Launched a new FH instance today in a client’s AWS environment. The AWS environment was full vanilla and I was using an account that had root permissions (don’t get me started…)
Before the issue a few weeks back where the AMI was removed from the AWS marketplace, launching from the AMI would create the group and required rules automatically. However, it is no longer doing so.
Upon launch, the AMI created a security group but it only had one entry: TCP/22 (SSH). None of the other required ports were created in this security group which rendered the instance unusable until I manually modified the security group.
Just a note that, in an environment where a previous SG does not already have the correct firewall rules, the instance is not usable upon launch of the AMI and requires manual intervention. Creating the security group IS a required step in the documentation, but the October 2023 FusionHub manual is also pretty out of date with the screenshots, password requirements (using instance ID), among other things. This document really needs a revamp.
2 Likes
Create these rules:
sgr-082920817a122f5ff IPv4 Custom TCP TCP 5246 0.0.0.0/0 Used when TCP 443 is not responding
sgr-09b44d0b157b3ea61 IPv4 Custom UDP UDP 4500 - 4504 0.0.0.0/0 PepVPN / Speedfusion Data
sgr-0f0b0d113b66ddc60 IPv4 HTTPS TCP 443 0.0.0.0/0 Web Admin INterface
sgr-0bac7a36de056587b IPv4 Custom UDP UDP 4505 0.0.0.0/0 PepVPN / Speedfusion Data
sgr-0b4100b10bdc89ea8 IPv4 HTTP TCP 80 0.0.0.0/0 –
sgr-0d6b8bd1107969f7d IPv4 Custom UDP UDP 32015 0.0.0.0/0 PepVPN / Speedfusion alternative Data
sgr-0b8455c7eed13b8ae IPv4 Custom TCP TCP 2222 0.0.0.0/0 –
sgr-05ed5fd964ccf1088 IPv4 Custom TCP TCP 32015 0.0.0.0/0 PepVPN / Speedfusion Handshake
sgr-06336024e747f7a49 IPv4 Custom TCP TCP 5312 0.0.0.0/0 Web Admin Interface
sgr-0657c6473bd67a212 IPv4 Custom UDP UDP 5246 0.0.0.0/0 Incontrol Data Flow
I just re-read this… I got those rules from you, Chris!
Yea, My FH AMI needed creds using admin and instance ID, but the one you created for my customer environment has the creds using the customer ID / password. The only difference is that you created the FH in the East AWS EC2, and I was in West AWS EC2. There is definitely some inconsistency that new users may pain through or give up on.
I’m a HUGE fan of FH. It has solved so many of my customer-related problems so far when they are sitting behind CG-NAT.
In your case, you never needed the instance ID as the password due to me adding it to your InControl and having InControl manage the device credentials 
1 Like
