Help
  • Get started
  • Ask the Community
  • How-To & Best Practices
  • Contact Support
Login / Register
Brand Logo
Help
  • Get started
  • Ask the Community
  • How-To & Best Practices
  • Contact Support
close
  • Community Home
  • Forums
    • By Topic
    • By Topic
      EcoStruxure Building
      • Field Devices Forum
      • SmartConnector Forum
      EcoStruxure Power & Grid
      • Gateways and Energy Servers
      • Metering & Power Quality
      APC UPS, Critical Power, Cooling and Racks
      • APC UPS Data Center & Enterprise Solutions Forum
      • APC UPS for Home and Office Forum
      EcoStruxure IT
      • EcoStruxure IT forum
      • EcoStruxure IT™ Advisor CFD
      Remote Operations
      • EcoStruxure Geo SCADA Expert Forum
      • Remote Operations Forum
      Industrial Automation
      • Alliance System Integrators Forum
      • AVEVA Plant SCADA Forum
      • CPG Expert Forum DACH
      • EcoStruxure Automation Expert / IEC 61499 Forum
      • Fabrika ve Makina Otomasyonu Çözümleri
      • Harmony Control Customization Forum
      • Industrial Edge Computing Forum
      • Industry Automation and Control Forum
      • Korea Industrial Automation Forum
      • Machine Automation Forum
      • Modicon PAC Forum
      • PLC Club Indonesia
      Schneider Electric Wiser
      • Schneider Electric Wiser Forum
      Power Distribution IEC
      • Eldistribution & Fastighetsautomation
      • Elektrik Tasarım Dağıtım ve Uygulama Çözümleri
      • Paneelbouw & Energie Distributie
      • Power Distribution and Digital
      • Solutions for Motor Management
      • Specifiers Club ZA Forum
      • Електропроектанти България
      Power Distribution NEMA
      • Power Monitoring and Energy Automation NAM
      Power Distribution Software
      • EcoStruxure Power Design Forum
      • LayoutFAST User Group Forum
      Energy & Sustainability Services
      • Green Building Scoring and Certification Forum
      Light and Room Control
      • SpaceLogic C-Bus Forum
      Solutions for your Business
      • Solutions for your Business Forum
      Support
      • Ask the Community
  • Knowledge Center
    • Building Automation Knowledge Base
    • Remote Operations Devices Knowledge Base
    • Geo SCADA Knowledge Base
    • Industrial Automation How-to videos
    • Digital E-books
    • Success Stories Corner
  • Events & Webinars
    • All Events
    • Innovation Talks
    • Innovation Summit
    • Let's Exchange Series
    • Partner Success
    • Process Automation Talks
    • Technology Partners
  • Ideas
    • EcoStruxure Building
      • EcoStruxure Building Advisor Ideas
      Remote Operations
      • EcoStruxure Geo SCADA Expert Ideas
      • Remote Operations Devices Ideas
      Industrial Automation
      • Modicon Ideas & new features
  • Blogs
    • By Topic
    • By Topic
      EcoStruxure Power & Grid
      • Backstage Access Resources
      EcoStruxure IT
      • EcoStruxure IT™ Advisor CFD
      Remote Operations
      • Remote Operations Blog
      Industrial Automation
      • Industrie du Futur France
      • Industry 4.0 Blog
      Power Distribution NEMA
      • NEMA Power Foundations Blog
      Energy & Sustainability Services
      • Active Energy Management Blog
      Light and Room Control
      • KNX Blog
      Knowledge Center
      • Digital E-books
      • Geo SCADA Knowledge Base
      • Industrial Automation How-to videos
      • Remote Operations Devices Knowledge Base
      • Success Stories Corner
  • companyImpact

Firewall Configuration to Allow Client - Server Comms

Geo SCADA Knowledge Base

Access vast amounts of technical know-how and pro tips from our community of Geo SCADA experts.

