SIMATIC WinCC Open Architecture Forum


https://www.winccoa.com/forum/

Firewall ports to be opened fro wincc oa

https://www.winccoa.com/forum/viewtopic.php?t=9510

Page 1 of 1

Firewall ports to be opened fro wincc oa

Posted: Thu Sep 13, 2018 4:43 pm
by Asem Bani Salameh
Good day,

I want to ask about the ports that are used by wincc oa to be opened through the firewall between multiple subnets.

In the system architecture we are using redundancy and distributed.

1) Should the event , data , pmon ports to be opened between the Distributed or redundant servers.
2) For the distributed system should we open only one port with distPort config or we will need two ports for bidirectional communication and the same applies for redundancy ( do we need one port or two for reduPort )?

Please if possible list all needed ports that we have to open through the firewall.

Regards

Re: Firewall ports to be opened fro wincc oa

Posted: Fri Sep 14, 2018 8:33 am
by leoknipp
Which ports are needed for the inbound communication depends on the project configuration.
If you are using the Multiplexing Proxy only the proxy port is used for inbound communication. Otherwise all ports used by WinCC OA need to be opened for inbound communication.

In the WinCC OA Documentation you will find the information what the standard ports are for every manager which is opening a server port (Data, Event, Redu, Dist, Split, Proxy).

Best Regards
Leopold Knipp
Senior Support Specialist

Re: Firewall ports to be opened fro wincc oa

Posted: Thu Oct 11, 2018 3:46 pm
by Asem Bani Salameh
Hi Leo,

The case is not multiplexing proxy, ports to be opened are the normal managers ports (distrib,event,data,etc...) .

one of the endpoints (server or client) sends the packet over a specified port configured in the config file ,while the other is receiving on an arbitrary port (random) , is there a range of random ports or is there a way to declare the sending and receiving ports.

Please clarify the communication criteria.

Thanks

Re: Firewall ports to be opened fro wincc oa

Posted: Fri Oct 12, 2018 8:41 am
by mkoller
There seems to be a misunderstanding in how the communication via the ports works.
In TCP, you have the server listening for incoming connections on a specific port (in WinCC_OA this is
the eventPort, dataPort, mxproxy port, dist port). This is the port which needs to be reachable
through the firewall - and only this.
What you might be thinking of is that the OS assigns an "arbitrary" port for the then established communication, but this
does no longer matter, since the firewall blocks the INCOMING connection requests to the server port.
All times are UTC+02:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited