Keep client out of our network

[tanzer]

Hello all,

first time working with OPC so please have patience with me.
our situation is this: we have our LAN with multiple machines, each running its own OPC server. The client needs to access these machines, but we do not want him to be connected directly to our network. So first thing we tried was a router with NAT, where we forward any given public port to its assigned machine, but that did not work out.

Currently I am trying running a PC with 2 network cards and UaGateway installed (demo version). If i dont get it wrong, this tool allows to group all machines into one server, so the pc would have one network port connected to our LAN, and the other one would be available for the client to connect. It would have its own server, that forwards the informations of the specified servers present in our private lan. Is this correct?

If so, how do I configure it? i spent most of the day trying to figure it out, but without success. and once it is set up, how do i connect the the new server that shares all the machines? is it just like tcp.opc://mypublicNetIP:port? where do I define the properties of this given server?

Thank you very much and sorry for the noob questions, but at the time it is all very blurry for me.

best regards

[tanzer]

here is where I am now:

in UA Endpoints Tab:

- In network Configuration i added the host IP of the pc i am running UAGateway on, with port 48050. and network adapter "all".
- In reverse connect URLs i added one of the machines.
- In security i selected "None"
- in security check overrides i selected "accept all certificates".

server is started. On OPC COM ItemIDs i can see the items of the machine.
I tried to search for the server either from localhost or from another pc in the network using UaExpert, but i am not able to find the server.
What am I missing? as far as I understand it is the serverside that is causing me troubles now. an help is greatly appreciated.

Best regards

[tanzer]

the problem was that i did not select a network card. "Any" did not work for me. selecting a specific card solved the problem.

its working now. thank you

[Support Team]

Hi,

The UaGateway is one way to achieve what you try to do.
1) you could block out all Clients and allow only the ones you "trust" to connect
2) you "aggregate" all the servers into one (the UaGateway) and you put this into DMZ

Note: the reverse connect is similar to "reverse sock proxy" a function build into UaGateway that allows fully close the firewall (all inbound prots closed), but let the Server call outside to the Client for initial connection establishment.

Please be aware that UaGateway has 2 (two) tools for condiguration. The "Administration Tool" is for administrative task, The "Configuration Tool" is for configurative task (like configuring the connection to underlying servers). In best case you should NOT (never) use the security overwrite functions, instead better configure correct certificates in trust store.

There is some documentation, HowTo and quickstart guide you should read, plus some simple video toutorial in the "webinar " section of our download page.