SOLVED: Honeywell T9 Smart Thermostat

[swfl_extreme]

I know there are similar posts here about this issue, but I have not seen any that were able to get this working. Here's a little background on my setup. I currently have a ZBT-WE826T with a Quectel EP06 modem connected to AT&T with an Unlimited Tablet Plan SIM. I have the WiFi disabled on the WE826 because it is awful anyway. Only LAN connection on my WE826 is to the WAN port of my TP-Link Archer A7 which is in AP mode. Archer handles all of the Wifi and the WE826 does all of the DHCP, Routing, Firewall, etc. The WE826 is currently running GoldenOrb_2022-11-06. All devices on my LAN have NO issues connecting and working as expected (Roku, Firestick, Apple TV, Ring alarm, etc.) I purchased the T9 thermostat and have had no success in getting it to work.

I know from the many posts about this issue that all of the cellular providers use CGNAT and that is what is causing the issue. I have done a lot of troubleshooting with Honeywell support and the ONLY time we were able to get it to work was when they suggested that I connect the thermostat to my iPhone hotspot. That worked flawlessly, but obviously it is not practical. My iPhone is ALSO on AT&T and I would assume that it would also be affected by CGNAT when acting as a hot spot, no? So, my theory is that the only thing causing this issue would have to be the firewall on the WE826, but as I have read numerous times, it is useless to try and setup port forwarding in this environment.

Honeywell has given me the pertinent information on the ports that the thermostat communicates on, but I guess that is pointless if the firewall in this environment is basically just a decoration. I have seen some users mention the use of a VPN in order to obtain a public facing IP address, but not real clear on how to use that to setup port forwarding.

The solution that most people have had is to just buy a different thermostat, but I really want to conquer this challenge without throwing in the towel. If anyone can shed some light as to WHY it would work when connected to the AT&T network through the hot spot on my iPhone, but doesn't work when connected to my LAN, I would greatly appreciate it. (I think you're going to tell me the issue is double NAT)

[swfl_extreme]

Y'all got nothing?

[Didneywhorl]

I don't tihnk forwarding is useless, I would go that route and play with firewall zone settings.

[swfl_extreme]

I don't tihnk forwarding is useless, I would go that route and play with firewall zone settings.

I'm pretty sure it's going to be useless. Here's why I say that...
wwan0 Address: 10.106.161.123/29 Gateway: 10.106.161.124

Whatismyip shows My Public IPv4 is: 107.77.202.189

That is proof of CGNAT, no? The thing I have read over and over again on this forum is that port forwarding will not work due to CGNAT.

If I am mistaken and someone has been able to successfully get some ports forwarded, please let me know how you did it.

[Didneywhorl]

What port does the Thermostat use for it's cloud connection, regardless of IP address?

[swfl_extreme]

From Honeywell support:

"make sure the thermostat can connect to the following connection points:
Resideo- App Devices:
provprod.clouddevice.io
fwuprod.clouddevice.io
weather.clouddevice.io
lcc-prodsf-lcc01sf-iothub.azure-devices.net
lcc-prodsf-lcc02sf-iothub.azure-devices.net
T series thermostats use a persistent AMQPS connection on Ports 5671 and 5672, negotiated by a port 443 request"

[swfl_extreme]

Interestingly, the ONE time I was able to get it to work was when they had me connect the thermostat to my iPhone hotspot (also AT&T) and the thermostat got an IP address on the 107.77.x.x subnet (public facing IP address when connected to my iPhone personal hotspot)

[Didneywhorl]

Maybe open up 5671, 5672, and 443 to allow all inbound and outbound?

[swfl_extreme]

Maybe open up 5671, 5672, and 443 to allow all inbound and outbound?

I've tried it in Firewall with zero success. I then tried to do it in traffic rules, but again nothing