Pomoc

General

I want to use the remote access function. What do I need for this?
To use the remote access function, you need a Gira S1. You can obtain a Gira S1 from electronics retailers. An internet connection is also required.
How much does the remote access function cost?
The licence for using the remote access function is included in the price of the Gira S1.

Commissioning/Update

Do I need to have KNX to use the remote access function?
No, KNX is not absolutely necessary for the remote access function. However, some extended functionalities, such as sending messages composed by the user, require a KNX connection.
Is the set-up complicated?
No, set-up is quick and easy. You simply connect the Gira S1 to the power supply and the internet router. Next, you can register the Gira S1 in the <a class="lnk" target="_blank" rel="noopener noreferrer" href="https://geraeteportal.gira.de">Gira device portal</a> using the registration ID printed on the device. You can then set up access for the Gira Smart Home app or the Gira HomeServer app, for example, in the “Remote Access” area. You subsequently enter these data in the respective app.
Do I have to register on the Gira device portal?
Yes, you need a Gira device portal account in order to register the Gira S1.
It is not possible to complete the registration of the Gira S1 at the Gira device portal. The following error message appears: “The serial number cannot be assigned”. What does this mean?
To register the Gira S1 in the device portal, the device must first be connected to the internet.
Is the Gira device portal necessary in order to operate the Gira S1?
Yes, the Gira S1 works only in conjunction with the Gira device portal.
How do I perform a firmware update for the Gira S1?
There are several ways of updating the Gira S1 firmware. If you are using the Gira S1’s remote access template in a GPA project, you should open the corresponding GPA project and select the new firmware version via “Project settings -> Firmware management -> Manage firmware versions” and then initiate the Gira S1 start-up process. If you are not using the remote access template, you can update the Gira S1 in the GPA via “Maintenance and update” or you can perform the update via the Gira S1 device website, where the menu item “Update firmware” is available.
Can the three KNX/IP ETS interfaces be used for download and the group and bus monitor?
Yes, the interfaces support all download operations as well as the group and bus monitor.

Links

Does the link to web interfaces work with all devices?
When using this function, it is important that the device’s web server can be accessed via unencrypted HTTP and that no other communication channels (via Java, JavaScript or browser plug-ins) can be used to bypass HTTP. In our experience, there may be limitations in function in rare instances. It is often the case that not all video encodings are supported for web cams, for example. There are also devices that work better or worse depending on the browser used. In such cases, it may be worth trying out another browser.
How can I access devices in the remote network (such as an IP camera)?

Open the “Links” view.

You have the option to search for devices in the network or to add a link.

To add a link, give the link a name.

Enter the device URL or IP address where the device can be reached in the remote network.

Click on “Apply”.

To access a device, click on the corresponding device in the link overview.

Remote Access

How can I connect applications (such as the Gira Smart Home App) to the remote access portal?

Open the “Remote Access” view.

Click on “Create new app access”.

Enter a name of your choice to make the assignment easier and click on “Apply”.

Enter the activation code shown in your app’s remote access configuration.

Message Forwarding

How can I forward remote access notifications to my smartphone?

Open the “Message Forwarding” view.

Click on “Create new forwarding”.

Select which notifications are to be forwarded. You can select by urgency and/or category. The entries correspond to the fields from the ETS and must be written in the same way.

Select the forwarding medium and click on “Apply”.

Portal Users

What is the difference between owner and administrator?

The owner can remove all rights from all other users, including other administrators, at any time, but no-one can refuse access to the owner.

The owner is the person who is legally responsible for the use of remote access. During the construction phase, this is usually the electrical installer or system integrator.

Ownership is transferred to the installation owner by ownership transfer.

How can I transfer ownership?

If you are the current owner, click on the “Change owner” button in the “Portal Users” view.

Enter the e-mail address of the new owner and a description if necessary and click on “Apply”. Important: The new owner must be registered as a user in the Gira device portal!

You and the new owner will receive an e-mail with a confirmation link.

When both you and the new owner have accepted, you will both receive an e-mail to that effect and ownership is transferred.

If one of the requests is not confirmed, no transfer of ownership will take place.

How can I restrict a user's rights?

To do this, you must have administrator rights, i.e. you must be entered as an owner or administrator under “Portal Users”. Click on “Edit” on the line of the desired user.

A user's role refers to the configuration options in the device portal only. Access rights to the network are controlled by the access groups.

What is the difference between resident and installer?

It is possible to use access groups to grant access to the KNX installation or the remote network temporarily or permanently, depending on the group.

KNX communication objects can be used to activate or deactivate access options for the “Residents” and “Installers” groups separately from one another at any time.

VPN Access

Which requirements must be met before I can use the Gira S1 for VPN?
Your Gira S1 requires at least firmware version 6.1 and you require an OpenVPN Client.
Which connection type should I use for the VPN connection?

