Caution: Important recommendations for controler and data protection!
Controller must never, under any circumstances, be accessible from the Internet!
In particular, the programming ports of the controller must not be accessible under any circumstances from the Internet without protection!
The most important port numbers for all runtime systems are listed below.
By default, they are assigned by the system, but they can be modified by means of the configuration.
1740..1743: UDP block drivers in the gateway and runtime system
11740..11743: TCP block drivers in the gateway and runtime system
1217: Gateway for connecting CODESYS to the gateway
8080: CODESYS web server
443: CODESYS web server (SSL) *
* 9090: for BeagleBone
4840: CODESYS OPC UA server
If access from the Internet nevertheless has to be possible, then it is imperative that a secure method for the connection to the PLC is selected.
We recommend the following organizational and technical actions for the system where your applications are running.
- Use additional data link layers for protection, such as a VPN for remote access.
- Install firewall mechanisms.
- Restrict access to authorized people.
- Use high-strength passwords.
- At commissioning, change any existing default passwords and change them on a regular basis.
Use the security features supported by CODESYS and the respective controller, such as encryption of communication with the controller and intentionally restricted user access.