Reg Port 4445 and 4446

harigobu.gb · February 27, 2019, 9:51am

Hi,

In online manual (https://docs.inductiveautomation.com/display/DOC79/Advanced+Gateway+Settings), Advanced Gateway Setting page it was listed that port 4445 & 4446 will be required to open. Wanted to understand the purpose of these ports, How it is contributing for Ignition gateway network. weather it mandatory to open(configure) it in firewall. This will help our IT team to configure the firewall port.

Regards,
Hari GB.

grietveld · February 27, 2019, 12:45pm

I don’t believe that the ports there are required to be open, but not having them open may make some functionality disabled.

These two ports are incoming and outgoing multicast packets. This most likely would remove the auto-discover functions for clients searching for gateways and gateways searching for devices. There may some other features, but I’m not certain.

jlivingston · February 27, 2019, 3:36pm

Please note that the two multicast ports are UDP, which may be considered a security breach by some I.T. folks. Where TCP is considered to be a ‘connection less’ oriented ( as in connect and disconnect all the time ) protocol, UDP is generally known for being a ‘connected’-all-the-time protocol ( as in used with reliable connections- ie. hardwire or fiber optic ). It is still possible to use security on UDP, yet most IT folks would guess that TLS and SSL are protecting only TCP connections. More information is available about Sockets (SecureSocketsLayer). So you may wish to talk further with your IT folks about firewall features, whether the firewalls are hard ( dedicated appliances that you can see ) or ‘soft’ as in software that runs on machines physically wired to the Internet at large. They may also want to know about how many certificates are needed and what versions of TLS and/or SSL are supported. The I.T. folks may know more than you think about UDP past practice. They may also want to know if the specific ports mentioned can be enabled for discovery then shut down for normal use.

Kevin.Herron · February 27, 2019, 3:45pm

UDP is technically a "connected-never" protocol

It's message/packet-oriented, there is no concept of being connected.

jlivingston · February 27, 2019, 3:48pm

O.K.- I was just remembering those notes and making an edit. BTW- do you also remember the one time that UDP was used as a new ‘hack’? This was explained a few times in writing- yet is not generally known to most folks.

harigobu.gb · March 2, 2019, 7:30am

Hi Kevin,

Thanks for your reply, Could you please add more details relating to my queries.

~Hari GB.