22.1.7  Firewall or blocked TCP ports

If your Client get the message "Cannot connect to SCADA node" and the node is running, then the primary and secondary TCP ports are probably blocked by a firewall.

A good diagnostic test is if your connection to the WebAccess DRAW or VIEW fails, but connection to the Configuration Manager worked, then a firewall is the most likely reason.  

A Firewall restricts the flow of data onto a network; it is a method of network security. Many corporations use firewalls.  If your connection is through a firewall, you will need to have your network administrator open two TCP ports for you to use the DRAW or VIEW features in WebAccess.  You should be able to use the Configuration Manager without having TCP ports opened for you.  This only applies if you are connecting through the firewall. If all your WebAccess Clients and SCADA nodes are inside the firewall, you can ignore this. The TCP ports are set on the SCADA node.  You can see the TCP Ports listed in the Project Configuration Manager described in Section 1. Note that 0 means the default ports numbers are used (4592 and 14592).

If you are connecting through a firewall, you will have to have your network administrator open two TCP ports for you. The default TCP Ports used in WebAccess are:

· Primary TCP Port = 4592

· Secondary TCP Port = 14592

These are configurable in SCADA Node properties, if for some reason your network administrator would prefer to use other ports.

You can download a Port Query tool from microsoft.com that allows you to test if a Port is blocked (Filtered or Not Listening) or open and actively monitored (Listening). Not Listening could also mean the webvrpcs is not running on the SCADA or Project Node. The program is PortQry. Search Microsoft Website for that name if the following link does not work for you:

PortQry version 2.0

For example, to test access to the WebAccess demo :

Download and install the PortQry from PortQry version 2.0

Start -> Run -> CMD

Enter the following commands in the Command prompt window

CD ..

CD..

CD PortQry*

To get Help enter:

portqry /?

To test if the WebAccess demo site port 4592 is open and listening enter:

portqry -n 64.55.156.4 -e 4592 -p TCP

The repeat for 64.55.156.4:4592

portqry -n 64.55.156.4 -e 14592 -p TCP

For more information see:

1.6.1.3 TCP Ports and Firewalls

1.6.1.4 Routers, Proxy Servers, Port Mapping and NAT

2.3.5  Add SCADA Node