Configuring the Windows firewall - Metasys - LIT-12013222 - M4-OASHIST-0 - M4-OASMIN-0 - M4-OASMIN-6 - M4-OASMIN-SC3 - M4-OASMIN-SCS - M4-OASPPA-0 - M4-OASSCHRPT-0 - M4-OASSTD-0 - M4-OASSTD-6 - M4-OASSTD-SC3 - M4-OASSTD-SCS - Server - Open Application Server - 12.0

Open Application Server (OAS) Installation Guide

Product
Building Automation Systems > Application Servers > Open Application Server
Document type
Installation Guide
Document number
LIT-12013222
Version
12.0
Revision date
2022-05-20
Product status
Active

About this task

As a best practice, enable the Windows Firewall as indicated in this section, but always follow the recommendation of the customer's local IT staff.

Procedure

  1. In Control Panel, click System and Security, then click Windows Firewall. The Windows Firewall window appears.
  2. In the Windows Firewall window, make sure the firewall is On. If not, turn on the Windows Firewall.
  3. Click Advanced Settings. The Windows Firewall with Advanced Security window appears.
  4. In the left pane, click Inbound Rules. The Inbound Rules pane appears.
    Figure 1. Windows Firewall - Inbound Rules

  5. In the Actions pane, select New Rule. The New Inbound Rule Wizard opens and the Rule Type window appears.
  6. Select Port and click Next. The Protocol and Ports window appears.
  7. Select TCP, and in the Specific Local Ports field, enter the port numbers (25, 80, 88, 110, 135, 389, 443, 445, 465, 587, 995, 1025, 1433, 1443, 2103, 2105, 3389, 9910, 12000).
    Table 1. Ports to Open for TCP Protocol

    Protocol

    Port

    SMTP

    25

    HTTP

    80

    Kerberos

    88

    POP3

    110

    Remote Procedure Call (RPC)

    135

    LDAP

    389

    HTTPS (TLS)

    443

    NT LAN Manager Version 2 (NTLMv2)

    445

    SMTP over TLS

    465

    SMTP

    587

    POP3 over TLS

    995

    Remote Procedure Call (RPC)

    1025

    Microsoft SQL Server Database

    1433

    BACnet Secure Connect 1443
    Note: This is the default port. However, an Administrator user can configure BACnet/SC for an alternate port using Metasys UI or the Johnson Controls System Configuration Tool (JCT).

    RPC over TCP

    2103

    RPC over TCP

    2105

    Microsoft Terminal Server

    3389

    Microsoft Discovery Protocol

    9910

    (Unassigned)

    12000

  8. Click Next. The Action window appears.
  9. Select Allow the connection. Click Next. The Profile window appears.
  10. Keep all profile check boxes selected (default). Click Next. The Name window appears.
  11. Specify Metasys (TCP Protocol) as the name. Optionally, you can add a description to identify this new rule. Click Finish.
    The Inbound Rules table refreshes to indicate the new rule called Metasys (TCP Protocol). Ports 25, 80, 88, 110, 135, 389, 443, 445, 465, 587, 995, 1025, 1433, 1443, 2103, 2105, 3389, 9910, 12000 are now open and ready for use.
  12. Repeat Step 5 through Step 11 to add a new Metasys inbound rule for the UDP protocol. When the Protocol and Ports window appears, select UDP, and in the Specific Local Ports field, enter the port numbers (25, 53, 67, 68, 69, 88, 123, 161, 162, 9910, 9911, 47808).
    Table 2. Ports to Open for UDP Protocol

    Protocol

    Port

    SMTP

    25

    DNS

    53

    DHCP

    67

    DHCP

    68

    Trivial File Transfer Protocol (TFTP)

    69

    Kerberos

    88

    Network Time Protocol (NTP)

    123

    SNMP

    161

    SNMP Trap

    162

    Microsoft Discovery Protocol

    9910

    SYPE-Transport

    9911

    BACnet®

    47808, Configured for each supervisory device, including OAS and the NAE85, in the Network Port Ethernet IP Datalink object

  13. Complete the steps to add the new inbound rule. Name the new rule Metasys (UDP Protocol).

    When finished, the Windows Firewall with Advanced Security window appears and the Inbound Rules table refreshes to indicate the new rule called Metasys (UDP Protocol). Ports 25, 67, 68, 69, 53, 88, 123, 161, 162, 9910, 9911, and 47808 are now open and ready for use.

  14. In the Windows Firewall with Advanced Security window, verify that the two new Metasys inbound rules are defined and enabled.
    Figure 2. Metasys Inbound Rules Defined and Enabled

  15. Close the Windows Firewall with Advanced Security window.
  16. Close all windows.