Secure firewall for OPC Classic

Tuesday, July 28, 2015 @ 01:07 PM gHale

A new license for Phoenix Contact’s FL mGuard security devices can protect OPC Classic applications.

Traditional firewalls do not offer protection for this protocol, but now users of mGuard firmware version 8.1 and beyond can upgrade to the OPC inspector license.

The OPC inspector firmware looks into the transmitted data packets, analyzing and modifying them as necessary.

The OPC inspector dynamically creates firewall rules matching the ports and directions used by OPC traffic. It identifies and blocks all non-OPC traffic. It also permits the use of network address translation (NAT) procedures, such as masquerading or 1:1 NAT routing.

The OPC Classic communication protocol sees wide use in the automation industry. Instead of using fixed TCP port numbers, OPC Classic negotiates new port numbers within the first open connection. This means that intermediary firewalls can only see action with wide-open rules, greatly reducing the security and protection they provide. The mGuard OPC Inspector license counters this problem by using a deep-packet inspection for OPC Classic.