About this task
As a best practice, enable the Windows Firewall as indicated in this section, but always follow the recommendation of the customer's local IT staff.
Procedure
- In Control Panel, click System and Security, then click Windows Firewall. The Windows Firewall window appears.
- In the Windows Firewall window, make sure the firewall is On. If not, turn on the Windows Firewall.
- Click Advanced Settings. The Windows Firewall with Advanced Security window appears.
-
In the left pane, click Inbound Rules. The Inbound Rules pane appears.
Figure 1. Windows Firewall - Inbound Rules
- In the Actions pane, select New Rule. The New Inbound Rule Wizard opens and the Rule Type window appears.
- Select Port and click Next. The Protocol and Ports window appears.
-
Select TCP, and in the Specific Local Ports field, enter the port numbers (25, 80, 88, 110,
135, 389, 443, 445, 465, 587, 995, 1025, 1433, 1443, 2103,
2105, 3389, 9910, 12000).
Table 1. Ports to Open for TCP Protocol Protocol
Port
SMTP
25
HTTP
80
Kerberos
88
POP3
110
Remote Procedure Call (RPC)
135
LDAP
389
HTTPS (TLS)
443
NT LAN Manager Version 2 (NTLMv2)
445
SMTP over TLS
465
SMTP
587
POP3 over TLS
995
Remote Procedure Call (RPC)
1025
Microsoft SQL Server Database
1433
BACnet Secure Connect 1443 Note: This is the default port. However, an Administrator user can configure BACnet/SC for an alternate port using Metasys UI or the Johnson Controls System Configuration Tool (JCT).RPC over TCP
2103
RPC over TCP
2105
Microsoft Terminal Server
3389
Microsoft Discovery Protocol
9910
(Unassigned)
12000
- Click Next. The Action window appears.
- Select Allow the connection. Click Next. The Profile window appears.
- Keep all profile check boxes selected (default). Click Next. The Name window appears.
-
Specify Metasys (TCP Protocol) as the
name. Optionally, you can add a description to identify this new rule. Click
Finish.
The Inbound Rules table refreshes to indicate the new rule called Metasys (TCP Protocol). Ports 25, 80, 88, 110, 135, 389, 443, 445, 465, 587, 995, 1025, 1433, 1443, 2103, 2105, 3389, 9910, 12000 are now open and ready for use.
-
Repeat Step 5 through Step 11 to add a new Metasys inbound
rule for the UDP protocol. When the Protocol and Ports window appears, select
UDP, and in the Specific Local Ports
field, enter the port numbers (25, 53, 67, 68, 69, 88, 123, 161, 162, 9910,
9911, 47808).
Table 2. Ports to Open for UDP Protocol Protocol
Port
SMTP
25
DNS
53
DHCP
67
DHCP
68
Trivial File Transfer Protocol (TFTP)
69
Kerberos
88
Network Time Protocol (NTP)
123
SNMP
161
SNMP Trap
162
Microsoft Discovery Protocol
9910
SYPE-Transport
9911
BACnet®
47808, Configured for each supervisory device, including OAS and the NAE85, in the Network Port Ethernet IP Datalink object
-
Complete the steps to add the new inbound rule. Name the new
rule Metasys (UDP Protocol).
When finished, the Windows Firewall with Advanced Security window appears and the Inbound Rules table refreshes to indicate the new rule called Metasys (UDP Protocol). Ports 25, 67, 68, 69, 53, 88, 123, 161, 162, 9910, 9911, and 47808 are now open and ready for use.
-
In the Windows Firewall with Advanced
Security window, verify that the two new Metasys inbound rules are
defined and enabled.
Figure 2. Metasys Inbound Rules Defined and Enabled
- Close the Windows Firewall with Advanced Security window.
- Close all windows.