![background image](http://html.mh-extra.com/html/ge/embedded-field-agent/embedded-field-agent_user-manual_122959076.webp)
GFK-2993F 76
For public disclosure
6.1.5 How to Open Ports on a Field Agent
Some applications and Machine Adapters may require opening one or more of the user or registered TCP or UDP ports
(starting at port number 1024). If a Machine Adapter requires connecting to a server on another device, a port does not
need to be opened in this Field Agent’s firewall since outgoing client requests are permitted by default. For example, the
OPC UA Machine Adapter acts as a client that connects to an external OPC UA server, so the default firewall does not
need to be modified in this case. However, if an application or Machine Adapter requires listening on a port for incoming
network traffic, the firewall needs to be modified to permit incoming traffic on this port. For example, the EGD Machine
Adapter requires UDP port 18246 to be opened in the Field Agent’s firewall.
Currently, the MFA and VFA support opening additional ports through the firewall on Local Area Network (LAN)
interfaces. The EFA also supports opening additional ports, but since there is no dedicated LAN interface on the EFA, the
ports are opened on the WAN interface. Opening ports on the EFA WAN is intended for use cases involving an EFA
connected to a LAN from which data is being collected. Whenever EFA WAN ports are opened, it is the responsibility of
the customer to set up and configure proper routers and firewalls between the LAN and the Internet to limit outgoing
traffic to only what is required for the EFA to communicate with the EdgeManager and the Time Series database.
See
GFK-3019 Field Agent Machine Adapters User Guide
for the list of required ports to be opened for each supported
Machine Adapter. See
GFK-3009 Field Agents Secure Deployment Guide
for the cybersecurity considerations of opening
non-default ports on the Field Agent’s firewall.
In order to open ports, there is a configuration file to edit, deploy and activate.
6.1.5.1
The Ports Configuration File
The ports configuration file (com.ge.ac.fieldagent.network.ports.cfg) is available as part of the Configuration template
associated with a Field Agent. For a link to this template, see
Configuration Management
. In this configuration file there is a
line for TCP ports and a line for UDP ports. The following example shows opening up TCP ports 8080 and 8081 and UDP ports
7937 and 18246.
com.ge.ac.fieldagent.network.ports.open.lan.tcp="8080,8081"
com.ge.ac.fieldagent.network.ports.open.lan.udp="7937,18246"
Once the com.ge.ac.fieldagent.network.ports.cfg file is edited as required for this job, it must be deployed. For instructions on
deploying a configuration, see
Configuration Management
.
6.1.5.2
Activating the Ports Configuration
Once the ports configuration file has been deployed, it must be activated. Currently there are several possible ways in which this
file can be activated. In a future release the Configuration Templates will be upgraded so that deploying the template will make
sure that the ports configuration file is activated. However, with current releases, one of the following must be done:
1.
Press Save on the Network Configuration page in the Web Console (even if no changes are made) OR
2.
Reboot the Field Agent OR
3.
On an MFA or EFA, enable or disable Configuration Mode.
Содержание Embedded Field Agent
Страница 1: ...GFK 2993F Field Agents User Guide July 2017 For public disclosure ...
Страница 31: ...GFK 2993F 31 For public disclosure Notes ...
Страница 50: ...GFK 2993F 50 For public disclosure 2 Verify that the Field Agent Updater page displays ...
Страница 60: ...GFK 2993F 60 For public disclosure 5 10 1 4 1 Using Certificate Enrollment ...
Страница 62: ...GFK 2993F 62 For public disclosure 5 10 1 4 2 Using OAuth Authentication Code Enrollment ...
Страница 65: ...GFK 2993F 65 For public disclosure Notes ...
Страница 67: ...GFK 2993F 67 For public disclosure ...
Страница 86: ...GFK 2993F 86 For public disclosure Notes ...
Страница 87: ...For public disclosure ...