Disabling Connections from Unauthorized Nodes

By default, iFIX nodes accept connections from any remote node over TCP/IP, given adequate resources. However, you may want to prevent unknown or unauthorized nodes from obtaining a connection to a SCADA server by entering specific settings into a network initialization file called NETWORK.INI. This file contains a parameter, accept_unknown_host, which controls whether the SCADA server accepts connections from other computers.

When the parameter is set to ON, the SCADA node accepts connections from any computer. However, when the parameter is set to OFF, access is restricted to the View clients you specify. The exact nodes that can access the SCADA server are defined by listing them in the NETWORK.INI file using the following syntax:

hostn=nodename

For example, to provide access for the iClients, View01 and View05, to a remote SCADA server, your NETWORK.INI file on the SCADA server should be:

[TCPIP]
accept_unknown_host=OFF
host1=VIEW01
host2=VIEW05

Later, if you want to restrict access to only View01, you can remove the View05 line from the file. Likewise if you want to provide View04 access to the SCADA server, you can add the following line to the file:

host2=VIEW04

Notice that View04 is given the same host number that View05 had. This is necessary because all host numbers must be consecutive. For example, you cannot define host1 as View01 and host3 as View04 unless host2 is already defined in the file.

To restrict access to a SCADA server:

1. In a text editor, type the following:

[TCPIP]

accept_unknown_host=OFF

2. Add the View clients that can access the local SCADA node.
3. Save the file as NETWORK.INI. Make sure you save the file to the FIX Local path on the SCADA server.

 

See Also

How Do I...