Step 2 (for client or server): Configuring firewall settings

If firewall security is enabled, you may need to add items to the Exceptions list. We recommend that you configure the Firewall settings both on the OPC Classic client and on the OPC Classic server you want to use.

Required firewall configuration

  • Port Number:
    Allow TCP and UDP connections on port 135.

  • If CSense is acting as the OPC Classic Client:
    Allow the following executables through:

    • Architect.exe

    • Continuous Troubleshooter.exe

    • Discrete and Batch Troubleshooter.exe

    • ScheduledActionObject.exe

    • MGDynamo.exe

Configuring Windows Firewall settings

In order to achieve the configuration described above, log into the Windows operating system with an Administrator account in order to modify the Windows Firewall settings as follows:

  1. Click Start > Control Panel > Windows Firewall. The Windows Firewall dialog box appears.

  2. Ensure that Windows Firewall is on.

  3. Click Allow a program or feature through the Windows Firewall. Make sure that the File and Printer Sharing check box is selected. By default, "Domain" permissions are granted for this feature, which is sufficient. Click OK.

  4. From the Windows Firewall dialog, click on Advanced Settings. Under both Inbound Rules and Outbound Rules, ensure that you have rules to allow both TCP and UDP protocols (4 rules in total). You will need to add some new rules via the wizard, and you may also be able to enable a predefined rule, such as the rule called COM+ Network Access (DCOM-In), which gives you an inbound rule for TCP. The procedure for adding new rules via the wizard is as follows.

    1. At the Rule Type step, select the Port type of rule.

    2. At the Protocols and Ports step, select either TCP or UDP, depending on which rule you are defining. Also, select for the rule to apply specifically to port 135.

    3. At the Action step, select whether you want to Allow the connection for all connections, or whether you want to Allow the connection if it is secure, allowing only those connections authenticated by IPsec. If you are sure that valid connections will be authenticated with IPsec, then you should select that option for enhanced security.

    4. At the Profile step, select the check box for Domain application of the rule.

    5. At the Name step, specify a descriptive name for your rule, such as COM+ Network Access UDP (DCOM-In UDP).

  5. From the Windows Firewall dialog, click Allow a program or feature through the Windows Firewall. Then click Allow another program. The Add a Program dialog box appears. Click Browse to search for a program to allow through the firewall. A Browse dialog box appears.

    1. Navigate to the System32 folder or, if you are on a 64-bit operating system, the folder named SysWOW64. Whichever folder applies will be found under the operating system folder (usually Windows or WINNT).

    2. In this folder, select the OpcEnum.exe file, and then click the Open button.

    3. In the Add a Program dialog box, the path field displays the full path to, and including, the OpcEnum.exe file.

    4. Click Add.

    5. OpcEnum.exe should now be listed in the Allowed programs and features list with its check box selected and default "Domain" permissions granted.

  6. For each OPC Classic server that you want to access, do the same as in step 5 to allow this server access.

  7. If CSense is acting as the OPC Classic client or server, do the same as in step 5 to allow the following executables through:

    By default, the above executables are found under C:\Program Files (x86)\Proficy\Proficy CSense, except for MGDynamo.exe, which is found under C:\Program Files (x86)\Common Files\Proficy CSense Shared.

    • Architect.exe

    • Continuous Troubleshooter.exe

    • Discrete and Batch Troubleshooter.exe

    • ScheduledActionObject.exe

    • MGDynamo.exe

NOTES:

If any OPC Classic server that you want to use is a DLL surrogate (an in-process DLL and not an .exe), you must add \system32\dllhost.exe into the Allowed programs list.

If a third party is acting as the OPC Classic client or server (e.g., MyOPCClient.exe or MyOPCServer.exe), add exceptions in the firewall to allow MyOPCClient.exe or MyOPCServer.exe through.

OpcEnum.exe must reside on the remote machine with the OPC Classic server. While most OPC Classic server applications install and register this file, some do not. You can download this file from www.opcfoundation.org. Currently it is contained within the OPC Classic Core Components 3.00 Redistributable 2.30.msi file. After you download OpcEnum.exe, run the .msi file.

Related Topics:

Configuring the OPC Classic server:

Configuring the OPC client:

  

CSense 2023- Last updated: June 24,2025
Back to Home