Hello! I am using Rockwell PLC5, Ignition and Tofino firewall. I have unlocked ports 44818 and 2222 but communication is not going.. when i reset firewall to defaults - it is going..
The driver gets locked on - determining protocol...
Does anyone knows - which ports more do i need to unlock?
Those should be the only ports that are needed, so perhaps there's something else that needs configuration in the firewall. I'm not familiar with either things you listed ("OSS" or "Tofino").
But it is strange it is getting stacked on determing protocol... what packets are sent then? cause it looks like taht is an issue
All wright if anyone would ever be searching that topic.... you got to use Any UDP and ANY TCP bidrectional allow traffic - cause this old devices used something called Enum TCP/UDP which means the basic communication is based on 44818 or 2222 but detailed answers will be sent on random free ports...
That is totally normal for all TCP connections. The originator chooses an ephemeral reply port for the target to use for all replies on that connection. Your firewall is broken if it needs anything special to support this.
Nope it is not... It is special industrial type firewal - does your firewall allow you to for example allow only Modbus ?? it is a DPI firewall which means - Deep packet inspection.. it is for example by default blockig ping request which are ICMP... is my firewall broken cause it is not allowing ping.. nope it is not
All TCP/IP connections use an ephemeral port on the originator end. Use wireshark to see traffic to any website if you don't believe me.
I'll stop here.
I do believe you.. but that is not a website - it is high security industrial devices.. it is working with new devices.. like S7-400 without any problems.. but this PLC5 is old... anyway it is sorted out. Yup i spent a lot of time on wireshark 
Work with the vendor of this firewall to verify you have the latest packages for the devices you are connecting to. When we encountered issues with our newer firewalls (including their DPI for Rockwell protocols), they've been very receptive to update their libraries and provide us with an appropriate solution. Opening a firewall up to all ports doesn't sound like the right solution here... Though, I'd be lying if I said I have never done the same thing (temporarily) to minimize impacts to production while a more elegant solution is implemented.