User Manual
Planning (hardware)
IT security
7
20 | 35 A6V11666339_en--_d
7 Planning (hardware)
7.1 IT security
Desigo Control Point works with devices with a web interface. Technically, this would allow to remote connect to
their web interface also by the Internet. For security reasons, this is not allowed directly.
If a remote access is required, it mandatorily must be secured by dedicated additional network IT-security
means. As a consequence, you must comply with all IT security rules.
All participants must have a solid understanding of possible risks and side effects associated with new and
efficient functions (especially remote access).
Refer in this regard to the document
"IT security on installation with Desigo"
(CM110663).
Secure certificates for web server (PXMxx-E, PXG3.x00-1) can be created in ABT Site (see online help).
7.2 Ports for remote access
The following ports must be open on the firewall for Desigo Control Point:
Incoming connections
TCP / 80 http (general access)
TCP / 443 https (secured access)
UDP / 30000 S1 Discovery
UDP / 30001 S1 Discovery
UDP / 47808 BACnet (changes depending on configuration)
UDP / 47874 BACnet (changes depending on configuration)
UDP / 68 DHCP
Outgoing connections
TCP / 443 Desigo Control Point communicates on a regular basis with skyfoundry.com, current at 208.74.84.249, to check
licensing and security.
Note: A connection to skyfoundry.com is not required for Desigo Control Point to operate.