Allow HTTP - Metasys - LIT-1201519 - MS-NAE35xx-2 - MS-NAE45xx-2 - MS-NAE5510-2U - MS-NAE5510-3U - MS-NAE551S-2 - MS-NAE55xx-3 - MS-NCE25xx-0 - MS-NXE85SW-x - Supervisory Device - NAE35 Network Automation Engine - NAE45 Network Automation Engine - NAE55 Network Automation Engine - NAE85 Network Automation Engine - NCE25 Network Control Engine - 11.0

NAE Commissioning Guide

Product
Network Engines > Network Automation Engines > NAE85 Network Automation Engine
Network Engines > Network Automation Engines > NAE35 Network Automation Engine
Network Engines > Network Automation Engines > NAE45 Network Automation Engine
Network Engines > Network Automation Engines > NAE55 Network Automation Engine
Document type
Commissioning Guide
Document number
LIT-1201519
Version
11.0
Revision date
2022-02-09
A network engine at Metasys system Release 8.1 or later has an attribute called Allow Http located under the Network tab of the engine in the SMP UI. This attribute controls if the Windows Firewall in the network engine blocks incoming network traffic over the HTTP port (port 80). By default, the Allow Http attribute is set to True for all network engines upgraded to Release 8.1 or later. Changing this attribute to False blocks all incoming network traffic over port 80 at the network engine. Doing so does not interfere with NAE Update Tool operations or SCT Pro.
Note: SCT Pro is the preferred tool for flashing engines to Release 10.1 or later.
Figure 1. Allow Http attribute for network engine

The Allow Http attribute is set on each network engine independently. A schedule or other control action can modify the value of this attribute. You can configure a tailored summary to view the value of the Allow Http attribute on all network engines at the site. You can also use the mass editing capability in SCT to modify the Allow Http attribute across multiple devices.

To provide the highest level of security, set Allow Http to False for every network engine upgraded to Release 8.1 or later. However, if the network engine is a Site Director and if you have not upgraded the child engines reporting to it to Release 8.1 or later, set Allow Http to True. For reference, the following table lists which Metasys tools, utilities, and features depend on Port 80. If the network engine uses one or more of these items that require Port 80, set Allow Http to True.

Table 1. Port 80 requirements for tools, utilities, and features

Item

Does it require Port 80

Notes

Advanced Graphics Application (AGA)

Yes

Uses an older version of Metasys data access services that requires http.

Advanced Reporting and Energy Essentials

Yes

Uses http for communication with engines.

CCT

Yes

Uses an older version of Metasys data access services that requires http. However, CCT only requires Port 80 for upload and download operations.

Graphic Generation Tool (GGT)

Yes

Uses an older version of Metasys data access services that requires http.

Launcher 2.0

No

Uses https for communication with engines upgraded to Release 8.1 or later, but must be set for http to communicate with engines prior to Release 8.1.

Metasys Export Utility

Yes

Uses an older version of Metasys data access services that requires http.

Metasys for Validated Environments (MVE)

No

Uses https for communication with engines upgraded to Release 8.1 or later.

Metasys UI

No

Uses https for communication with engines upgraded to Release 8.1 or later.

NAE Configuration and Information Tool (NCT)

Yes

Requires port 80 for sending a file to an engine from the commissioning laptop.

NAE Update Tool

Yes

Allow Http is set to Requires port 80 to successfully perform a code download to the engine using the HTTP update method. If False, the NAE Update Tool temporarily opens port 80 for its operations, then closes the port after the download completes.

P2000

Yes

Requires port 80 (inbound) to be open on the Windows Firewall of the Metasys server.

Ready Access Portal

Yes

Uses https between the Ready Access Portal server and the client, but http between the Ready Access Portal server and the engines.

Note: Ready Access Portal is no longer supported at Release 9.0 or later.

SMP

No

Uses https for communication with engines upgraded to Release 8.1 or later.

SCT/SCT Pro

No

Uses https for communication with field controllers and engines upgraded to Release 8.1 or later.