How To Open Ports On A Field Agent; The Ports Configuration File; Activating The Ports Configuration - GE Mini Field Agent User Manual

6.1.5 How to Open Ports on a Field Agent

Some applications and Machine Adapters may require opening one or more of the user or registered TCP or UDP ports
(starting at port number 1024). If a Machine Adapter requires connecting to a server on another device, a port does not
need to be opened in this Field Agent's firewall since outgoing client requests are permitted by default. For example, the
OPC UA Machine Adapter acts as a client that connects to an external OPC UA server, so the default firewall does not
need to be modified in this case. However, if an application or Machine Adapter requires listening on a port for incoming
network traffic, the firewall needs to be modified to permit incoming traffic on this port. For example, the EGD Machine
Adapter requires UDP port 18246 to be opened in the Field Agent's firewall.
Currently, the MFA and VFA support opening additional ports through the firewall on Local Area Network (LAN)
interfaces. The EFA also supports opening additional ports, but since there is no dedicated LAN interface on the EFA, the
ports are opened on the WAN interface. Opening ports on the EFA WAN is intended for use cases involving an EFA
connected to a LAN from which data is being collected. Whenever EFA WAN ports are opened, it is the responsibility of
the customer to set up and configure proper routers and firewalls between the LAN and the Internet to limit outgoing
traffic to only what is required for the EFA to communicate with the EdgeManager and the Time Series database.
See GFK-3019 Field Agent Machine Adapters User Guide for the list of required ports to be opened for each supported
Machine Adapter. See GFK-3009 Field Agents Secure Deployment Guide for the cybersecurity considerations of opening
non-default ports on the Field Agent's firewall.
In order to open ports, there is a configuration file to edit, deploy and activate.
6.1.5.1

The Ports Configuration File

The ports configuration file (com.ge.ac.fieldagent.network.ports.cfg) is available as part of the Configuration template
associated with a Field Agent. For a link to this template, see
line for TCP ports and a line for UDP ports. The following example shows opening up TCP ports 8080 and 8081 and UDP ports
7937 and 18246.
com.ge.ac.fieldagent.network.ports.open.lan.tcp="8080,8081"
com.ge.ac.fieldagent.network.ports.open.lan.udp="7937,18246"
Once the com.ge.ac.fieldagent.network.ports.cfg file is edited as required for this job, it must be deployed. For instructions on
deploying a configuration, see
6.1.5.2

Activating the Ports Configuration

Once the ports configuration file has been deployed, it must be activated. Currently there are several possible ways in which this
file can be activated. In a future release the Configuration Templates will be upgraded so that deploying the template will make
sure that the ports configuration file is activated. However, with current releases, one of the following must be done:
1. Press Save on the Network Configuration page in the Web Console (even if no changes are made) OR
2. Reboot the Field Agent OR
3. On an MFA or EFA, enable or disable Configuration Mode.
For public disclosure
Configuration Management.
Configuration Management. In this configuration file there is a
GFK-2993F 76