Using a Proxy Server or Proxy Firewall for Original WebX Communications
As part of your system's security measures, we recommend that you use a proxy server or proxy firewall for communications between the Web server and Original WebX clients.
A proxy server can facilitate:
- Running a Geo SCADA Expert server on a host that is not directly addressable from the Internet
- Indirect addressing of HTTP and HTTPS services, so providing anonymity by avoiding advertising the Geo SCADA Expert host system. (Instead, only details about the proxy are revealed, with the information itself providing no indication that a proxy is being used.)
The firewall that is used as a proxy firewall can differ from other firewalls that are used on your system. For example, you might use a proxy firewall for the externally addressed route between the Web server and Original WebX clients, and a separate firewall to otherwise limit access from your corporate intranet/internet/extranet.
If your system uses a proxy server or proxy firewall between the Web server and Original WebX clients, you can configure the proxy application to map the Web server's ports to proxy ports. You then use the Server Configuration Tool to mirror this proxy configuration by indicating the mapping that you have configured in that application (the actual mapping does not occur in Geo SCADA Expert).
Although you only mirror one set of port mapping details in the Server Configuration Tool, this does not restrict your system to connecting to that proxy directly. The actual network configuration and mapping is set up outside of Geo SCADA Expert. In the Geo SCADA Expert Server Configuration Tool, you merely specify the proxy port mappings of the proxy server that you want Geo SCADA Expert to advertise in place of the Geo SCADA Expert host system.The settings have to match the actual proxy settings that are configured in the proxy application in which the actual mapping occurs.
Mirroring the proxy server configuration does not prevent Original WebX clients from attempting to connect directly to the Web server's HTTP and HTTPS ports. As such, you should consider whether other network measures need undertaking to deny direct access to those ports.
The configuration of the proxy server can facilitate hiding the identity of the Geo SCADA Expert host system.
Mirroring the proxy configuration in Geo SCADA Expert affects web-related transmissions:
- Alarms that are redirected via e-mail include alarm links that address the proxy server
- WSDL files produced by Geo SCADA Expert include the proxy host's address and HTTP/HTTPS port settings.
(Web Services Description Language (WSDL) files provide a machine-readable description of a service that indicates, amongst other information, how other devices can contact the host device.)
You can use the WebX section of the Server Configuration Tool in Geo SCADA Expert to: