Networks
      Back to home
      1. Knowledge Base
      2. Networks

      Computer and network security settings

      Kahler Automation systems use a variety of components that use a network to communicate. Computer and network security settings can sometimes interfere with this communication.

      Common Causes

      • Firewall configuration
      • Managed switch configuration

      Solution In-Depth

      This article describes several technologies that must be permitted on computers and networks to ensure the proper operation of the Kahler Automation system.

      Tip: Enabling the use of the technologies described in this article may require involving your company's IT professionals.

      Internet Information Services

      Internet Information Services (IIS) is an optional Windows component that is used by applications like Terminal Management and integrations with third-party systems (ERP, accounting, agronomy, etc.).

      IIS is typically installed on a computer that has been designated as the server.

      Note: IIS is typically configured to accept connections on TCP port 80.

      If the server computer is equipped with a firewall, an exception must be made to allow incoming requests on this port. Likewise, any network infrastructure between the server computer and clients that need access to applications hosted on the server must be configured to allow network traffic on this port.

      Microsoft SQL Server

      Microsoft SQL Server is a database technology used by applications like Terminal Management, Plant Supervisor, Self-Serve and others to store information.

      Microsoft SQL Server is typically installed on a computer that has been designated as the server.

      Note: Microsoft SQL Server accepts connections on TCP port 1433.

      If the server computer is equipped with a firewall, an exception must be made to allow incoming requests on this port.

      Likewise, any network infrastructure between the server computer and clients that need access to the database hosted on the server (such as Plant Supervisor and Self-Serve) must be configured to allow network traffic on this port.

      E-Mail

      E-mail is a common communication technology used to deliver tickets, reports, and alerts. Terminal Management TMX handles sending e-mail from applications like Plant Supervisor PSX, Self-Serve, and others. 

      Terminal Management TMX can be configured to connect with SMTP, or SMTP over SSL, e-mail servers to send out e-mail. 

      Note: SMTP commonly uses TCP port 25. SMTP over SSL commonly uses TCP port 587. Refer to your e-mail provider for the specific details of connecting to the server.

      If a computer used to run a Terminal Management TMX is equipped with a firewall, an exception must be made to allow outgoing requests on the ports used for SMTP or SMTP over SSL connections. 

      RFID Readers

      RFID readers are used to read out the RFID tags used to identify transports. The use of RFID readers allows for automated data entry in connected software.

      Note: the Intermec IF2 RFID reader uses TCP Port 2189. The Impinj RFID reader used TCP port 5084. the Alien RFID reader used TCP Port 23.

      Note: RFID Comm Server used TCP Port 2188.

       

      If a computer used to run the RFID Communication Server software is equipped with a firewall, an exception must be made to allow outgoing requests on the ports used by the connected RFID reader. 

      Digital signature pads

      Digital signature pads are used to electronically capture driver signatures. Ethernet connectivity is used when the signature pad cannot be located near the computer running an application that communicates with a signature, like Plant Supervisor or Self-Serve.

      Note: The Topaz serial-to-Ethernet gateway used with signature pads operates on TCP port 771. The Digi serial-to-Ethernet gateway used with signature pads operates on TCP ports 23, 443, 513, 514, 515, 4000 and UDP ports 2362, 2363.

      If the computer running an application that communicates with a signature pad is equipped with a firewall, an exception must be made to allow communication on the ports used by the serial-to-Ethernet gateway used with the signature pad.

      Likewise, any network infrastructure between the computer and the signature pad must be configured to allow network traffic on those ports.

      Controllers & PLC

      Kahler Automation uses a variety of controllers to control and monitor the physical components that are a part of a system. These controllers use a variety of protocols to communicate with each other and software running on computers.

      MODBUS

      Applications (like Plant Supervisor and Self-Serve) use the MODBUS protocol to communicate with controllers. There are two forms of the MODBUS protocol supported by these applications: encapsulated MODBUS and MODBUS/TCP. MODBUS/TCP is also used to communicate between controllers and instrumentation.

      Note: Encapsulated MODBUS operates on TCP port 2000.

      Note: MODBUS/TCP operates on TCP port 502.

      Note: Firmware updates for KA-2000 units uses TCP Port 69.

      If a computer used to run an application like Plant Supervisor or Self-Serve is equipped with a firewall, an exception must be made to allow outgoing requests on the ports used for MODBUS communication.

      If the server computer used to host the KA-2025 Panel Server is equipped with a firewall, an exception must be made to allow incoming requested on the port used by MODBUS/TCP.

      Likewise, any network infrastructure between these computers, controllers and instrumentation must be configured to allow network traffic on these ports.

      Ethernet/IP

      Controllers, human/machine interfaces (HMI) and instrumentation often use the Ethernet/IP protocol (not to be confused with TCP/IP) to communicate.

      Note: Ethernet/IP operates on TCP port 44818 and UDP port 2222.

      If a computer used to run an HMI is equipped with a firewall, an exception must be made to allow the ports used for Ethernet/IP communication.

      Likewise, any network infrastructure between these computers, controllers and instrumentation must be configured to allow network traffic on these ports.

      Updates

      PLCs (Programmable Logic Controllers) may be updated remotely if required. these updates are often site specific and may require a VPN connection for a Kahler Technician to preform.

      Note: Directsoft uses TCP Port 28784.

      Message Boards

      Message Boards are used to provide directions to drivers on some sites. Message boards are controlled by MessageBoardWebServices.

      Kahler Automation commonly uses  Electro-Matic Visual Fusion Series LED message boards.

      Note: Message Boards use TCP Port 9520.

      Aiphone

      Aiphone's IX Series is used for intercom systems, commonly connecting operator stations to Intercom units that drivers may use for assistance or confirmation prior to entering a bay.

      IX Series Intercom systems commonly use panel units mounted on poles that drivers can reach without exiting their truck cabs. These intercom units contain a camera and an attached loudspeaker, allowing the operator to view who they are speaking with and ensuring they can be heard over the engine.

      IX Series desk phones used by operators connect to the intercoms and have a screen to view the camera feed.

      Note: IX Series uses SIP Protocol on TCP Port 5060. IX Series uses NTP Protocol on port 123. IX Series default to TCP Ports between 30000 and 31000 for Video. IX Series default to TCP Ports between 20000 and 21000 for Audio.

      KaCameraWebService

      Sites may use KaCameraWebService to view the video feed from cameras placed on the facility.

      KaCameraWebService is designed to work with Panasonic brand cameras.

      Note: KaCameraWebService uses TCP Port 80.

      Microcom 814M printer

      Built into the 573350 Remote printer panel, the Microcom 814M printer can be used in outdoor enviroments. Commonly seen installed for use with exit scales or Self Serve 2

      Note: Microcom 814M printer uses TCP Port 80 for web configuration. Microcom 814M printers uses TCP Port 9100 for printing.

      Note: Microcom 814M printer uses TCP Port 80 for web configuration. Microcom 814M printers uses TCP Port 9100 for printing.

      Interfaces with third-party systems

      Many Kahler Automation systems are designed to exchange information (orders, tickets, etc.) with one or more third-party systems. The Kahler Automation software that enables these integrations is typically installed on a computer that has been designated as a server.

      File Shares

      Several integrations use files to exchange information. The location where files are exchanged is typically on a file share that is hosted on another computer. The technology used to host the file share is typically determined by the third-party system, but may include Windows file shares (CIFS or SMB) and, less often, FTP or SFTP.

      Note: CIFS and SMB operate on TCP ports 139, 445 and UDP ports 137, 138.

      Note: FTP operates on TCP Port 21. SFTP operates on TCP Port 22.

      If the server computer that is used to run the Kahler Automation interface software is equipped with a firewall, an exception must be made to allow applications on the computer to access the file shares.

      Likewise, any network infrastructure between the server computer and the computer that is hosting the file share must be configured to allow network traffic on these ports.

      Web services

      Several integrations use web services to exchange information. The server that hosts the web service is often outside the local network (i.e., available via the internet). These web services are typically based on the HTTP and HTTPS protocols.

      Note: HTTP operates on TCP port 80 and occasionally TCP port 8080.

      Note: HTTPS operates on TCP port 443.

      If the server computer that is used to run the Kahler Automation interface software is equipped with a firewall, an exception must be made to allow applications on the computer to access the web service.

      Likewise, any network infrastructure between the server computer and the computer that is hosting the web service must be configured to allow network traffic on these ports.

      Since web services use the same protocol used by web browsers to access web page information, it is possible that a security proxy is setup that will prevent access to a web service. The address of the web service may need to be added to the security proxy's list of allowed sites.

      LoadPass Scanner

      LoadPass makes use of IP connected scanners to allow driver check-in on site by scanning their phone. Scanners connect back to the Terminal Management TMX Server.

      Note: Scanners operate on TCP Ports 2001,2101, and 2601.

      VNC

      VNC is used on site to provide local access to HMI Devices, TSA Panels, and other equipment on site.

      Note: VNC standard uses TCP Port 5900+.

      Still Need Help?

      Submit an online web ticket or call us at Kahler Automation 507-235-6648 Option 2.