NI Tutorial 12402 En

download NI Tutorial 12402 En

of 4

Transcript of NI Tutorial 12402 En

  • 7/27/2019 NI Tutorial 12402 En

    1/41/4 www.ni.c

    1.

    2.

    3.

    4.

    Configuring Software and Hardware Firewalls to Support National Instruments Products

    Publish Date: Mar 29, 2013 | 24 Ratings | out of 53.75

    Overview

    National Instruments software packages and embedded hardware targets take advantage of network communication for application deployment, remote control of applications or instruments,

    ransferring data, accessing and hosting web servers and services, and more. When using National Instruments network-enabled products with hardware or software firewalls, information about

    individual network port access may be needed to permit communication. This tutorial briefly explains the networking settings associated with performing common tasks using NI products, includin

    he default TCP/UDP ports used and how to reconfigure these ports (if possible).

    Table of Contents

    Introduction to Network Ports and Firewalls

    Network Ports and Settings Used by National Instruments Products

    Summary Table (Network Ports and Settings)

    Additional Assistance

    1. Introduction to Network Ports and Firewalls

    On modern computer systems, network communication including web page traffic, file transfers, emails, and more can be logically divided into different layers; this is known as the . OnOSI Model

    layer, known as the network layer, is responsible for successfully routing network traffic, and providing error detection and diagnostic capability. The main network layer protocol used for both local

    network and Internet communication is known as Internet Protocol (IP). Another layer, known as the transport layer, is responsible for providing end-to-end communication services for application

    Two of the most common transport layer protocols are Transmission Control Protocol (TCP) and User Datagram Protocol (UDP).

    In order for a piece of network traffic to reach an application on a remote system, it must contain two key pieces of information: an address for the computer(s) that should receive the traffic (this is

    referred to as an IP address when using the IP protocol), and a number for the application on the remote system(s) that should process the data. The IP address of the computerdestination port

    ransmitting the data or request is also sent along with a source port number used by the originating application. In practice, each transport layer protocol (e.g. TCP, UDP) allows for up to 65,535

    ports that applications can use.

    If an application on a given computer is accepting data, or "listening" on a given port, then the potential exists for that application to receive network data and do something based on that data. In t

    way, network traffic can affect the operation of a system up to the extent that an application allows. To reduce the effect that network traffic can have on a computer's operation, both networking

    equipment and individual computers may employ filters called that use a set of rules to allow or block certain unwanted network traffic (based on IP addresses, ports, or applications that firewalls

    attempting to send the traffic).

    Hardware Firewalls

    Hardware firewalls are commonly built into networking equipment (such as routers), and examine each piece of network traffic (known as packets) as they are received and then re-transmitted. Th

    header of each packet contains information about the destination IP address, transport layer protocol used, remote port number, and more. Hardware firewalls can filter packets based on this

    information and a set of user-defined rules, resulting in certain network packets being allowed and others being dropped without re-transmission.

    Although each individual hardware firewall may be configured differently (or have different default settings), many personal network routers are set up by default to allow all outgoing traffic and

    disable all incoming traffic between a local and external network. All traffic within the local network itself is typically allowed by default, and incoming traffic based on a recent outgoing request is al

    ypically allowed.

    Software Firewalls

    In addition to the presence of hardware firewalls on network, individual computers may also run firewall software packages to filter network communications and protect against the unwanted

    influence of remote machines. While software firewalls have a similar objective as hardware firewalls, they use different methods to do this filtering.

    To filter packets based on header information (IP address, transport layer protocol, port, etc), software firewalls commonly employ an intermediate network driver that can accept or reject traffic

    based on rules before passing it to an application (in the case of incoming packets) or for outbound transmission. To filter network traffic based on the individual running application, or process, tha

    attempting to send or receive data, software firewalls can also intercept software calls between applications and underlying transport layer protocol drivers. Using this method, for example, certain

    applications could be denied the opportunity to listen for data on a specific port, while others could be granted this permission.

