Which server do you mean to open firewall ports? The Ignition server or the OPC Expert server? I am having a similar issue and tried the Bind address. I was told that all firewall rules have been opened for this but maybe we have the wrong ones opened up?
If you're trying to connect UaExpert as a client to Ignition as the server, from another machine, then typically you would need to open the ports on the machine running the Ignition Gateway.
Port 62541 by default.
You also need to restart Ignition after changing the Bind Address setting to 0.0.0.0.
1 Like
Yea I was under the assumption that the security group and our OPC SME had configured the firewall rules to allow traffic, but im getting the error "No route to host" which is very odd to me. I restarted the gateway and everything. Going to test a few more things but this has been a challenge haha
"No route to host" from the UaExpert side?
This means you don't even have a network route to the Ignition Gateway. Firewall, if it's an issue, is not even in play yet.
You're right. Got that setting changed, so now im getting the error
"UaException: status=Bad_Timeout, message=io.netty.channel.ConnectTimeoutException: connection timed out:(ip address of opc expert server)"
Different error , but i feel like its a step closer haha
Err, hold up, you're either talking about something entirely different now, or you described the original problem backwards.
This error message indicates you're trying to connect Ignition as an OPC UA client to some other OPC UA server.
You came into this thread about connecting UaExpert (Client) to Ignition's OPC UA server.
Which is it?
Sorry, new to the terminology of this stuff so apologies if im crossing my wires
I am on Ignition Edge attempting to connect to OPC Expert in the "OPC Client" tab within Edge.
The goal is to use ignition edge to pull in data from OPC expert.
Ok, got it. Moved this to a new topic.
None of the previous advice about Bind Address is relevant in this case.
The firewall change needs to happen on the OPC Expert server, not likely the Ignition server. The port would be whatever port that server listens on (the same one you use in the endpoint URL you configured on the Ignition side).
As long as you don't happen to be using macOS, then the current error is likely a firewall or other networking issue. It's just indicating that there is no response when the Ignition side tries to open the TCP connection. You would see this reflected in a Wireshark capture as well.
1 Like
Does it matter if Ignition Edge is running on a Linux machine? The reason we are trying to do this OPC Expert connection is because we cant use the OPC DA module on a Linux machine.
opc.tcp://APP1 IP ADDRESS/opcexpert is what gives me the timeout error.
We have all ports opened up just to get this initial connection, but still no luck
These are the settings we have (Emerson Smart Firewall)
Inbound:
Outbound :
The eventual end goal is to have Tank Data from PLC > OPC DA > OPC Expert UA > Ignition Edge > MQTT Broker > OSI PI
No, doesn't matter.
1 Like
Is there a specific firewall configuration that needs to happen on the server that the Ignition Edge gateway is being accessed from? I am not privy to those specific firewall rules on the server currently because I am not on the security group
Usually outbound connections aren't restricted, but only your security/IT people can answer that for you.
Regarding outbound connections, would it only be for the device that the Ignition Edge client is on (Moxa Linux device) , or does it need to be for the server we use to admin all of the Edge clients (MQTT Broker server)
It would be this. It's uncommon that outbound connections need to be explicitly allowed.
Does version matter? I am running an older version of Edge (8.1.7)
Might matter later, does not matter yet. Assuming you have the correct hostname/ip and port for that server, this isn't an Ignition issue, configuration or otherwise.