The DCOM communication general takes place through the ports from 1024 to 65535. To allow communication through a firewall, all these ports would have to be opened for communication. Such an approach is not appropriate for a safe environment. The BIS-System only needs three ports for the DCOM services. Therefore number of ports, that are used for DCOM communication, may be limited through the properties of “My Computer” in the component services settings (standard protocol).
Settings for DCOM communication:
1 Start DComCnfg via “Start” – “Run…” – enter „DComCnfg“ and confirm with OK
2 Select “Component Services” – “Computers” – “My Computer” address workplace
3 Context menu (right mouse button) provides the properties for “My Computer”
4 Select tab “Default Protocols“, click “TCP/IP“ and select “Properties”
5 Click „Add“ to add communication for a port area (e.g. 5000 - 5010 (TCP))
As a rule of thumb, you should configure 3 ports per OPC server installed at a remote server .
6 To apply the changes a restart of the system is required
Setting up the Windows Firewall (Windows XP, Windows 7, Windows Server 2008 R2):
Port settings (TCP):
For Windows XP:
Start the Windows Firewall via “Start” – “Settings” – “Control Panel” – “Windows-Firewall”
Select tab „exceptions“
For Windows 7, Windows Server 2008 R2:
Start the Windows Firewall via “Start” – “Control Panel” – “Windows-Firewall”
Select “Advanced settings”, do the following for Inbound Rules
Add new Rule
Rule Type: Port (TCP)
For all Operating Systems:
Allow access to file and printer (normally these port settings are already allowed with the defaullt settings of the Windows Firewalls)
Allow communication through the following BIS Ports:
25805, 25806, 25902, 25922, 25923 and 26202 (TCP)
Allow communication through DCOM ports (e.g. 5000-5010 (TCP) , see above)
Allow RPC (DCOM) communication (port 135 (TCP))
Port settings HTTP communication (TCP):
For Windows XP:
Select tab „Advanced“, select “Local Area Network” and select „Advanced Settings“ select LAN connection - Properties.
For Windows 7, Windows Server 2008 R2:
Select “Advanced settings”, do the following for Inbound Rules
Add new Rule
Rule Type: Port (TCP)
For all Operating Systems:
Allow HTTP communication (port 80 (TCP))
Program settings (BoschST.BIS.ConfigurationBrowser.exe):
For Windows XP:
Start the Windows Firewall via “Start” – “Settings” – “Control Panel” – “Windows-Firewall”
Select tab “Exceptions” and add the following program:
For Windows 7, Windows Server 2008 R2:
Start the Windows Firewall via “Start” – “Control Panel” – “Windows-Firewall”
Select “Advanced settings”, do the following for Inbound Rules
Add new Rule
Rule Type: Program
Allow the following program:
For all Operating Systems:
[Install-path]\MgtS\ConfigurationBrowser\BoschST.BIS.ConfigurationBrowser.exe
|