    Although each software firewall package may be configured differently (or have different default settings), many personal firewall software packages are set up by default to allow all outgoing port

    raffic and disable all incoming port traffic. However, these packages typically also enable incoming port traffic that is expected based on a previous outgoing request. As mentioned previously,

    firewall software may also prompt the user to allow or restrict port access for individual applications.

    2. Network Ports and Settings Used by National Instruments Products

    A wide variety of National Instruments products take advantage of network communication to provide different types of functionality -- from identifying networked hardware targets to providing acc

    o web services created in LabVIEW. Given the fact that the majority of corporate and personal networks feature a combination of hardware and software firewalls, it is often necessary to change

    firewall settings to allow the network traffic needed for a given National Instruments product to function properly.

    The remainder of this document outlines the transport layer protocols and ports that different National Instruments products and features use, as well as where you can change these ports (if this i

    possible). Please see the documentation for your hardware or software firewall for instructions on how to change firewall settings in order to allow the desired traffic. If you are working on a large

    network in which you do not have access to change hardware or software firewall settings, please contact your network administrator and reference this document.

    Remember that in most situations it is only necessary to configure your hardware or software firewalls to enable incoming connections to server ports (for servers running on your

    local PCs or embedded hardware targets). When using software firewalls, you may also be prompted to allow individual applications to send or receive data.

    Hardware Identification (Measurement & Automation Explorer)

    Description of Functionality: NI Measurement & Automation Explorer (MAX) sends broadcast network traffic to poll for all locally available National Instruments network-enabled devices (such aLabVIEW Real-Time targets).

    Server Ports: UDP port 44525

    Are the Ports Configurable?: No

    eb Servers and Remote Control

    Web Monitoring and Configuration of Networked Devices

    Description of Functionality:As of the release of LabVIEW 2010, it is possible to .monitor and configure many National Instruments network-enabled devices using a web browser

    Server Ports: UDP port 5353 (used for device detection over mDNS), TCP port 52725 (used for the NI Network Browser utility), TCP port 3580 (web monitoring and configuration server port)

    Are the Ports Configurable?: No

    Location of Port Settings: You can not change the web monitoring and configuration server ports. However, you can choose to enable SSL communication by visiting the web monitoring and

    configuration page for a given system (http://IP_ADDRESS:5353) and using the Web Server Configuration page and the settings under System Web Server.

    LabVIEW Remote Front Panels

    Description of Functionality: Remote Front Panels enable viewing and controlling VI front panels on one PC or embedded target from another network-connected PC.

    Server Ports: TCP port 8000 (default if SSL disabled), TCP port 433 (default of SSL enabled)

    http://en.wikipedia.org/wiki/OSI_modelhttp://zone.ni.com/reference/en-XX/help/371361G-01/lvhowto/ni_webconfig/http://zone.ni.com/devzone/cda/tut/p/id/3277http://www.ni.com/http://zone.ni.com/devzone/cda/tut/p/id/3277http://zone.ni.com/reference/en-XX/help/371361G-01/lvhowto/ni_webconfig/http://en.wikipedia.org/wiki/OSI_model
  • 7/27/2019 NI Tutorial 12402 En

    2/42/4 www.ni.c

    Are the Ports Configurable?: Yes

    Location of Port Settings: Remote front panel settings for VIs that run on a desktop PC can be configured from the Tools >> Web Server page under Remote Panel Server and HTTP port. The

    Remote front panel server can also optionally be configured to use SSL from the same settings page, and use a separate SSL port. When configuring the remote front panel server for an embedd

    hardware target, these same settings are accessible from the LabVIEW project by right clicking on the target and selecting Properties >> Web Server.

    Web Services Created by LabVIEW

    Description of Functionality: LabVIEW applications can be made into web services and then accessed from other networked systems when hosted using the LabVIEW Application Web Server.

    Server Ports: TCP port 8080 (default)

    Are the Ports Configurable?: Yes

    Location of Port Settings: You can change the Application Web Server port used to host LabVIEW web services using the web monitoring and configuration page for the server machine. This c

    be accessed by visiting (http://IP_ADDRESS:5353) and then visiting the Web Server Configuration page and using the settings under Application Web Server. In addition, it is possible to assign

    additional ports and optionally use SSL for Application Web Server communication using these settings.

