Remote access to the WebUI of the Teltonika router should only be enabled, especially with a public.IP, if the router is located at an external site without direct access. However, if the router is located at a local site with direct access, remote access should better be deactivated for security reasons. For this, please also note the FAQ Safety instructions to use a public.IP.

In order for the remote access to the WebUI of the Teltonika router to work, there are a few things to consider:

1. Activate remote access

At Administration in the tab Access Control the desired HTTP or HTTPS remote access must be activated:

WebUI
Enable remote HTTP access	The HTTP remote access to the router is enabled.
Enable remote HTTPS access	The HTTP remote access to the router is enabled.

2. Set the correct Source zone

At Network -> Firewall in the tab Traffic Rules the correct source zone must be set for the rules Enable_HTTP_WAN (HTTP remote access) or Enable_HTTPS_WAN (HTTPS remote access):

Traffic Rule	Source zone
Enable_HTTP_WAN	From any host in wan	HTTP remote access to the router with the IP address of the SIM card or WAN port.
	From any host in vpn	HTTP remote access to the router with the mdex fixed.IP+/public via OpenVPN.
Enable_HTTPS_WAN	From any host in wan	HTTPS remote access to the router with the IP address of the SIM card or WAN port.
	From any host in vpn	HTTPS remote access to the router with the mdex fixed.IP+/public via OpenVPN possible.

3. Hint about using DMZ Configuration (forwarding of all ports & protocols)

3.1 Legacy Firmware

If the option DMZ Configuration (forwarding of all ports & protocols to a terminal device) is used at Network -> Firewall in the tab General Settings, the router automatically creates the required port forwarding rule tlt_allow_remote_http(s)_through_DMZ at Network -> Firewall in the tab Port Forwarding. This rule still allows remote access to the router in this constellation with activated "DMZ Configuration":

Port Forwarding Rule	Source zone
tlt_allow_remote_http_through_DMZ	From any host in wan	HTTP remote access to the router with the IP address of the SIM card or WAN port
	From any host in vpn	HTTP remote access to the router with the mdex fixed.IP+/public via OpenVPN.
tlt_allow_remote_https_through_DMZ	From any host in wan	HTTPS remote access to the router with the IP address of the SIM card or WAN port
	From any host in vpn	HTTPS remote access to the router with the mdex fixed.IP+/public via OpenVPN.

If the router LAN IP address or the router HTTP(S) port is subsequently changed, this rule is automatically adjusted so that remote access to the router is still possible. Should "DMZ Configuration" be deactivated, this rule tlt_allow_remote_http(s)_through_DMZ is no longer required and is automatically deleted.

When using an mdex fixed.IP+ via OpenVPN or mdex public.IP via OpenVPN please refer to the notes in the FAQ Important notes about using an mdex fixed.IP / public.IP via OpenVPN.

Problem with firmware RUT2XX_R_00.01.14.3 and RUT9XX_R_00.06.08.5

Due to a software bug in the firmware RUT2XX_R_00.01.14.3 and RUT9XX_R_00.06.08.5 the automatic rule tlt_allow_remote_http(s)_through_DMZ was erroneously deleted as soon as the tab General Settings on Network -> Firewall was called and left again. Now remote access to the router was no longer possible.

• As a remedy, all routers pre-configured by mdex in this constellation were supplied with an additional port forwarding rule Router Remote Access for remote access.
• In the event of subsequent changes to the router LAN IP address or the router HTTP(S) port, this additional Router Remote Access rule must also be manually adjusted under Network -> Firewall in the Port Forwarding tab. If remote access is no longer desired, this rule Router Remote-Access must also be deactivated or deleted.

This problem was solved with firmware RUT2XX_R_00.01.14.5 and RUT9XX_R_00.06.08.6, so that since then the routers are delivered in this constellation without additional rule Router Remote Access. Routers with older firmware versions should be updated.

3.2 Up from Firmware R_00.07.03

Warning: Can't find named section Workaround in topic Support.QNARUTMdexOVPNServiceEn