The Windows firewall and a DeltaV workstation

Configure Windows firewall profiles on a DeltaV workstation

Important

Do not enable the Windows firewall profiles for any dedicated DeltaV networks; for example, the DeltaV Primary and Secondary ACNs, DLINK for Redundant Batch, and the Thin Client Primary and Secondary networks. Doing so could disrupt communications between DeltaV nodes.

  1. Login to the Windows desktop as an administrator.
  2. With the Windows firewall service started on the DeltaV workstation, open the Windows firewall utility.
    Note

    These are the only supported paths for accessing the Windows firewall. This ensures that the Windows firewall is configured for the correct store. Do not access the Windows firewall in any other manner.

    StartWindows Administrative ToolsWindows Firewall with Advanced Security

  3. Click the Windows Firewall Properties link.
  4. Important

    Determining which profile you need to enable requires an understanding of each profile's definition, of what the network interface card is used for, and of how the DeltaV computer is using that card. It requires knowledge of what networks connect to that card, and what types of communication by what applications must be permitted on that card (so that the appropriate application rules allowing communication can be applied).

    Turn on the firewall for each profile as needed.

    In this procedure you must also select which network interface card to apply the enabled profile. Do not apply a profile to any of the dedicated DeltaV networks.

    1. Select a profile tab (Domain, Private, Public).
    2. Select On (recommended) for the Firewall state: option.
    3. For Inbound connections, select Block (default).
      Note

      This allows the inbound rules to apply. Do not select Block all connections as it will not apply the inbound rules you enable.

    4. For Outbound connections, select Allow <Default>.
    5. Click the Protected network connections Customize… button.
    6. Deselect all dedicated DeltaV network connections; for example,
      • DeltaV Primary
      • DeltaV Secondary
      • DLink
      • Thin Client Primary
      • Thin Client Secondary
    7. Note

      Networks used to connect to the DeltaV system that are outside of the DeltaV network need to be evaluated for the Windows firewall. If any non-DeltaV traffic is allowed on the network connecting to DeltaV, then enable the Windows firewall on that NIC and use DeltaV Security Administration to select the correct rule to open the necessary ports.

      Select any non-DeltaV network connections where you need to regulate the external traffic coming into the DeltaV system.
    8. On the Windows Firewall with Advanced Security dialog, in the Settings section, click the Customize button.
    9. On the Customize Settings dialog, configure the settings as follows:
      Table: Windows Server
      Profile Display Notification Allow Unicast Response
      Domain Yes No
      Private Yes No
      Public Yes No
      Table: Windows Workstation
      Profile Display Notification Allow Unicast Response
      Domain Yes No
      Private Yes No
      Public No No
    10. Click OK.
  5. Click Apply and continue to another profile. When done with all the profiles, click OK.

    With the Windows firewall enabled, all default Windows firewall rules are applied. The DeltaV rules are in addition to the default Windows firewall rules.

  6. When complete, close the Windows Firewall with Advanced Security window.
  7. Open DeltaV Security Administration to apply the appropriate DeltaV firewall rules to allow necessary communication through the Windows firewall.
  8. Perform this entire task on all DeltaV workstations.
Related information