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
  • Home
  • Communities
  • Knowledge Center
  • Geo SCADA Knowledge Base
  • Firewall Configuration to Allow Client - Server Comms
Invite a Co-worker
Send a co-worker an invite to the Exchange portal.Just enter their email address and we?ll connect them to register. After joining, they will belong to the same company.
You have entered an invalid email address. Please re-enter the email address.
This co-worker has already been invited to the Exchange portal. Please invite another co-worker.
Please enter email address
Send Invite Cancel
Invitation Sent
Your invitation was sent.Thanks for sharing Exchange with your co-worker.
Send New Invite Close
Top Labels
Top Labels
  • Alphabetical
  • database 32
  • Web Server and Client 31
  • Lists, Events & Alarms 21
  • WebX 19
  • Request Form 18
  • ViewX 15
  • Setup 12
  • Application Programming 12
  • Telemetry 7
  • Mimic Graphics 7
  • Downloads 6
  • Support 5
  • IoT 5
  • Drivers and Communications 4
  • security 4
  • SCADA 4
  • Geo SCADA Expert 4
  • DNP 3 3
  • IEC 61131-3 Logic 3
  • Events & Alarms 2
  • Trends and Historian 2
  • Virtual ViewX 2
  • Lists 2
  • Privacy Policy 1
  • OPC-UA 1
  • Architectures 1
  • Templates and Instances 1
  • ClearSCADA 1
  • Releases 1
  • Maps and GIS 1
  • Tools & Resources 1
  • Mobile 1
  • Geo Scada 1
  • Previous
  • 1 of 4
  • Next
Latest Blog Posts
  • Geo SCADA Expert 2022
  • Geo SCADA 2022 Operating System Support
  • Geo SCADA 2022 Upgrade Strategy
  • Geo SCADA 2022 Upgrade Notes
  • Geo SCADA 2022 Known Issues
Related Products
product field
Schneider Electric
EcoStruxure™ Geo SCADA Expert

Invite a Colleague

Found this content useful? Share it with a Colleague!

Invite a Colleague Invite
sbeadle1
Spock sbeadle1 Spock
Spock
‎2021-06-09 02:53 PM
0 Likes
0
586
  • Bookmark
  • Subscribe
  • Email to a Friend
  • Printer Friendly Page
  • Report Inappropriate Content
‎2021-06-09 02:53 PM

Firewall Configuration to Allow Client - Server Comms

Originally published on Geo SCADA Knowledge Base by sbeadle1 | June 09, 2021 11:53 PM

📖 Home  Back  
To allow clients to connect to ClearSCADA through a firewall (regardless of type), you need to configure the firewall so that it allows connections to be made between clients and the server.

For information on the ports used by the other components of your ClearSCADA system, including Telnet clients, see here.  

Non WebX Client Applications



For all non web client applications, a connection to a server is established like this:
  • The client application makes a connection to the server by creating a connection to the server's incoming port (by default, this is port 5481). Any firewall between the client and the server must have a rule that allows this connection to be made.


  • The server accepts the connection from the client on its incoming port (by default, 5481). The client application uses this connection to send requests to the server, and the server uses the connection to send back responses to the client.


  • The server now creates a second connection back to the client. The second connection is called a server advise. The server uses the server advise connection to send unsolicited messages such as alarm updates to the client. There is one server advise for each client application that is connected to the server. (For information on which client applications have a server advise connection, see the Notes below).


Each client machine defines a range of ports for the server advise connections. The size of the range determines the number of client applications that can run at the same time on a particular client. By default, this range is port 5500 to 5509 which allows a maximum of ten client applications per machine. (The port range can be changed by altering the Sockets settings for the client (via the ClearSCADA Client applet, see ClearSCADA Help for more information).

You must create rules in your firewall(s) to allow incoming connections to the server and outgoing connections from the client(s) on TCP port 5481 (default port setting). You must also create rules that allow outgoing connections from the server to TCP ports 5500 to 5509 (default range) and allow incoming connections to the client(s) on TCP ports 5500 to 5509 (default range).

WebX Client Connections



Each ClearSCADA server contains four web servers (any that are not required can be disabled). Each web client can connect to any of the available web servers as required. The four web servers are:
  • Secure XML (Port 443 by default)


  • Non-Secure XML (Port 80 by default)


  • Secure HTML (Port 444 by default)


  • Non-Secure HTML (Port 81 by default)


So you must create rules in your firewall(s) that allow incoming connections to the server and outgoing connections from the web clients on the TCP ports that are being used. The TCP ports for the connections are defined in the Web settings in the Server Configuration Tool , see ClearSCADA Help for more information.

New WebX Client Connections (CS 2015 R1 and above)



ClearSCADA 2015 R1 introduces a new WebX interface, delivering enhanced functionality and increased efficiency for web-based operators using Microsoft's IIS. This new interface can be accessed from a HTML5 compliant browser and provides support for viewing of Trends, Alarm Lists, Event Lists, and Queries from a variety of phones, tablets or laptops. Mimics however still required ActiveX and are only supported in Internet Explorer. The default ports for New WebX interface are:

  • Secure HTML (Port 453 by default)

  • Non-Secure HTML (Port 85 by default)


These ports are configured in IIS not ClearSCADA. Refer to the ClearSCADA Help section "Installation-> Installing ClearSCADA-> Web and Mobile Setup" for more information.

