NE870 FW rules and ports
Hi Stefan,
You helped me recently troubleshoot NE870 firewall not showing in RNRP. That is all working well now.
Made me wonder though, if you by any chance have some documentation which could help me understand the communication between 800xA and Controller. I found a config file on download center with default FW rules and I amended it according to 3BSE085444-420_B_en_800xA_Networks_-_NE800_Getting_Started_Guide. There is a list of rules (pic below), which should be on firewall. The information is a bit vague though, there is no info what those ports are used for. I have some idea about well known ports, but the rest are mystery to me. For example, you told me that RNRP runs on port 2423, but what about port 2757 and 3339-3341?

Thank you
Ondrej
You helped me recently troubleshoot NE870 firewall not showing in RNRP. That is all working well now.
Made me wonder though, if you by any chance have some documentation which could help me understand the communication between 800xA and Controller. I found a config file on download center with default FW rules and I amended it according to 3BSE085444-420_B_en_800xA_Networks_-_NE800_Getting_Started_Guide. There is a list of rules (pic below), which should be on firewall. The information is a bit vague though, there is no info what those ports are used for. I have some idea about well known ports, but the rest are mystery to me. For example, you told me that RNRP runs on port 2423, but what about port 2757 and 3339-3341?

Thank you
Ondrej
Answers
Unfortunately, there exists no comprehensive document covering all ports and protocols used by System 800xA.
I recommend downloading the following documents from ABB Library:
- Secure Deployment User's Guide, e.g. 3BSE090880-6031.
- ABB Ability™ System 800xA AC 800M Communication Protocols, 3BSE035982-610 A.
e.g.

UDP 123 is SNTP
UDP 161 and 162 is SNMP
UDP 2423 is RNRP routing protocol
UDP 2757 is AC 800M IAC
UDP 3339 is RNRP hosts file service
TCP 3340 is default port for Multisystem Integration
UDP 3341 is CNCP (but CNCP is a multicasted protocol and will anyway not make it across a router)
...
What ports your installation need may vary, if you do not have IAC, there is no need to make firewall exclusion for it. "Less is more". The document you refer to is kind of "common for all" which is not very good from a security hardening perspective...
I also use Adobe DC Professional to maintain a set of search indexes for most of the documentation we release and I'm involved in support of. A wide scope search is just a few clicks away...

I recommend downloading the following documents from ABB Library:
- Secure Deployment User's Guide, e.g. 3BSE090880-6031.
- ABB Ability™ System 800xA AC 800M Communication Protocols, 3BSE035982-610 A.
e.g.

UDP 123 is SNTP
UDP 161 and 162 is SNMP
UDP 2423 is RNRP routing protocol
UDP 2757 is AC 800M IAC
UDP 3339 is RNRP hosts file service
TCP 3340 is default port for Multisystem Integration
UDP 3341 is CNCP (but CNCP is a multicasted protocol and will anyway not make it across a router)
...
What ports your installation need may vary, if you do not have IAC, there is no need to make firewall exclusion for it. "Less is more". The document you refer to is kind of "common for all" which is not very good from a security hardening perspective...
I also use Adobe DC Professional to maintain a set of search indexes for most of the documentation we release and I'm involved in support of. A wide scope search is just a few clicks away...

Add new comment