    Programmatic Application Control with VI Server

    Description of Functionality:VI Servercan be used to programatically control front panel objects, VIs, and LabVIEW on a given computer from either the local system or a remote machine.

    Server Ports: TCP port 3363 (default)

    Are the Ports Configurable?: Yes

    Location of Port Settings: You can change the VI Server port on a development computer by navigating to the Tools >> Options >> VI Server menu. To change the VI Server port on an embedde

    hardware target (e.g. CompactRIO), right click on the target in the LabVIEW Project and select Properties >> VI Server.

    Remote Instrument Control with VISA Server

    Description of Functionality: In addition to communicating with instruments connected to a local machine through the API, it is possible to remotely control instruments that are physicaNI-VISA

    connected to another machine -- using the VISA Server.

    Server Ports: TCP port 3537 (default)

    Are the Ports Configurable?: Yes

    Location of Port Settings: To view and change port settings for the VISA server on a PC, open NI Measurement & Automation Explorer (MAX) software and navigate to Tools >> NI-VISA >> VIS

    Options >> VISA Server.

    FPGA Compile Farms

    Description of Functionality:You can send a LabVIEW FPGA compile job to a single remote computer for compilation, or use a remote bank of computers for site-wide compilation (each comp

    still utilizes only one computer). Remote compilation on one machine can be accomplished by installing LabVIEW FPGA Compile Worker software on that machine, and LabVIEW FPGA Compile

    Server software on either the local or remote machine. Site-wide remote compilation systems can be built using a bank of computers with LabVIEW FPGA Compile Worker software installed, and

    server computer with the LabVIEW FPGA Compile Server and installed.LabVIEW FPGA Compile Farm Toolkit

    Server Ports: TCP port 3580 (same as Web Monitoring and Configuration server)

    Are the Ports Configurable?: No

    Legacy: G Web Server

    Description of Functionality: The is part of the LabVIEW Internet Toolkit, and can be used to provide remote machines with access to CGI applications written in LabVIEW.G Web Server

    Server Ports: TCP port 80 (default)

    Are the Ports Configurable?: Yes

    Location of Port Settings: You can configure the G Web Server using the LabVIEW menu located at Tools >> Internet >> G Web Server Configuration.

    File, Email, Web Page, and Data Communication

    File Transfer (FTP)

    Description of Functionality: are included in the , and enable writing and reading files to and from remote FTP servers.LabVIEW File Transfer Protocol (FTP) VIs LabVIEW Internet Toolkit

    Server Ports: TCP port 20 (used in active mode only), TCP port 21 (used in active and passive mode)

    Are the Ports Configurable?: Yes (defined by the server)

    Location of Port Settings: You can use the FTP VIs in the LabVIEW Internet Toolkit to connect to a remote FTP server -- not to implement the FTP server itself. Ports 20 and 21 are commonly u

    by FTP servers, though this can be changed on the server side, and you can connect to non-standard ports using the LabVIEW VIs. Note that special firewall settings may be needed to support

    active FTP connections; for additional information, please . For passive FTP connections, no firewall adjustments are typically needed to connect to a remote server.follow this link

    Email Communication (SMTP)

    Description of Functionality: LabVIEW contains for sending emails through a remote SMTP server.Simple Mail Transfer Protocol (SMTP) VIs

    Server Ports: TCP port 25

    Are the Ports Configurable?: No

    Location of Port Settings: You can use the SMTP VIs in LabVIEW to connect to a remote SMTP server -- not to implement the SMTP server itself. Port 25 is commonly used by SMTP servers;

    his time the LabVIEW SMTP VIs can not be used to access a non-standard port, or to connect to secure SMTP servers. In most cases, no firewall adjustments should be needed to connect to a

    remote SMTP server.

