What Happens On The Network During A PRO Firmware Update

During a firmware update on a Room Alert 32S, 12S or 3S, your system communicates with your device using a combination of standard network traffic and a high volume of UDP packets.

The update process includes the following steps:

Step	Protocol
1. Discover the device on the network	UDP
2. Unlock the device’s firmware update mode	HTTP or HTTPS
3. Transfer firmware data to the device	Rapid UDP or HTTP/HTTPS (device dependent)
4. Verify and completing the update	UDP and/or HTTP/HTTPS

The actual firmware transfer process may generate a rapid burst of UDP traffic while firmware data is being transmitted to the device; this behavior is expected and is required to complete the update. Because firmware updates involve direct low-level communication with the hardware, the traffic pattern can look unusual compared to normal web browsing or office applications.

Updates Over HTTPS

When HTTPS is enabled, communication between the utility and the device is encrypted and requires additional negotiation and validation steps.

This can introduce:

• Additional network overhead
• Longer communication timing requirements
• Increased sensitivity to packet loss or filtering
• More opportunities for security software to inspect or interrupt traffic

In environments with strict endpoint protection, deep packet inspection, or advanced firewall policies, HTTPS-enabled communication is more likely to experience interruptions during the firmware update process.

Updates On Networks With Endpoint Security

Many modern security platforms are designed to detect behavior commonly associated with malicious activity, including high-rate UDP traffic, unexpected device-to-device communication, and repeated packet transmissions. As a result, some security products may rate-limit packets, modify packet headers in transit, drop UDP traffic, interrupt the firmware transfer, or terminate the update entirely.

Examples of software that may affect updates include:

• Endpoint Detection & Response (EDR) platforms
• Antivirus software
• Advanced firewalls
• Network intrusion prevention systems
• Zero trust network tools
• Deep packet inspection appliances

In some environments, the security software may interpret the firmware transfer as suspicious network activity or a flooding event.

Common symptoms of security software interference include:

• Devices discovered but updates failing
• Firmware transfer starting but never completing
• Random timeout errors
• Updates working on one network but not another
• Updates succeeding only after disabling security software
• Updates succeeding from a home network but failing on a corporate network

Best Practices

If updates are failing consistently, we recommend:

• Temporarily disabling endpoint security software for testing
• Allowing UDP traffic between the update host and the device
• Whitelisting the device’s IP address or MAC address
• Whitelisting the update utility in antivirus/EDR software
• Trying the update from a less restricted network
• Trying the update over direct connection. See How To Connect A Room Alert Monitor Directly To A Computer.
• Working with your IT department to review network security policies

Your IT or security administrator may need to explicitly allow this traffic if aggressive filtering or flood protection is enabled.