Manualshelf

Specifications

ManualsBrandsBaseWall ManualsComputer equipmentDual WAN VPN Firewall VPN 2000
191192193194195196197198199200
Table Of Contents
Chapter 6 Using Security Technologies
Using a Firewall or Proxy Device
Niagara Release 2.3
Niagara Networking & Connectivity Guide Revised: May 22, 2002
6–5
Niagara hosts function well in many firewall environments, with the following
conditions:
Java applets must be able to be downloaded through the firewall. Any Niagara
host serving up GxPage graphics, log charts, and schedule and calendar editors
must be able to send the applets associated with these servlet pages to a BUI
client. (Figure 6-1).
Figure 6-1 Java applet downloading to a BUI client through a firewall.
On any firewall, application ports may need to be opened to allow
communication between any two Niagara hosts on opposite sides of the
firewall. See the “Default Niagara Port Numbers” section on page 6-7.
Firewalls using the application proxy and stateful inspection techniques for
security may block the following Niagara communication functions (see
Figure 6-2):
using interstation links between stations
using the alarm console to monitor alarms on a remote station
using the station monitoring function to monitor a remote host
using pushed archiving
using the JDE to engineer a remote station
These connections are created using an HTTP request to open a socket. Once
the socket is open the connection remains open and proprietary messages are
sent between the server and client (without the appropriate HTTP header). Any
technique that inspects each packet for validity may reject these successive
packets. If you require these functions, request that the firewall be configured
to not block connections between Niagara hosts.
Browser User
Interface (BUI)
Firewall must have
downloading of
Java applets enabled
B
r
o
w
s
e
r
U
s
e
r
r
e
q
u
e
s
t
s
G
x
,
s
c
h
e
d
u
l
e
,
o
r
c
a
l
e
n
d
a
r
p
a
g
e
J
A
C
E
-
N
P
s
e
n
d
s
a
s
s
o
c
i
a
t
e
d
J
a
v
a
a
p
p
l
e
t
JACE-NP
with WebUI
service