User Manual

ManualsBrandsSiemens ManualsBuilding automationDesigo CC MP 5.0 BACnet Server, BACnet Protocol Implementation Conformance Statement (PICS), Basic Documentation

Network Security Controls

3

19

Siemens

Application Note

Smart Infrastructure

Server Communication

Port usage across machine boundaries for client-server and server-server

communication

Core Services on Main Server

Providing component

Remote consumer

(connects to this port)

Component,

Executable

Default Port

Port

Configuration

Protocol

–

Comment

Port exposure to other

machines in the

network

Installed Client (Secure)

Installed Client (Nonsecure)

Remote Client

Web Client

FEP (Secure)

FEP (Nonsecure)

Separate Web Server

Remote System (Secure)

Remote System

(NonSecure)

Data Manager

TCP: 4897

SMC

WinCC OA Com-

munication

Exposed if project is

set to "Nonsecure" in

SMC

X

6)

X

8)

WCCILdata.exe

1)

UDP: 4897

Event Manager

TCP: 4998

SMC

WinCC OA Com-

munication

Exposed if project is

set to "Nonsecure" in

SMC

X

6)

X

8)

WCCILevent.exe

1)

UDP: 4998

Distribution Manag-

er

TCP: 4777

SMC

WinCC OA Com-

munication

Distributed systems

only

X

11)

WCCILdist.exe

1)

UDP: 4777

Exposed if project is

set to "Nonsecure" in

SMC

HDB Reader

TCP:

7774

SMC

WinCC OA Com-

munication

Exposed if project is

set to "Nonsecure" in

SMC

X

7)

X

7)

WCCO-

AHDBReader.exe

2)

UDP: 7774

CCom Manager

TCP: 8000 SMC

HTTP(S) - WCF

Web Service

Exposed if 'Web

Server Communica-

tion' is enabled

X

9)

WCCOAC-

ComMgr.exe

2)

SSL Proxy Manager TCP: 5678

SMC

WinCC OA Com-

munication (SSL

encrypted)

Exposed if project is

set to "Secure" in

SMC

X

7)

X

7)

X

11)

WCCILproxy.exe

1)

UDP: 5678

Query Cache

Manager

TCP: 4779 SMC

WinCC OA Com-

munication

Exposed if Query

Cache Manager is

activated for a project

and project is set to

"

Nonsecure

" (in SMC)

X

7)

X

7)

WCCOAqueryCac

he.exe

2)

SMC ProjectData

Service

TCP: 8888 SMC

HTTP - WCF Ser-

vice

always exposed X

5)

X

5)

X

5)

X

5)

Sie-

mens.Gms.Smc.

WCFWin-

dowsService-

Host.exe

2)

Project Monitoring

Service

TCP: 4999 SMC

http / pmon protocol

never exposed

GMS_WCCILpmo

n_[ProjectName].e

xe

1)

Only used for

communication of

components on the

local machine

Microsoft IIS TCP: 80 SMC HTTP always exposed X X

Microsoft IIS TCP: 443 SMC HTTPS always exposed X X

MS SQL Server

Browser

UDP: 1434 SQL Server

depends on SQL

Server configuration

sqlbrowser.exe Default: exposed

MS SQL Server DB

instance (HDB)

TCP: variable

3)

SQL Server

depends on SQL

Server configuration

sqlserver.exe Default: exposed

File and Printer

Sharing (NetBIOS

Session Service

connections)

TCP: 139 n/a TCP X X X X X X X

File and Printer

Sharing (Server

Message Block

transmission and

reception via

Named Pipes)

TCP: 445 n/a TCP X X X X X X X

X: port needs to get configured in the firewall of the main server for inbound communication, if the host

is protected by a firewall