Allow HTTP - Metasys - LIT-12011279 - General System Information - Metasys System - 13.0

Network and IT Guidance Technical Bulletin

Brand
Metasys
Product name
Metasys System
Document type
Technical Bulletin
Document number
LIT-12011279
Version
13.0
Revision date
2023-09-29
Product status
Active
Language
English
A network engine at Metasys system Release 8.1 or later has an attribute called Allow Http located under the Network tab of the engine in the SMP UI. This attribute controls if the Windows Firewall in the network engine blocks incoming network traffic over the HTTP port (port 80). By default, the Allow Http attribute is set to True for all network engines upgraded to Release 8.1 or later. Changing this attribute to False blocks all incoming network traffic over port 80 at the network engine. Doing so does not interfere with NAE Update Tool operations or SCT Pro.
Note: SCT Pro is the preferred tool for flashing engines to Release 10.1 or later.
Figure 1. Allow Http attribute for network engine

The Allow Http attribute is set on each network engine independently. A schedule or other control action can modify the value of this attribute. You can configure a tailored summary to view the value of the Allow Http attribute on all network engines at the site. You can also use the mass editing capability in SCT to modify the Allow Http attribute across multiple devices.

To provide the highest level of security, set Allow Http to False for every network engine upgraded to Release 8.1 or later. However, if the network engine is a Site Director and if you have not upgraded the child engines reporting to it to Release 8.1 or later, set Allow Http to True. For reference, the following table lists which Metasys tools, utilities, and features depend on Port 80. If the network engine uses one or more of these items that require Port 80, set Allow Http to True.

Table 1. Port 80 requirements for tools, utilities, and features

Item

Does it require Port 80

Notes

Metasys Advanced Reporting System

Yes

Uses http for communication with engines.

CCT

Yes

Uses an older version of Metasys data access services that requires http. However, CCT only requires Port 80 for upload and download operations.

Launcher 2.0

No

Uses https for communication with engines upgraded to Release 8.1 or later, but must be set for http to communicate with engines prior to Release 8.1.

Metasys Export Utility

Yes

Uses an older version of Metasys data access services that requires http.

Metasys for Validated Environments (MVE)

No

Uses https for communication with engines upgraded to Release 8.1 or later.

Metasys UI

No

Uses https for communication with engines upgraded to Release 8.1 or later.

NAE Update Tool

Yes

Allow Http is set to Requires port 80 to successfully perform a code download to the engine using the HTTP update method. If False, the NAE Update Tool temporarily opens port 80 for its operations, then closes the port after the download completes.

P2000

Yes

Requires port 80 (inbound) to be open on the Windows Firewall of the Metasys server.

SMP

No

Uses https for communication with engines upgraded to Release 8.1 or later.

SCT/SCT Pro

No

Uses https for communication with equipment controllers and engines upgraded to Release 8.1 or later.