+45 75 64 33 99
info@actcom.dk
Blog
For your convenience, we assume the following configuration:
The sprinkled network segment receives the network address 10.10.20.0 /24 assigned, the surrounding network receives the network address 10.10.10.0 /24.
The unit on the island always has the IP address in the following rules 10.10.20. 20, the device in the surrounding network has the IP address 10.10.10. 10.
TABS Displays Different Protocol Settings:
{tab File Server Access (TCP/IP)}
File Access From The Island Computer To A File Server (NetBIOS)
Sharing Windows File Access TCP / IP
File access is via the SMB protocol. To do this, the overwhelmed host must establish a TCP connection to port 445 on the file server. If access is made directly through the file server’s IP address, this rule is sufficient.
| The island’s network | TCP | Surrounding networks |
| IP: 10.10.20.20 Port: All |
 |
IP 10.10.10.10 Port: 445 |
{tab File Server Access (Netbios)}
File Access From The Island Computer To A File Server (NetBIOS)
Should older control computer – for example, based on Windows XP – access Windows networks you need in addition to TCP port 445 also allow a session-based NetBIOS transport protocol on port 139 / TCP.
Please note that these old operating system versions are uncertain!
Rule 1: Solution of NetBIOS Session Service Allow data transfer via the connection-oriented session service.
| The island’s network | TCP | Surrounding networks |
| IP: 10.10.20.20 Port: All |
|
IP 10.10.10.10 Port: 139 |
Rule 2: File Access Sharing
Create TCP connection to port 445 on the file server.
| The island’s network | TCP | Surrounding networks |
| IP: 10.10.20.20 Port: All |
|
IP 10.10.10.10 Port: 445 |
{tab Name Resolution Via DNS}
Allow Name Resolution Via DNS
Solve Host Names Via DNS
Using the Domain Name System (DNS), you get the IP address of a computer addressed through the computer name. This is a short data exchange over UDP.
| The island’s network | TCP | Surrounding networks |
| IP: 10.10.20.20 Port: All |
|
IP 10.10.10.10 Port: 53 |
{tab Time via network (NTP)}
Get Current Time Via Network (NTP)
Time Updates With (S) NTP Via UDP
Time servers provide the current time via Network Network Protocol (SNTP) or Net Time Protocol (NTP).
| The island’s network | TCP | Surrounding networks |
| IP: 10.10.20.20 Port: All |
 |
IP 10.10.10.10 Port: 123 |
{tab Access To A Web Interface}
Access To A Web Interface In The Island Network
Allow Unencrypted HTTP
To access unencrypted web pages, TCP port 80 should normally be opened.
| The island’s network | TCP | Surrounding networks |
| IP: 10.10.20.20 Port: 80 |
|
IP 10.10.10.10 Port: All |
(Options): Allow Encrypted HTTPS
To access encrypted web pages, TCP port 443 should usually be opened.
| The island’s network | TCP | Surrounding networks |
| IP: 10.10.20.20 Port: 443 |
|
IP 10.10.10.10 Port: All |
{tab Sending E-mail}
Email Sending From Island Network
The Following Rules Assume That The Mail Servers’ IP Addresses Are Known.
Send e-mails via SMTP (with / without StartTLS) Unencrypted and StartTLS protected e-mail transmission via SMTP.
| The island’s network | TCP | Surrounding networks |
| IP: 10.10.20.20 Port: All |
|
IP 10.10.10.10 Port: 587 |
(Options): Send Emails Via SMTPS
Encrypted email transmission via SMTPS.
| The island’s network | TCP | Surrounding networks |
| IP: 10.10.20.20 Port: All |
|
IP 10.10.10.10 Port: 465 |
{tab Access to email}
Access Email From The Island Via IMAP
Access to email accounts via IMAP (with / without StartTLS)
Access email accounts from the island – unencrypted or protected by StartTLS.
| The island’s network | TCP | Surrounding networks |
| IP: 10.10.20.20 Port: All |
|
IP 10.10.10.10 Port: 142 |
(Options): Access To Emails Via IMAPS (With / Without StartTLS)
Access the email accounts from the island, TLS protected.
| The island’s network | TCP | Surrounding networks |
| IP: 10.10.20.20 Port: All |
|
IP 10.10.10.10 Port: 992 |
{tab Send An SNMP Trap}
Send An SNMP Trap From The Island
Unencrypted SNMP Trap from the island
| The island’s network | TCP | Surrounding networks |
| IP: 10.10.20.20 Tillad returretning : nej |
|
IP 10.10.10.10 Port: 162 |
{tab SNMP Reconciliation}
SNMP Outside
Tuning Allow Unencrypted SNMP Reconciliation By A Leader Outside The Island
An SNMP leader can access the island to retrieve values in the polling procedure.
