If you are configuring a firewall that will be used on a client - system connection, you should check that the firewall:
- Allows the server to receive transmissions from the client via the client - system connection. If the default settings are in place, this means that the firewall has to allow the server to receive data via port 5481. (If you Change the Port for the Server’s Incoming Data, remember to configure the firewall to allow the server to receive data via the new port number.)
- Allows the client to receive data via the server advise connection. The firewall has to be configured to allow incoming data via the ports defined in the client’s Sockets setting (see Change the Range of Ports for the Client’s Incoming Data). By default, this range is port 5500 to 5509.
The use of firewalls is the reason why ClearSCADA uses a default port range of 5500 to 5509. This range is rarely used by other applications and it also makes it easy for you to set up a firewall—if you configure the firewall to allow the ports 5500 to 5509 as well as the port for the server’s incoming data (5481 by default), the connections should be able to establish.
However, if you change the client’s socket range, you also need to reconfigure the firewall to allow the ports in the reconfigured range. If you do not reconfigure the firewall, the connection will be unable to establish.
If the defined range of ports are being used by another application and a firewall is not being used, there will be no problem with the connections—ClearSCADA will choose two available ports (one for the client - system connection and one for the incoming connection from the server advise). It is only when a firewall is used in this situation that a problem can arise.
In the unlikely event that a firewall is in place and another application is using the ports defined in the client’s sockets range, ClearSCADA will automatically use other available ports. This can cause problems as the firewall will may not be configured to allow connections via the ports being used by the client. To resolve this issue, we recommend that you Check which Ports are Available on the Client and then Change the Range of Ports for the Client’s Incoming Data.
For more details on configuring a firewall, please refer to the documentation supplied with your firewall product.