User`s guide
Web Site Security
890 USE 152 00 Version 2.0 25
External Security, Continued
Network-Level
Firewalls
Network-level firewalls are frequently installed between the Internet and a single
point of entry to an internal, protected network.
Application-
Level Firewalls
An application-level firewall acts on behalf of an application; for instance, FTP. It
intercepts all traffic destined for that application and decides whether to forward
that traffic to the application. Application-level firewalls reside on individual host
computers.
Considerations
for FactoryCast
Configurator
FactoryCast Configurator uses FTP to access Embedded Server files. If you want
viewers to be able to access your site from the Internet and your Embedded Server
is protected by a firewall, then that firewall must be configured to allow FTP traffic.
The firewall may be configured to allow network connections to a restricted port
range or to allow traffic to and from certain IP addresses. Firewalls configured to
allow incoming data to FTP’s well-known TCP/IP port of 21, and to allow incoming
data to ports higher than 1024, will grant access to protected Embedded Servers.
The FactoryCast client follows the “Firewall Friendly FTP” standard, RFC 1579. It
issues an FTP PASV command to FactoryCast before all attempts to establish an
FTP data connection.
FactoryCast Client uses TCP/IP port 80 for HTTP access to Web pages stored on
an Embedded Server. Schneider Automation’s MBAP protocol is used to access
run-time data on TCP/IP port 502. These ports must also be made available
through the firewall.
Note: Quantum users who want to add a single FTP password to the server can
create an ASCII file, ftplist.dat. This file should contain the user name
string on the first line and a password string on the second line. For
example:
MyUser
My password
Save this file to your local PC directory under \FactoryCast\Qbf\Software
\wwwroot\ftplist.dat. Next, use the Configurator to “Restore Defaults”