For further information on New WebX client see the help section "ViewX and WebX clients-> WebX Client"

Summary of Port Usage



The table below shows which ports are used by the server, client applications and web clients (by default). The information is categorized under these headings:
  • Protocol - Indicates the protocol used by the port (TCP or UDP)


  • Port(s) - Shows the port or ports that are used by the server or clients. The table shows the numbers for the default ports (you can configure your system to use different ports)


  • Incoming Connection - Indicates the component that receives the connection request


  • Outgoing Connection - Indicates the component that attempts to open the connection


  Protocol   Port(s)   Incoming Connection   Outgoing Connection   Description
  TCP   5481   Server   Clients   The port for client to server communications.This is the port on which the server will listen for inbound connections from clients. So the firewall must allow incoming connections on port 5481 (default setting) to the server.

You can configure a different port for client to server connections by using the Global Parameters\Advanced\Server setting in the Server Configuration Tool and the Port setting on the Advanced section of the ClearSCADA Client applet.

For more information on the Server Configuration Tool and the ClearSCADA Client applet, see the Server Administration Guide in the online help.
  TCP   1025-5000
49152-65535
  Server   Clients   This range of ports is used by ClearSCADA drivers to provide the remote browse functionality allowing, for example, ViewX clients to browse the server's Available OPC Server Name list.

The port range used will depend on the server's operating system, for example on Windows Server 2003 and earlier, the default range is between 1025 to 5000, but Vista and later the default range is between 49152 and 65535
  TCP   5500 - 5509   Clients   Server   The ports for server advise connections (back links from the server to clients). There is one server advise port for each client application. So for a machine running ViewX and an ODBC connection, two ports will be opened in this range.  The clients must allow incoming connections to the clients on these ports (5500-5509 by default).

You can configure the server advise connections by using the Sockets settings on the ClearSCADA Client applet.
  TCP   80   Server   Web Clients   The port used for the non-secure XML web server (http).

You can configure the port for the XML web server by using the System Configuration\Web\Non-Secure\XML setting in the Server Configuration Tool.
  TCP   81   Server   Web Clients   The port used for the non-secure HTML web server (http).

You can configure the port for the HTML web server by using the System Configuration\Web\Non-Secure\HTML setting in the Server Configuration Tool.
  TCP   443   Server   Web Clients   The port used for the secure XML web server (https).

You can configure the port for the secure XML web server by using the System Configuration\Web\Secure\XML setting in the Server Configuration Tool.
  TCP   444   Server   Web Clients   The port used for the secure HTML web server (https).

You can configure the port for the secure HTML web server by using the System Configuration\Web\Secure\HTML setting in the Server Configuration Tool.
  TCP   85   Web Server   Web Clients   This port is used for non secure HTML web server connections (http). 

You can access this setting from Internet Information Services (IIS)
  TCP   453   Web Server   Web Clients   This port is used for secure HTML web server connections (https).

You can access this setting from Internet Information Services (IIS)




Notes




ViewX



In this article, we use the term 'client' for any computer that is running any of the following ClearSCADA applications:
  • ViewX (uses server advise connections)


  • Server Status Tool


  • Server Configuration Tool


  • ODBC Client, for example, Crystal Reports, Excel


  • ScxCmd - Command Line Tool


  • OPC Alarm and Event Printer (uses server advise connections)


  • OPC DA-HDA Bridge (uses server advise connections)


  • External application using the automation interface.




WebX



The term 'web client' is used for any computer that is running one of these web clients to access ClearSCADA :
  • Internet Explorer


  • External application using SOAP interface




Other



Firewalls that support per program exceptions can be configured to unblock those ClearSCADA programs that require network access.


Windows XP SP2, Windows 2003 Server and Windows Vista automatically configure the firewall settings on your machine when you install ClearSCADA. The firewall settings are only automatically configured locally. Windows XP SP2 and Windows 2003 only support incoming blocks, whereas Windows Vista supports both incoming and outgoing blocks.


Go: Home Back

Author

Biography

sbeadle1

  • Back to Stream
  • Newer Article
  • Older Article
To The Top!

Forums

  • APC UPS Data Center Backup Solutions
  • EcoStruxure IT
  • EcoStruxure Geo SCADA Expert
  • Metering & Power Quality
  • Schneider Electric Wiser

Knowledge Center

Events & webinars

Ideas

Blogs

Get Started

  • Ask the Community
  • Community Guidelines
  • Community User Guide
  • How-To & Best Practice
  • Experts Leaderboard
  • Contact Support
Brand-Logo
Subscribing is a smart move!
You can subscribe to this forum after you log in or create your free account.
Forum-Icon

Create your free account or log in to subscribe to the forum - and gain access to more than 10,000+ support articles along with insights from experts and peers.

Register today for FREE

Register Now

Already have an account? Login

Terms & Conditions Privacy Notice Change your Cookie Settings © 2023 Schneider Electric, Inc