Manualshelf

User Manual

ManualsBrandsSiemens ManualsBuilding automationDesigo CC MP 5.0 BACnet Server, BACnet Protocol Implementation Conformance Statement (PICS), Basic Documentation
11121314151617181920
3
Network Security Controls
18
Siemens Application Note
Smart Infrastructure
3.1.3 Firewall Rules
The firewall rules table shows a list of required ports and services that need to be
allowed to communicate across different network zones of a protected system
configuration. In general, all protective controls for data connections/network traffic
at zone boundaries must be configured as follows:
Deny by default
Allow only ports/services that are required to operate Desigo CC
The following list exemplifies the allowed ports/services for a typical system
configuration. Depending on system configuration on site, divergent set of rules
may result.
Ideally, the things that an advanced Firewall should do are:
Identify and control applications on any port
Identify and control anomalous behavior
Decrypt outbound SSL/TLS and control SSH
(1)
Provide application function control
Systematically manage unknown traffic
Scan for viruses and malware in all applications, on all ports
Enable the same application visibility and control for all users and devices
Make network security simpler, not more complex, with the addition of ap-
plication control
(1)
In the sections that follow, see the description of the certificate usage.
Firewall Settings
When using Desigo CC with a firewall, the execution of processes that open ports
for the communication are restricted by the firewall.
You must add the following ports as exceptions to the firewall if you are installing
Desigo CC on a server. Configuring your firewall settings allows access between
the server and all its client stations, as well as between the server and field panels.
The table below lists the TCP and UDP ports you should add to the server firewall
and any network firewalls between the server and clients, and the server and field
panels.
NOTICE
Firewall Settings
Do not open a port for a program you do not recognize. The port listings in the
following table contain all the ports required for a safe system operation. Ports
that are not required for system operation must be closed for security purposes.