Opening Ports and Configuring the Windows Firewall - Metasys - LIT-12012067 - Configuration software - SCT System Configuration Tool - 13.2

SCT Installation and Upgrade Instructions

Product
Building Automation Systems > Configuration and Programming Tools > SCT System Configuration Tool
Document type
Installation Guide
Document number
LIT-12012067
Version
13.2
Revision date
2019-10-14

About this task

This section provides an overview on how to open ports to make sure Metasys software and processes function properly. At Release 8.1 and later, you can create rules to block inbound and outbound traffic over Port 80 (http). For details on closing ports, refer to the Network and IT Guidance Technical Bulletin (LIT-12011279) .

Procedure

  1. In the Control Panel, click System and Security, then click Windows Firewall. The Windows Firewall window appears.
  2. In the Windows Firewall window, make sure the firewall is On. If not, turn on the Windows Firewall.
  3. Click Advanced Settings. The Windows Firewall with Advanced Security window appears.
  4. In the left pane, click Inbound Rules. The Inbound Rules pane appears.
    Figure 1. Windows Firewall - Inbound Rules

  5. In the Actions pane, select New Rule. The New Inbound Rule wizard opens and the Rule Type window appears.
  6. Select Port and click Next. The Protocol and Ports window appears.
  7. Select TCP, and in the Specific Local Ports field, enter the port numbers as shown in the following table. For detailed information on the purpose of each port, refer to the Protocols, Ports, and Connectivity for the Metasys System section of the Network and IT Guidance Technical Bulletin (LIT-12011279) .
    Table 1. Ports to Open for TCP Protocol

    Protocol

    Port

    Uses

    HTTP

    80

    TCP

    Kerberos

    88

    TCP

    Remote Procedure Call (RPC)

    135

    TCP

    LDAP

    389

    TCP

    Secure Sockets Layer (SSL)

    443

    TCP

    NT LAN Manager Version 2 (NTLMv2)

    445

    TCP

    Remote Procedure Call (RPC)

    1025

    TCP

    Microsoft SQL Server Database

    1433

    TCP

    Microsoft Discovery Protocol

    9910

    TCP

    HTTP for RabbitMQ

    15672

    TCP

    AMQP for RabbitMQ

    5672

    TCP

    EPMD for RabbitMQ

    25672

    TCP

    EPMD for Erlang Port Mapper Daemon, RabbitMQ

    4369

    TCP

    HTTP for Elasticsearch

    9200

    TCP

    HTTP for Kibana1

    5601

    TCP

  8. Click Next. The Action window appears.
  9. Select Allow the connection. Click Next. The Profile window appears.
  10. Keep all profile check boxes selected (default). Click Next. The Name window appears.
  11. Specify Metasys (TCP Protocol) as the name. Optionally, you can add a description to identify this new rule. Click Finish.
    The Inbound Rules table refreshes to indicate the new rule called Metasys (TCP Protocol). Ports 80, 88, 123, 135, 389, 443, 445, 1025, 1433, and 9910 are now open and ready for use.
  12. Repeat Step 5 through Step 11 to add a new Metasys inbound rule for the UDP protocol. When the Protocol and Ports window appears, select UDP, and in the Specific Local Ports field, enter the port numbers as shown in the following table. For detailed information on the purpose of each port, refer to the Protocols, Ports, and Connectivity for the Metasys System section of the Network and IT Guidance Technical Bulletin (LIT-12011279) .
    Table 2. Ports to Open for UDP Protocol

    Protocol

    Port

    Uses

    SMTP

    25

    UDP

    DNS

    53

    UDP

    DHCP

    67

    UDP

    DHCP

    68

    UDP

    Trivial File Transfer Protocol (TFTP)

    69

    UDP

    Kerberos

    88

    UDP

    Network Time Protocol (NTP)

    123

    UDP

    SNMP

    161

    UDP

    SNMP Trap

    162

    UDP

    Microsoft Discovery Protocol

    9910

    UDP

    SYPE-Transport

    9911

    UDP

    BACnet®

    47808 (changeable; match with value in Metasys SMP UI)

    UDP

  13. Complete Step 1 through Step 12 to add the new inbound rule. Name the new rule Metasys (UDP Protocol)

    When finished, the Windows Firewall with Advanced Security window appears and the Inbound Rules table refreshes to indicate the new rule called Metasys (UDP Protocol) . Ports 25, 67, 68, 69, 53, 88, 123, 161, 162, 9910, 9911, and 47808 are now open and ready for use.

  14. In the Windows Firewall with Advanced Security window, verify that the two new Metasys inbound rules are defined and enabled.
    Figure 2. Metasys Inbound Rules Defined and Enabled

  15. Close the Windows Firewall with Advanced Security window.
  16. Close all windows.
1 This service is no longer installed with or needed by Metasys software at Release 10.1