    Web Page Communication (HTTP)

    Description of Functionality: You can use the to build a Web client that interacts with servers, pages, and Web services. You can add HTTP headers, store cookies, provideHTTP Client VIs

    authentication credentials, and send Web requests using HTTP methods such as POST, GET, PUT, HEAD, and DELETE.

    Server Ports: TCP port 80 (default)

    Are the Ports Configurable?: Yes (defined by server)

    Location of Port Settings: You can use the HTTP Client VIs in LabVIEW to connect to remote Web servers -- not implement the Web server itself. Port 80 is commonly used by Web servers, b

    you can use the HTTP Client VIs to connect to servers on non-standard ports by using a URL with format (http://HOSTNAME:PORT). In most cases, no firewall adjustments should be needed to

    connect to a remote HTTP server.

    Shared Variables and Network Streams

    Description of Functionality: Both (available in LabVIEW, LabWindows/CVI, and Measurement Studio) and (available in LabVIEW 2010 and higheNetwork Shared Variables Network Streams

    can be used to transmit variable data between machines on a network. In practice, Network Shared Variables are optimized for polling variable values from one or more remote systems, while

    Network Streams are optimized for sending a complete stream of data in a lossless manner between one system and another. Because Network Shared Variables and Network Streams both mak

    use of an underlying protocol called Logos, they both use the same network ports.

    Server Ports: UDP port 2343 (default), UDP ports 6000-6010 (default), TCP ports 59110 and above (one port for each application running on the server)

    Are the Ports Configurable?: Yes

    Location of Port Settings: For Network Shared Variables or Network Streams that are hosted on a Windows PC, you can create a LogosXT.ini file to specify a different range of TCP ports to use

    (the UDP ports used are fixed). Follow this link to read about the location and contents of the LogosXT.ini file: . In addition, you canChanging the Default Ports for TCP-Based NI-PSP (Windows)

    configure these ports for Network Shared Variables and Network Streams hosted on LabVIEW Real-Time targets by editing the ni-rt.ini file located in the root FTP directory of the controller. The

    parameters of interest are the LogosXT_PortBase and LogosXT_NumPortsToCheck entries in the file.

    DataSocket (DSTP)

    http://zone.ni.com/devzone/cda/tut/p/id/7350http://zone.ni.com/devzone/cda/tut/p/id/4062http://zone.ni.com/devzone/cda/tut/p/id/4062http://sine.ni.com/psp/app/doc/p/id/psp-411/lang/enhttp://zone.ni.com/devzone/cda/tut/p/id/11573http://zone.ni.com/devzone/cda/tut/p/id/11573http://sine.ni.com/nips/cds/view/p/lang/en/nid/209014http://zone.ni.com/devzone/cda/tut/p/id/7503http://zone.ni.com/reference/en-XX/help/370014E-01/internetftp/ftp_vis/http://sine.ni.com/nips/cds/view/p/lang/en/nid/209053http://www.ncftp.com/ncftpd/doc/misc/ftp_and_firewalls.htmlhttp://zone.ni.com/reference/en-XX/help/371361G-01/lvcomm/email_vis/http://zone.ni.com/reference/en-XX/help/371361G-01/lvcomm/http_client/http://zone.ni.com/devzone/cda/tut/p/id/4679http://zone.ni.com/reference/en-XX/help/371361G-01/lvconcepts/networkstreams/http://zone.ni.com/reference/en-XX/help/371361G-01/lvhowto/createditlogosxt/http://zone.ni.com/devzone/cda/tut/p/id/3224http://zone.ni.com/devzone/cda/tut/p/id/3224http://zone.ni.com/reference/en-XX/help/371361G-01/lvhowto/createditlogosxt/http://zone.ni.com/reference/en-XX/help/371361G-01/lvconcepts/networkstreams/http://zone.ni.com/devzone/cda/tut/p/id/4679http://zone.ni.com/reference/en-XX/help/371361G-01/lvcomm/http_client/http://zone.ni.com/reference/en-XX/help/371361G-01/lvcomm/email_vis/http://www.ncftp.com/ncftpd/doc/misc/ftp_and_firewalls.htmlhttp://sine.ni.com/nips/cds/view/p/lang/en/nid/209053http://zone.ni.com/reference/en-XX/help/370014E-01/internetftp/ftp_vis/http://zone.ni.com/devzone/cda/tut/p/id/7503http://sine.ni.com/nips/cds/view/p/lang/en/nid/209014http://zone.ni.com/devzone/cda/tut/p/id/11573http://zone.ni.com/devzone/cda/tut/p/id/11573http://sine.ni.com/psp/app/doc/p/id/psp-411/lang/enhttp://zone.ni.com/devzone/cda/tut/p/id/4062http://zone.ni.com/devzone/cda/tut/p/id/4062http://zone.ni.com/devzone/cda/tut/p/id/7350
  • 7/27/2019 NI Tutorial 12402 En

