I want to experiment with the Ignition Edge Bacnet driver in a PR-1. I have made a firewall rule to allow port 47808 on ETH1. When I test the port from the Epic the result is “The port is closed or the request timed out”.
How can I open port 47808?
I want to experiment with the Ignition Edge Bacnet driver in a PR-1. I have made a firewall rule to allow port 47808 on ETH1. When I test the port from the Epic the result is “The port is closed or the request timed out”.
How can I open port 47808?
Hi Sheldon, welcome to the forums.
A few ideas. First up, is Eth1 the network connected to the Bacnet network?
Usually Eth1 (the untrusted network) is connected to the router or IT network and Eth0 is the OT or device network, but of course, we have some customers that swap that around which is fine, just need to keep it in mind.
Is Ignition the client or the server? If its the server you don’t need to open the firewall at all since it will issue a request for data out port 47808 and the remote client will answer and the reply will be allowed back through the ‘closed’ firewall and things will just work. (Its like you asking google.com for a search result, you don’t have to open port 443 on your home router to surf the web).
If Ignition is the client, then yes, you will need to open that port, once you have the correct interface you are almost there.
I suspect that trying to test the port from the EPIC that Ignition is running on is not working as the port check packet has to go out and loop back at the interface and come back in on the port possibility on a different interface. EPIC cant do that ‘local loopback’. I have only ever seen a very small number of devices that can pull that off… So if you can, test that port from another EPIC or Linux PC (or even Windows PC using Telnet - which you will have to install as for some reason Windows still noes not install it by default).
Keep in mind, that even from another EPIC if Ignition is set as the server, that port will not respond as the Ignition driver will be expecting to issue commands, not listen for them.
Lets know how you get on.
BACnet devices initiate and are targets of communication, there really isn’t a server or a client since all devices participate in both roles if you want to comply with the standard. The protocol relies heavily on broadcasts as well - makes IP subnets and VPNs a real pain to implement properly. (and NAT-traversal, ugghhh)
BACnet uses UDP, make sure you selected UDP on the firewall.
How are you testing?
Any progress on this one?
If you got it open and running it would be really helpful to know what you found…