the PS4 and other UPNP devices. That assumes your ISP gives you more than a single external IP.

Hope that helps,

Bob

Re: Nest Thermostat

tcasw86 — Tue, 06 Mar 2018 20:07:38 GMT

I'm running a nest thermostat (v3) at home behind a PA-200 and haven't run into any issues or had to configure anything differently. Have you chedked the unified log to make sure any other traffic required may not be being blocked?

Re: Nest Thermostat

Rob_Notman — Thu, 15 Mar 2018 15:09:08 GMT

The problem the Nest is having (or at least mine was having), is that it is trying to use the dropcam app on a non-default port (tcp-9543). if you're using policies that use application-default to allow your nest traffic out, it won't work.

Add a rule that allows dropcam (& web-browsing) outbound using tcp-9543 (along with your regular app-default outbound rules) and you should be golden.

Re: Nest Thermostat

willsimon — Thu, 09 Aug 2018 16:08:44 GMT

I just noticed our Nest thermostats are using tcp/9543 and are being ID'd as dropcam as well. Seems like a bad app-ID.

Re: Nest Thermostat

mikep97 — Sun, 23 Aug 2020 16:11:43 GMT

Hello,

Its 2020 and i also had the same issues of all 8 of my nest protects and 2 cameras disconnect from the nest services. They were still on my wifi networks, i could see the dns requests hitting the firewall and a single http request, but that http request never got a response from the nest cloud. I figured out that my firewall had a bad entry in its dns cache for the nest cloud. Once i disabled the dns cache option on the firewall everything came back to life. Just thought i would post the solution here. Thanks, michael