    3/43/4 www.ni.c

    Description of Functionality:NI DataSocket VIs can be used to communicate with other applications, files, FTP servers, and Web servers. The specific ports used will depend on the type of ser

    hat you are connecting to. In addition, DataSocket VIs can connect to DataSocket servers that use the DataSocket Transfer Protocol (DSTP).

    Server Ports Used: TCP port 3015 (for DSTP)

    Are the Ports Configurable?: No. You can start the DataSocket server by navigating to Start >> All Programs >> National Instruments >> Datasocket >> DataSocket Server.

    Direct TCP and UDP Communication

    Description of Functionality: Using the and VIs in LabVIEW, you can directly send and receive UDP and TCP communication to and from other machines on a network.UDP TCP

    Protocol and Ports Used: Defined by application code or server

    Is the Port Configurable?: Yes

    Location of Port Settings: The TCP and UDP VIs enable listening on your port of choice, or sending data to another machine on a port number that you specify.

    Time Synchronization (NTP, SNTP)

    Description of Functionality: Certain NI embedded hardware targets have a built-in ability to set their system time based on a network time server (typically a Simple Network Time Protocol, or

    SNTP server). On other hardware targets, example code is available for programatically retrieving a time via NTP or SNTP and setting the system time based on that value.

    Server Ports: TCP port 123 (default)

    Is the Port Configurable?: Yes (defined by server)

    Location of Port Settings: Note that code running on NI hardware targets is typically used to connect to a network time server -- not implement the time server itself. Therefore, the network port

    used will depend on the server that you are connecting to. For CompactRIO targets, you can use the instructions in this reference to configure the server and port to connect to: Configuring

    . If you are using code on another target to connect to a network time server, you can set the server and port to connect to usinCompactRIO Real-Time Controllers to Synchronize to SNTP Servers

    hat code. In most cases, no firewall adjustments should be needed to connect to a remote NTP or SNTP server.

    Device-Specific Port Information

    NI ENET-232 and ENET-485

    Description of Functionality: The and devices enable you to control RS-232 and RS-485 connections remotely via Ethernet.NI ENET-232 NI ENET-485

    Server Ports: TCP port 5225

    Are the Ports Configurable?: No

    NI GPIB-ENET/100 and NI GPIB-ENET/1000

    Description of Functionality: Using , you can control communication with GPIB instruments remotely via Ethernet.NI GPIB-ENET devices

    Server Ports: TCP ports 5000, 5003, 5005, 5010, and 5015

    Are the Ports Configurable?: No

    3. Summary Table (Network Ports and Settings)

    Product or Feature Server Ports

    (default)

    Port Configuration Location

    MAX Hardware Identification UDP 44525 NA

    Web Monitoring and Configuration UDP 5353, TCP 52725, TCP 3580 NA (can enable SSL at http://IP_ADDRESS:5353 via Web

    Server Configuration page)

    LabVIEW Remote Front Panels TCP 8000 (no SSL), TCP 433 (SSL) PC (in LabVIEW ): Tools >> Web Server

    Embedded RT target (in LabVIEW): right click on target inProject >> Properties >> Web Server

    LabVIEW Web Services TCP 8080 http://IP_ADDRESS:5353 then visit Web Server Configurationpage under Application Web Server

