I have an installation of Ignition 7.9.10, our security team is going to open the address of the primary server through the firewall to run a view only session of ignition. I have the default ports of 8088 and 8043 added to firewall rules but I receive an error. What other ports have to be open in order for the software to run?
For a client or designer, that’s all you need. (In a default install.)
Do you mean opening to the internet? If so, don’t do this until you’ve upgraded to 8.1. With 8.1 you can open just the SSL port.
It looks like you specified both ports. Can you try IP:8088?
I neglected to mention that I am connecting via a barracuda vpn. With just port 8088 it still returns an error. I have a different vpn profile that is wide open and it works fine. do I must isolate what port is blocking my connection. I read something about port 80 and 443 needing be open.
Seems crazy that I would have to upgrade. What are the advantages of 8.1 and how long has it been out. We are not in full production but close so if upgrading is going to happen its going to happen now or in 8 years when we shutdown again.
7.9 is EOL at the end of June 2022, if you have basic care or greater support the upgrade will be free (barr the time). 8.1 has new features and the one Phil mentioned would be an important security one.
But back to your original question, I have a 7.9 install that is whitelisted for only one external static IP to connect through to, and only 8088 is open on the firewall rule for it.
Looking at the release timestamps, 8.1.0 came out 20201102, the current version is 8.1.17
Good lord! What possessed you to pick v7.9 for a new install? See this old discussion:
Upgrade ASAP.
I am new to ignition and this is what was developed by our integrator as part of the project scope.
For reference, 7.9 first came out in 2016. Do you have basic care or better support?
Tried first with just IP:8088 then IP :8043 then both. I believe Opening 443 and 80 will work. I am waiting on our firewall team to open for testing.
Thanks,
Walt
As of now support is limited to devloper not inductive automation. I am sure some support is attached to the purchase of the software but I am no privy to that information until the keys to the kingdom are handed over. Its all legalease now
7.9 requires both HTTP and HTTPS ports be open for downloading (one of many security issues that are fixed in 8.1). The multi-port address scheme is correct, but which pair of ports are correct is going to depend a lot on your network infrastructure and what you have between gateway and designer.
I’ll chime in and say that I would definitely try to push for a newer version. You don’t have to use Perspective to use 8.1 (in case there’s any FUD about it coming from anywhere) - Vision is still there, still fully supported, for the foreseeable future.
Excuse my ignorance but if you are connected to the network via VPN do you need any external ports opened ? As long as the machine that is running ignition has its ports opened no external ports should be needed ?
My tag server is inside a L2 network. The system I am connecting to is outside the L3 network.
VPN–> to firewall → to L2 tag server
firewall is blocking something because it will run fine on the L3 network but once you step outside the L3 the firewall blocks it