Cloud Gateway OPC-UA to remote PLC

Hi Everyone, I am trying to get a test setup working as shown in the diagram, with an Ignition Gateway (v8.0.5) on an AWS server communicating via the Ignition OPC-UA server with a PLC connected to the internet via a cable modem and router.

I have port forwarding setup up on the router to forward port 102 to the PLC IP address, (Port 102 is the default port for Siemens S7 OPC communication)

The firewall on the router is turned off. Also Windows Firewall on the AWS server is turned off.

The device connection in Ignition is set as follows, with the public IP of the router and all advanced settings left with the default values. This configuration works in the office with the same PLC if the Ignition Gateway is on the same LAN as the PLC.

The result is the device connection does not come up as “connected”, it alternates between “connecting” and “disconnected”. If I check the status->details page for that device connection there are no error messages shown and the log is empty.

Any help would be appreciated! This is my first time trying out a setup like this, as until now we have always had a remote Ignition Gateway at the site of the PLC’s using remote tag provider to get tag values to the cloud gateway.

1 Like

Did you set the address of your Router as Gateway address in the plc?

1 Like

I hope it isn’t really set up this way. You are begging for your PLC to be hacked. Use a VPN.

I’m current using WireGuard VPN for access to remote PLCs with wire guard it does all the routing automatically by using allowed IPs:

Engineering PC(VPN IP - Allowed IP<------------------->Server Ignition Gateway(VPN IP - Allowed IP<-------------->Router with OpenWRT/Linux/RPI/Windows etc (VPN IP Note: Make sure IP forwarding is enabled on the device. <------------------>S7-1200 IP

Now with the S7-1200 It is very important to set the router/gateway IP in Tia Portal to the IP address of the router gateway or that devices gateway so the S7-1200 knows where to route traffic and doesn’t drop it. Also remember the S7-1200 have built in MQTT Client via Function Block

Hey thanks Matthew, the “Use Router” checkbox in Portal was the answer. In response to pTurmel, this is not a commercial application, it’s just for dev purposes, no sensitive data or info in the PLC.