Network Firewall
When the network used by the AADvance or
Trusted®
system is connected to another network, the connections must pass through the firewall. These communication ports are supported by the AADvance-Trusted SIS Workstation software®
:Protocol | Port Number | Availability | Purpose |
|---|---|---|---|
TCP | 502 | When configured | Modbus® slave |
TCP | 1100 | Used locally (remote access can be blocked) | Trusted Simulator |
TCP | 1132 | Always available | AADvance, application downloads, debug, SOE, etc. |
TCP | 2000 | When configured | Modbus RTU |
TCP | 6000 | Always available | Trusted , application downloads, debug, etc. |
TCP | 10001-10006 | When configured (and the application is stopped) | Transparent Communications Interface (serial tunneling) |
TCP | 44818 | Always available | CIP™ produce and consume |
TCP | 55555 | Always available | AADvance Diagnostic interface |
TCP | 23 | Always available | Trusted Diagnostic interface |
UDP | 123 | When configured | SNTP |
UDP | 1123, 1124 | Always available | SNCP bindings |
UDP | 2010 | Always available | Discovery and configuration protocol (DCP, Rockwell Automation® ) |
UDP | 2222 | When configured | CIP produce and consume I/Os |
UDP | 5000 | When at least one P2P subnet is active on a controller | Peer-to-Peer |
UDP | 44818 | Always available | CIP produce and consume |
When the
Always available
ports are not configured or unused, they are open to unauthorized access. Perform the following actions to protect network ports:- If the network used by the system is connected to another network, the connection must pass through the firewall to protect the system from potential threats from other networks.
- Configure the firewall to block all communication ports. If required, enable a specific port to a device needing to communicate with other devices on other networks.
- The SNCP port must only be allowed to pass through the firewall if theWindows®PCs running theAADvance-Trusted SIS Workstation softwareare on a separate network.
- The variable bindings port must only be allowed to pass through the firewall if the AADvance controller is communicating with another AADvance controller on a separate network.
- The other communication ports (such asModbusand SNTP), must only be allowed to pass through the firewall if the AADvance controller,Trustedcontroller, orWindowsPC communicates with other devices on other networks.
Provide Feedback