| The island’s network | TCP |
Surrounding networks |
| IP: 10.10.20.20 Tillad returretning : ja SNMP: ja |
|
IP 10.10.10.10 Port: 161 |
{tab Access via Secure Shell}
Access An Island Unit Via Secure Shell
SSH connection to the island
With an encrypted terminal session you can control a computer on the island.
| The island’s network | TCP | Surrounding networks |
| IP: 10.10.20.20 Port: 22 |
|
IP 10.10.10.10 Port: All |
{tab IoT Communication}
IoT Communication Via MQTT Mediates
MQTT Connection To The Island
MQTT is a standard protocol for the Internet of Things. Messages can also be exchanged across the islands via an MQTT broker.
| The island’s network | TCP | Surrounding networks |
| IP: 10.10.20.20 Port: All |
|
IP 10.10.10.10 Port: 1883 |
{tab Query MySQL}
Query MySQL Database On The Island
Connect To Database Server On The Island
If a database server on the island is to be queried, TCP port 3306 must be released.
| The island’s network | TCP | Surrounding networks |
| IP: 10.10.20.20 Port: 3306 |
|
IP 10.10.10.10 Port: All |
{tab Box 2 Box Mode}
W & T – Allow Box 2 Box Mode (Web-IO Digital 4.0)
Connection With Box-2 Box Slave On The Island
To establish a Box 2 Box connection to an island unit, you must use one of the two Box 2 Box Slave ports.
| The island’s network | TCP | Surrounding networks | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| IP: 10.10.20.20 Port: 49157, 49158 |
These standard firewall rules help you implement typical applications of Microwall . For your convenience, we assume the following configuration: The sprinkled network segment receives the network address 10.10.20.0 /24 assigned, the surrounding network receives the network address 10.10.10.0 /24. TABS Displays Different Protocol Settings:{tab File Server Access (TCP/IP)} File Access From The Island Computer To A File Server (NetBIOS)
|
| The island’s network | TCP | Surrounding networks |
| IP: 10.10.20.20 Port: All |
|
IP 10.10.10.10 Port: 445 |
{tab File Server Access (Netbios)}
File Access From The Island Computer To A File Server (NetBIOS)
Should older control computer – for example, based on Windows XP – access Windows networks you need in addition to TCP port 445 also allow a session-based NetBIOS transport protocol on port 139 / TCP.
Please note that these old operating system versions are uncertain!
Rule 1: Solution of NetBIOS Session Service Allow data transfer via the connection-oriented session service.
| The island’s network | TCP | Surrounding networks |
| IP: 10.10.20.20 Port: All |
|
IP 10.10.10.10 Port: 139 |
Rule 2: File Access Sharing
Create TCP connection to port 445 on the file server.
| The island’s network | TCP | Surrounding networks |
| IP: 10.10.20.20 Port: All |
|
IP 10.10.10.10 Port: 445 |
{tab Name Resolution Via DNS}
Allow Name Resolution Via DNS
Solve Host Names Via DNS
Using the Domain Name System (DNS), you get the IP address of a computer addressed through the computer name. This is a short data exchange over UDP.
| The island’s network | TCP | Surrounding networks |
| IP: 10.10.20.20 Port: All |
|
IP 10.10.10.10 Port: 53 |
{tab Time via network (NTP)}
Get Current Time Via Network (NTP)
Time Updates With (S) NTP Via UDP
Time servers provide the current time via Network Network Protocol (SNTP) or Net Time Protocol (NTP).
| The island’s network | TCP | Surrounding networks |
| IP: 10.10.20.20 Port: All |
|
IP 10.10.10.10 Port: 123 |
{tab Access To A Web Interface}
Access To A Web Interface In The Island Network
Allow Unencrypted HTTP
To access unencrypted web pages, TCP port 80 should normally be opened.
| The island’s network | TCP | Surrounding networks |
| IP: 10.10.20.20 Port: 80 |
|
IP 10.10.10.10 Port: All |
(Options): Allow Encrypted HTTPS
To access encrypted web pages, TCP port 443 should usually be opened.
| The island’s network | TCP | Surrounding networks |
| IP: 10.10.20.20 Port: 443 |
|
IP 10.10.10.10 Port: All |
{tab Sending E-mail}
Email Sending From Island Network
The Following Rules Assume That The Mail Servers’ IP Addresses Are Known.