    LabVIEW VI Server TCP 3363 PC (in LabVIEW): Tools >> Options >> VI Server

    Embedded RT target (in LabVIEW): right click on target inProject >> Properties >> VI Server

    NI VISA Server TCP 3537 Measurement & Automation Explorer: Tools >> NI-VISA >> V

    Options >> VISA Server

    LabVIEW FPGA Compile Farms (LabVIEW 2010 and later) TCP 3580 NA

    LabVIEW G Web Server TCP 80 LabVIEW: Tools >> Internet >> G Web Server Configuration

    FTP VIs (LabVIEW Internet Toolkit) TCP 20 (active mode), 21 (passive mode) Defined by server, can access non-standard ports using API.

    Email VIs (SMTP) TCP 25 Defined by server, can access non-standard ports usingnot

    API.

    HTTP Client VIs TCP 80 Defined by server, can access non-standard ports using API.

    Network Shared Variables UDP 2343, UDP 6000-6010, TCP 59110 and above (one port

    for each application instance)

    PC: use LogosXT.ini file ( )read this

    Embedded RT target: use ni-rt.ini file in root directory(LogosXT_PortBase and LogosXT_NumPortsToCheck

    entries)

    Network Streams Same as above Same as above

    DataSocket (DSTP) TCP 3015 NA

    LabVIEW TCP and UDP VIs NA Defined by application

    Time Synchronization (NTP, SNTP) TCP 123 Defined by server, can access non-standard ports using API.

    CompactRIO: ( )read this

    NI ENET-232, NI ENET-485 TCP 5225 NA

    http://zone.ni.com/devzone/cda/tut/p/id/3224http://zone.ni.com/devzone/cda/tut/p/id/3224http://zone.ni.com/reference/en-XX/help/371361G-01/lvcomm/udp_vi_descriptions/http://zone.ni.com/reference/en-XX/help/371361G-01/lvcomm/tcp_vi_descriptions/http://digital.ni.com/public.nsf/allkb/F2B057C72B537EA2862572D100646D43http://digital.ni.com/public.nsf/allkb/F2B057C72B537EA2862572D100646D43http://sine.ni.com/nips/cds/view/p/lang/en/nid/12352http://sine.ni.com/nips/cds/view/p/lang/en/nid/12350http://sine.ni.com/nips/cds/view/p/lang/en/nid/12352http://sine.ni.com/nips/cds/view/p/lang/en/nid/209211http://digital.ni.com/public.nsf/allkb/F2B057C72B537EA2862572D100646D43http://digital.ni.com/public.nsf/allkb/F2B057C72B537EA2862572D100646D43http://digital.ni.com/public.nsf/allkb/F2B057C72B537EA2862572D100646D43http://digital.ni.com/public.nsf/allkb/F2B057C72B537EA2862572D100646D43http://sine.ni.com/nips/cds/view/p/lang/en/nid/209211http://sine.ni.com/nips/cds/view/p/lang/en/nid/12352http://sine.ni.com/nips/cds/view/p/lang/en/nid/12350http://digital.ni.com/public.nsf/allkb/F2B057C72B537EA2862572D100646D43http://digital.ni.com/public.nsf/allkb/F2B057C72B537EA2862572D100646D43http://zone.ni.com/reference/en-XX/help/371361G-01/lvcomm/tcp_vi_descriptions/http://zone.ni.com/reference/en-XX/help/371361G-01/lvcomm/udp_vi_descriptions/http://zone.ni.com/devzone/cda/tut/p/id/3224http://zone.ni.com/devzone/cda/tut/p/id/3224
  • 7/27/2019 NI Tutorial 12402 En

    4/44/4 www.ni.c

    NI GPIB-ENET/100, NI GPIB-ENET/1000 TCP 5000, 5003, 5005, 5010, and 5015 NA

    4. Additional Assistance

    If you are experiencing issues with firewalls and NI products, and call or e-mail an Applications Engineer for assistance. You can also ask about any products not mentioned invisit ni.com/support

    his tutorial, and request that they be added for future reference.

    http://www.ni.com/supporthttp://www.ni.com/support