It is recommended to use a firewall between the Internet and the MindConnect IoT2040, this is also recommended for communication to the automation network.
In the direction to Automation Network a firewall supporting NAPT (in case of DMZ, see section “List of abbreviations”) or supporting the “Ghost-Mode” is required. Siemens offers many types of Firewalls for fulfilling these requirements.
① Corporate / Office Network with route to the internet or direct internet access, e.g. via a DSL modem
② Production / Machine Network
“Ghost-Mode”, also known as “Transparent Mode”, is used to protect individual, event alternating, devices by dynamically taking over the IP address.
Firewall/Proxy rules for MindConnect IoT2040¶
MindConnect IoT2040 require open HTTPS and DNS ports for communication with Industrial IoT. You can open port 443 to enable this.
To communicate agent only, you will only need the
For region eu2, please add the following port exception to enable the online firmware download: