About this task
This section provides an overview on how to open ports to make sure Metasys software and processes function properly. At Release 8.1 and later, you can create rules to block inbound and outbound traffic over Port 80 (http). For details on closing ports, refer to the Network and IT Guidance Technical Bulletin (LIT-12011279) .
Procedure
- In the Control Panel, click System and Security, then click Windows Firewall. The Windows Firewall window appears.
- In the Windows Firewall window, make sure the firewall is On. If not, turn on the Windows Firewall.
- Click Advanced Settings. The Windows Firewall with Advanced Security window appears.
-
In the left pane, click Inbound Rules. The Inbound Rules pane appears.
Figure 1. Windows Firewall - Inbound Rules
- In the Actions pane, select New Rule. The New Inbound Rule wizard opens and the Rule Type window appears.
- Select Port and click Next. The Protocol and Ports window appears.
-
Select TCP, and in
the Specific Local Ports field, enter
the port numbers as shown in the following table. For detailed information on
the purpose of each port, refer to the Protocols, Ports,
and Connectivity for the Metasys System section of the
Network and IT Guidance Technical Bulletin (LIT-12011279)
.
Table 1. Ports to Open for TCP Protocol Protocol
Port
Uses
HTTP
80
TCP
Kerberos
88
TCP
Remote Procedure Call (RPC)
135
TCP
LDAP
389
TCP
Secure Sockets Layer (SSL)
443
TCP
NT LAN Manager Version 2 (NTLMv2)
445
TCP
Remote Procedure Call (RPC)
1025
TCP
Microsoft SQL Server Database
1433
TCP
Microsoft Discovery Protocol
9910
TCP
HTTP for RabbitMQ 15672
TCP
AMQP for RabbitMQ 5672
TCP
EPMD for RabbitMQ 25672
TCP
EPMD for Erlang Port Mapper Daemon, RabbitMQ 4369
TCP
HTTP for Elasticsearch 9200
TCP
HTTP for Kibana1 5601
TCP
- Click Next. The Action window appears.
- Select Allow the connection. Click Next. The Profile window appears.
- Keep all profile check boxes selected (default). Click Next. The Name window appears.
-
Specify
Metasys (TCP Protocol)
as the name. Optionally, you
can add a description to identify this new rule. Click Finish.
The Inbound Rules table refreshes to indicate the new rule called Metasys (TCP Protocol). Ports 80, 88, 123, 135, 389, 443, 445, 1025, 1433, and 9910 are now open and ready for use.
-
Repeat Step 5 through Step 11 to add a new
Metasys
inbound rule for the UDP protocol.
When the Protocol and Ports window appears, select UDP, and in the Specific Local
Ports field, enter the port numbers as shown in the following
table. For detailed information on the purpose of each port, refer to the Protocols, Ports, and Connectivity for the Metasys System
section of the
Network and IT Guidance Technical Bulletin (LIT-12011279)
.
Table 2. Ports to Open for UDP Protocol Protocol
Port
Uses
SMTP
25
UDP
DNS
53
UDP
DHCP
67
UDP
DHCP
68
UDP
Trivial File Transfer Protocol (TFTP)
69
UDP
Kerberos
88
UDP
Network Time Protocol (NTP)
123
UDP
SNMP
161
UDP
SNMP Trap
162
UDP
Microsoft Discovery Protocol
9910
UDP
SYPE-Transport
9911
UDP
BACnet®
47808 (changeable; match with value in Metasys SMP UI)
UDP
-
Complete Step 1 through Step 12 to add the new inbound rule.
Name the new rule
Metasys (UDP
Protocol)
When finished, the Windows Firewall with Advanced Security window appears and the Inbound Rules table refreshes to indicate the new rule called Metasys (UDP Protocol) . Ports 25, 67, 68, 69, 53, 88, 123, 161, 162, 9910, 9911, and 47808 are now open and ready for use.
-
In the Windows Firewall with Advanced Security window, verify that the
two new
Metasys
inbound rules are defined and enabled.
Figure 2. Metasys Inbound Rules Defined and Enabled
- Close the Windows Firewall with Advanced Security window.
- Close all windows.