14.5 Internet Protocol ports security guideline
The Internet Protocol ports security guide line can not suggest concrete products
for a secure system setup. This must be decided along the specific project,
requirements and existing infrastructure. The required external equipment can be
separated devices or devices that combine firewall, router and secure VPN
functionality.
To setup an Internet Protocol firewall the following table summarizes the Internet
Protocol ports used in the 670 series. The ports are listed in ascending order. The
column “Default state” defines whether a port is open or closed by default. All
ports that are closed by default are opened by configuration enabling.
Port Protocol Default state Service Comment
21 TCP open FTP File transfer protocol
102 TCP open IEC 61850 MMS communication
123 UDP closed SNTP Simple network time protocol
1024 UDP closed Reserved Filtered, no answer
7001 TCP open SPA Propriatory for PCM600
20 000 TCP closed DNP3 DNP3 DNP communication only
20 000 UDP closed DNP3 DNP3 DNP communication only
The 670 series supports two Ethernet communication protocols. These protocols
are IEC61850, and DNP3/TCP. These communication protocols are enabled by
configuration. This means that the Internet Protocol port is closed and not available
if the configuration of the 670 series doesn't contain a communication line of the
protocol. If a protocol is configured the corresponding Internet Protocol port is
open all the time.
Please refer to the 670 series technical reference manual and the
corresponding protocol documentation on how to configure a
certain communication protocol for the 670 series.
There are some restrictions and dependencies:
• The Internet Protocol port used for file transfer (default port 21) is fixed and
cannot be changed.
• The Internet Protocol port used for IEC61850 (default port 102) is fixed and
can not be changed.
• The Internet Protocol ports used for DNP3 are configurable. The
communication protocol DNP3 could operate on UDP (default port 20 000) or
TCP (default port 20 000). It is defined in the configuration which type of
Section 14 1MRK505209-UEN E
Authorization
98
Operator's manual
To Next Page
Loading...
