📖 Home  Back  
To allow clients to connect to Geo SCADA through a firewall (regardless of type), you need to configure the firewall so that it allows connections to be made between clients and the server.

For information on the ports used by the other components of your Geo SCADA system, including Telnet clients, see here.  

This information depends on the versions of Geo SCADA and ClearSCADA which are communicating. This first section is for systems where both ends of communication are Geo SCADA 2020 and above.

Communications for Geo SCADA 2020 and Above

Server <-> Client and Server <-> Server Communications

For non-web client applications, a connection to a server is established like this:

• The client application makes a connection to the server by creating a connection to the server's incoming port (by default, this is port 5481). Any firewall between the client and the server must have a rule that allows this connection to be made.

• The server accepts the connection from the client on its incoming port (by default, 5481). The client application uses this connection to send requests to the server, and the server uses the connection to send back responses to the client.

You must create rules in your firewall(s) to allow incoming connections to the server and outgoing connections from the client(s) on TCP port 5481 (default port setting).

Web Service (WebX) Client Connections

Geo SCADA servers offer local web services on HTTP and HTTPS ports. By default only HTTP is enabled because the HTTPS port does not support TLS 1.2 and above. An IIS Reverse Proxy is set up by the installation process which accepts HTTPS using latest TLS versions and forwards to the Geo SCADA HTTP port. Please see the Geo SCADA Release Notes document and F1 Help for more help including port numbers.

Summary of Port Usage

The table below shows which ports are used by the server, client applications and web clients (by default). The information is categorized under these headings:

• Protocol - Indicates the protocol used by the port (TCP or UDP)
• Port(s) - Shows the port or ports that are used by the server or clients. The table shows the numbers for the default ports (you can configure your system to use different ports)
• Incoming Connection - Indicates the component that receives the connection request
• Outgoing Connection - Indicates the component that attempts to open the connection

Please stop reading here if you are using Geo SCADA 2020 or above.

Communications where Geo SCADA 2019 or ClearSCADA are Included

Non WebX Client Applications

For all non web client applications, a connection to a server is established like this:

• The client application makes a connection to the server by creating a connection to the server's incoming port (by default, this is port 5481). Any firewall between the client and the server must have a rule that allows this connection to be made.

• The server accepts the connection from the client on its incoming port (by default, 5481). The client application uses this connection to send requests to the server, and the server uses the connection to send back responses to the client.

• The server now creates a second connection back to the client. The second connection is called a server advise. The server uses the server advise connection to send unsolicited messages such as alarm updates to the client. There is one server advise for each client application that is connected to the server. (For information on which client applications have a server advise connection, see the Notes below).

Each client machine defines a range of ports for the server advise connections. The size of the range determines the number of client applications that can run at the same time on a particular client. By default, this range is port 5500 to 5509 which allows a maximum of ten client applications per machine. (The port range can be changed by altering the Sockets settings for the client (via the ClearSCADA Client applet, see ClearSCADA Help for more information).

You must create rules in your firewall(s) to allow incoming connections to the server and outgoing connections from the client(s) on TCP port 5481 (default port setting). You must also create rules that allow outgoing connections from the server to TCP ports 5500 to 5509 (default range) and allow incoming connections to the client(s) on TCP ports 5500 to 5509 (default range).

WebX Client Connections

Each ClearSCADA server contains four web servers (any that are not required can be disabled). Each web client can connect to any of the available web servers as required. The four web servers are:

• Secure XML (Port 443 by default)
• Non-Secure XML (Port 80 by default)
• Secure HTML (Port 444 by default)
• Non-Secure HTML (Port 81 by default)

So you must create rules in your firewall(s) that allow incoming connections to the server and outgoing connections from the web clients on the TCP ports that are being used. The TCP ports for the connections are defined in the Web settings in the Server Configuration Tool , see ClearSCADA Help for more information.

New WebX Client Connections (CS 2015 R1 and above)

ClearSCADA 2015 R1 introduces a new WebX interface, delivering enhanced functionality and increased efficiency for web-based operators using Microsoft's IIS. This new interface can be accessed from a HTML5 compliant browser and provides support for viewing of Trends, Alarm Lists, Event Lists, and Queries from a variety of phones, tablets or laptops. Mimics however still required ActiveX and are only supported in Internet Explorer. The default ports for New WebX interface are:

• Secure HTML (Port 453 by default)
• Non-Secure HTML (Port 85 by default)

These ports are configured in IIS not ClearSCADA. Refer to the ClearSCADA Help section "Installation-> Installing ClearSCADA-> Web and Mobile Setup" for more information.

For further information on New WebX client see the help section "ViewX and WebX clients-> WebX Client"

Summary of Port Usage

The table below shows which ports are used by the server, client applications and web clients (by default). The information is categorized under these headings:

• Protocol - Indicates the protocol used by the port (TCP or UDP)
• Port(s) - Shows the port or ports that are used by the server or clients. The table shows the numbers for the default ports (you can configure your system to use different ports)
• Incoming Connection - Indicates the component that receives the connection request
• Outgoing Connection - Indicates the component that attempts to open the connection

Scope

We use the term 'client' for any computer that is running any of the following ClearSCADA applications:

• ViewX (uses server advise connections)
• Server Status Tool
• Server Configuration Tool
• ODBC Client, for example, Crystal Reports, Excel
• ScxCmd - Command Line Tool
• OPC Alarm and Event Printer (uses server advise connections)
• OPC DA-HDA Bridge (uses server advise connections)
• External application using the automation interface.

WebX

The term 'web client' is used for any computer that is running one of these web clients to access ClearSCADA :

• Internet Explorer
• External application using SOAP interface

Other

Firewalls that support per program exceptions can be configured to unblock those ClearSCADA programs that require network access.

Windows XP SP2, Windows 2003 Server and Windows Vista automatically configure the firewall settings on your machine when you install ClearSCADA. The firewall settings are only automatically configured locally. Windows XP SP2 and Windows 2003 only support incoming blocks, whereas Windows Vista supports both incoming and outgoing blocks.

Go: Home Back