Which ports and public IPs shall I allow through my company firewall?

To enable the communication service between the Internet protocol and the

FactoryTalk Remote Access Manager

, at least one of the following TCP ports of the remote services shall be set to open on the main servers of the Server Infrastructure. The ports listed below are set as default and can be accessed and viewed through the computer settings.

Furthermore, both the Runtime and router need to resolve the Infrastructure servers IP address through a dedicated domain name resolution server (DNS). To enable this process, the following ports shall be set to open:

The connection from clients to the Access Server uses TLS 1.2 with certificate authentication. Clients can use the default TCP 443 outgoing port or can be configured to use port 80 or 5935 (TLS is still in use), depending on which solution is best to comply with local IT policies. Clients automatically test available outgoing ports, but they can be configured to operate with a fixed port.

Remote devices and the router then search for any open port to establish a server connection and consequently an end-to-end connection.

These settings allow you to locate each device by its own IP address within the network through the

FactoryTalk Remote Access

Tools.

All of the connections available in the

FactoryTalk Remote Access Manager

are made through an SSL/TLS protocol, regardless of the port used for each connection. This protocol allows for a safe and private data transaction between the server and Runtime.

The UDP 123 port shall be set to

open

, to allow the clock synchronization through the SNTP protocol.