DISCLAIMER
The example below is intended to demonstrate one or more features or methods and is presented as a configuration example only. Schneider Electric assumes no liability for the use or application of this example or any portion thereof.
On a redundant system (Hot-Standby, Triple Standby, with or without Permanent Standby servers) you need to configure the firewall so that it allows connections to be made between the partner servers. Before showing which ports are used in such connections, let's talk about how the "Server to Server" connections are established.
Server to Server connections
For all non-web client applications, a connection to a server is established like this:
- The currently main server makes a connection to the partner server by creating a connection to the partner's incoming port (port 5481 by default, see below). The main server uses this connection to send information to the partner server including, for example, synchronization of data and configuration.
- Standby servers make connections to the main server by creating a connection to the main server's incoming port (5481 by default, see below). The standby server uses this connection to send requests such as control requests and proxied actions.
- ClearSCADA servers will check the status of their partner servers by establishing a connection to their standby servers on the partner's incoming port (5481 by default, see below).
- ClearSCADA servers will check the status of their partner servers' hardware by performing an ICMP poll. This is designed to check for hardware failure of the partner device of intermediate network infrastructure.
Firewalls must be configured to allow ClearSCADA partners to establish connections on the incoming port (5481 by default, see below) and to perform ICMP polling.
| Note | As DMZ Permanent Standby Server are designed not to perform controls or proxied actions on the server, they do not establish links from the DMZ Permanent Standby Server to the main server. They also do not perform ICMP polling of the main server. As such firewalls must allow traffic on the incoming port (port 5481 by default, see below) and via ICMP from the Main to the DMZ standby, but not the other way around. |
Summary of Port Usage
The table below shows which ports are used by the server (by default). The information is categorized under these headings:
- Protocol - Indicates the protocol used by the port (TCP, UDP or ICMP)
- Port(s) - Shows the port or ports that are used by the server. The table shows the numbers for the default ports (you can configure your system to use different ports)
- Incoming Connection - Indicates the component that receives the connection request
- Outgoing Connection - Indicates the component that attempts to open the connection
| Protocol | Port(s) | Incoming Connection | Outgoing Connection | Description |
| TCP | 5481 by default | Main, Standby and Permanent Standby Server | Partner | Used for sending synchronization data from main to standby, for proxying controls and other actions from standby to main and for checking the status of partner servers. This port number can be configured under the Server Configuration's Global Parameters -> Advanced |
| ICMP | N/A | Main, Standby and Permanent Standby Server | Partner | Used for checking the status of partner server hardware |
