Setting up and configuring the Emerson Smart Firewall > Troubleshooting communication rules

Troubleshoot a communication rule

  1. In the firewall's web UI navigate to the Protection tab and based on the type of rule you are creating select either Inbound connections or Outbound connections.
  2. Click the Add connection button.
  3. Select Custom from the Application drop-down list.
  4. Select the DeltaV workstation and the external workstation that will be communicating.
  5. Select TCP from the Protocol drop-down list.
  6. Enter 1-65534 in the Ports area to allow communications on all ports.
  7. Check Enabled to enable logging and click Apply.
  8. Repeat the above steps and create another rule using UPD as the protocol.
  9. On the Protection tab, Inbound connections and Outbound connections pages, disable logging on any other rules between the DeltaV workstation and the external workstation for which you created the custom rules and click Apply.
    This causes the log to contain only data from the custom rules making it much easier for you to analyze the data.
  10. Exercise a test application on the DeltaV workstation and external computer. Use the application's full functionality including the functions that may not be working correctly. Run the application long enough to create log entries.
  11. Open the log on the syslog server and search for all of the log entries matching the IP addresses of the computers using the application you are troubleshooting.
  12. Compare the ports and protocols in the log with the ports and protocols in the rules you originally created for the application. You can use the Configuration audit page on the Administration tab or the Applications page on the Configuration tab to view the ports and protocol information.
  13. Follow these steps if a port or protocol used by the application is not configured in the original rule:
    1. Navigate to Protection Inbound or Outbound connection and disable the test custom rules you created.
    2. Navigate to DashboardSummary and disconnect any communications that were created by the custom rule.
    3. Create a new rule with the custom application using the missing ports and protocols and test the application to see if it resolves the issue. You may have to create both TCP and UDP rules. If creating a rule with the missing port and protocols resolves the issue, create a new application in the firewall's application list using the revised ports and protocols to allow the application to work. Do not revise the original application as you might need this for future rules. Consider using the word custom in the new application's name (for example OPC:Custom- OPC.NET Client Read/Write for xxxxxxx)
    4. Use the new application to revise the original rule you created for this application.
    5. Delete and disconnect any custom rules that you created.
Related information