Send e-mails via SMTP (with / without StartTLS) Unencrypted and StartTLS protected e-mail transmission via SMTP.
| The island’s network | TCP | Surrounding networks |
| IP: 10.10.20.20 Port: All |
|
IP 10.10.10.10 Port: 587 |
(Options): Send Emails Via SMTPS
Encrypted email transmission via SMTPS.
| The island’s network | TCP | Surrounding networks |
| IP: 10.10.20.20 Port: All |
|
IP 10.10.10.10 Port: 465 |
{tab Access to email}
Access Email From The Island Via IMAP
Access to email accounts via IMAP (with / without StartTLS)
Access email accounts from the island – unencrypted or protected by StartTLS.
| The island’s network | TCP | Surrounding networks |
| IP: 10.10.20.20 Port: All |
|
IP 10.10.10.10 Port: 142 |
(Options): Access To Emails Via IMAPS (With / Without StartTLS)
Access the email accounts from the island, TLS protected.
| The island’s network | TCP | Surrounding networks |
| IP: 10.10.20.20 Port: All |
|
IP 10.10.10.10 Port: 992 |
{tab Send An SNMP Trap}
Send An SNMP Trap From The Island
Unencrypted SNMP Trap from the island
| The island’s network | TCP | Surrounding networks |
| IP: 10.10.20.20 Tillad returretning : nej |
|
IP 10.10.10.10 Port: 162 |
{tab SNMP Reconciliation}
SNMP Outside
Tuning Allow Unencrypted SNMP Reconciliation By A Leader Outside The Island
An SNMP leader can access the island to retrieve values in the polling procedure.
| The island’s network | TCP |
Surrounding networks |
| IP: 10.10.20.20 Tillad returretning : ja SNMP: ja |
|
IP 10.10.10.10 Port: 161 |
{tab Access via Secure Shell}
Access An Island Unit Via Secure Shell
SSH connection to the island
With an encrypted terminal session you can control a computer on the island.
| The island’s network | TCP | Surrounding networks |
| IP: 10.10.20.20 Port: 22 |
|
IP 10.10.10.10 Port: All |
{tab IoT Communication}
IoT Communication Via MQTT Mediates
MQTT Connection To The Island
MQTT is a standard protocol for the Internet of Things. Messages can also be exchanged across the islands via an MQTT broker.
| The island’s network | TCP | Surrounding networks |
| IP: 10.10.20.20 Port: All |
|
IP 10.10.10.10 Port: 1883 |
{tab Query MySQL}
Query MySQL Database On The Island
Connect To Database Server On The Island
If a database server on the island is to be queried, TCP port 3306 must be released.
| The island’s network | TCP | Surrounding networks |
| IP: 10.10.20.20 Port: 3306 |
|
IP 10.10.10.10 Port: All |
{tab Box 2 Box Mode}
W & T – Allow Box 2 Box Mode (Web-IO Digital 4.0)
Connection With Box-2 Box Slave On The Island
To establish a Box 2 Box connection to an island unit, you must use one of the two Box 2 Box Slave ports.
| The island’s network | TCP | Surrounding networks |
| IP: 10.10.20.20 Port: 49157, 49158 |
|
IP 10.10.10.10 Port: All |
{tab OPC access}
W & T – Allow OPC Access (Web-IO Digital 4.0)
Allow Access To The W&T OPC Server
To acquire island units on the W&T OPC server, release TCP port 49159.
| The island’s network | TCP | Surrounding networks |
| IP: 10.10.20.20 Port: 49159 |
|
IP 10.10.10.10 Port: All |
{tab ASCII-protocol}
Allow W&T ASCII Protocol (Web-IO Digital 4.0)
Allow Access Via The W&T ASCII Protocol
By exchanging simple command strings, inputs and counters can be read from the web IOS or output can be set.
| The island’s network | TCP | Surrounding networks |
| IP: 10.10.20.20 Port: 42280 |
|
IP 10.10.10.10 Port: All |
{tab Binær protocol}
W & T – Allow Binary Protocol
Allow Access To Binary Servers In The Island Segment
The W & T binary mode allows multiple TCP connections between devices.
| The island’s network | TCP | Surrounding networks |
| IP: 10.10.20.20 Port: 49153 – 49156 |
|
IP 10.10.10.10 Port: All |
{/tabs}
{loadmoduleid 259}
/applications/network/e-55www-19-grww-000.svg” alt=”” width=”50″ height=”50″ />
Port: All
{tab OPC access}
W & T – Allow OPC Access (Web-IO Digital 4.0)
Allow Access To The W&T OPC Server
To acquire island units on the W&T OPC server, release TCP port 49159.
| The island’s network | TCP | Surrounding networks |
| IP: 10.10.20.20 Port: 49159 |
|
IP 10.10.10.10 Port: All |
{tab ASCII-protocol}
Allow W&T ASCII Protocol (Web-IO Digital 4.0)
Allow Access Via The W&T ASCII Protocol
By exchanging simple command strings, inputs and counters can be read from the web IOS or output can be set.
| The island’s network | TCP | Surrounding networks |
| IP: 10.10.20.20 Port: 42280 |
|
IP 10.10.10.10 Port: All |
{tab Binær protocol}
W & T – Allow Binary Protocol
Allow Access To Binary Servers In The Island Segment
The W & T binary mode allows multiple TCP connections between devices.
| The island’s network | TCP | Surrounding networks |
| IP: 10.10.20.20 Port: 49153 – 49156 |
|
IP 10.10.10.10 Port: All |
{/tabs}
{loadmoduleid 259}