Windows Firewall

We recommend that you install an endpoint firewall as part of your security model. For a short duration inside a known controlled environment, you should enable the firewall for 'review' or 'learning' mode (or the mode specific to the vendor firewall that allows automatic rule creations). This will allow the vendor firewall to generate the necessary rule set based on actual activity. You can then evaluate this (depending on the firewall vendor) and incorporate it into a general policy for deployment.

Windows Firewall comes as a standard feature that can be enabled and configured to provide an effective extra level of defense within a network from outside attack. You can pre-configure known protocols, ports, sources and destinations within the domain security policy and then implement these throughout the network (see Use Secure Web Ports with a Trusted SSL Certificate (Geo SCADA Expert), and see Virtual ViewX Security).

You will need to configure non-domain based systems manually. You can implement this process using installation scripts. Alternatively, using a third-party endpoint firewall with a central management console might prove more efficient.

If you intend using a different third-party endpoint protection, we recommended that you disable the Windows Firewall to prevent any possible conflict.

The Geo SCADA Expert installer configures firewall rules for many of the applications that it installs (see Geo SCADA Expert Prerequisite Components).

Windows Firewall has 3 different 'profile' types: Private, Domain and Public.

For each Geo SCADA Expert application, the installer adds three Windows Firewall rules - one for Private, one for Domain, and one for Public. Private and Domain are enabled. Public is disabled.

If you want to use Telnet for monitoring channel communications on a remote client, you will have to add a new firewall rule manually (rather than edit the rules during installation of Geo SCADA Expert).