Create your own network (recommended)

This connection type creates a separate network between your PC/smartphone and the Gira S1 and offers additional security. The data volume is lower than it would be if your PC/smartphone participated directly in the Gira S1 network.

Direct participation in the Gira S1 network

The PC will receive its own IP address in the Gira S1 network. The required data volume is higher than it would be if a separate network were used between the PC/smartphone and the Gira S1.

This setting is required for certain application purposes that do not allow a connection via “Create your own network”, for example if you want to manage your Sonos system with the Sonos Windows App.

Important information:

Automatic IP address assignment via DHCP must be activated in the Gira S1 network.

OpenVPN profiles with this setting cannot be used with the “OpenVPN Connect” app for Windows, Android and iOS.

Should I allow all data traffic, including internet, to pass through the VPN connection?

If yes, not only do you access the content in your target network, but you also send all other data such as web page views via the target network. The increased data volume can slow down the VPN connection. This setting is usually required for segmented networks.

If no, then only data exchange with the target network takes place via the VPN connection. Internet traffic passes directly through the local router or mobile network as usual.

Why do I need the VPN configuration file and where do I import it?

You need an OpenVPN Client to access your home network via VPN. You can use the VPN configuration file to establish the connection between this OpenVPN Client and the Gira S1.

Download the “OpenVPN” software here and install it on your PC.

If you intend to use the VPN with your smartphone or tablet, install the “OpenVPN Connect” app for Android or iOS on your mobile device. However, the app only supports the recommended “Create your own network” connection type.

Once you have installed the OpenVPN Client, upload the VPN configuration file there.

IT Information

Which protocols can be used to access devices in the remote network?
Without installing the Gira S1 Windows Client, you can use the link function at the Gira device portal to access devices in the remote network, which can be reached via HTTP. This includes nearly all devices with a browser-based user interface. These devices are found automatically via UPnP. Besides KNX/IP and the Gira HomeServer, all TCP-based protocols, e.g. Telnet, ssh, HTTPS, Windows Remote Desktop, ftp etc., work with the Gira S1 Windows Client.
What permissions do I need to give my firewall?

The Gira S1 communicates with the device portal exclusively via an HTTPS connection. All data are exchanged in both directions via this connection, so no additional firewall configuration is usually necessary.

If you would like to restrict network access to certain domains and ports, we recommend configuring exceptions. The domains and IP addresses listed in the following table may change during certain maintenance work on the portal! You will be informed of any such work by e-mail.

Domain IP Address Port Required for
securedeviceaccess.net 185.201.145.10
2a06:2380:0:1::194		 TCP 443 all functions
api.securedeviceaccess.net 185.201.145.10
2a06:2380:0:1::194		 TCP 443 all functions
hub.securedeviceaccess.net 45.12.49.68 TCP 443 all functions
hub1.securedeviceaccess.net 45.12.49.68 TCP 443 all functions
hub2.securedeviceaccess.net 45.12.49.85 TCP 443 all functions
vpnproxy.securedeviceaccess.net 45.12.49.86
2a06:2380:0:1::22a		 TCP 80 VPN functionality
httpaccess.net 45.12.49.91
2a06:2380:0:1::231		 TCP 443 link functionality on the portal
ise.de 62.225.178.226 TCP 80 firmware update via the device website
0.europe.pool.ntp.org (standard NTP server) or other configured server
from Gira S1 5.0: pool.ntp.org (standard NTP server)		 UDP 123 NTP time synchronization with activated time server function
deviceservices.securedeviceaccess.net 185.201.145.43 TCP 443 Gira DCS-IP gateway
(Last amended on 01.03.2025
How much internet data traffic is generated if the Gira S1 is connected to the portal?
To maintain the connection, approx. 400 bytes of data traffic/minute are generated. This corresponds to approx. 560 kB/day or 16.5 MB/month. This data volume is not charged as user data by the Gira device portal as laid down within the limitation of the data volume in the licence agreement for the Gira S1.

Data Privacy/Data Security

What data does the server store?
The server only stores data that are absolutely necessary for providing the service. In addition to the data you provided when registering and the data that can be viewed on the user interface, this includes information on the quantity and time of the data volume transferred and the data that can be viewed on the user interface. The server does not store any other user data. We operate our server in Germany and observe the strict German and European data protection regulations.
Is it possible to guess the registration ID?
No. There is no way of guessing it or finding it out in a reasonable amount of time by trial and error. You would be able to guess the six winning lottery numbers correctly 70,000 times before you could guess a registration ID. The registration ID is only needed for registration at the device portal and each device can be registered only once.
Can the Gira S1 web site also be accessed securely via the internet?
Yes, the status page for the device can be accessed securely via the internet. You can access the device website directly via the “Links” tile in the Gira device portal.

Portál prístrojov Gira

Top