Configuring Whitelist/Blacklist Settings
For increased security, you can only configure these settings when logged into the gateway locally. See Logging In at the Job Site.
For an overview, watch the video below (until the 2:53 mark). For details, consult the following written information.
Know Before Beginning
Caution: Deleting any of the default listings is not recommended. Deleting the wrong listing could result in loss of communication with the gateway.
For both Ethernet ports, the default setting for Whitelist/Blacklist Network Area Type is LAN. A LAN (Local Area Network) is generally not publicly accessible on the Internet. A WAN (Wide Area Network) generally is.
The whitelist contains addresses that are always allowed inbound access, and the blacklist contains addresses that are never allowed inbound access. The whitelist and blacklist apply only to unsolicited inbound requests. Outbound messages have no blocks.
Addresses and ports can be added to the whitelist. For BACnet, the UDP port for traffic may need to be added to the UDP Port (Whitelist) section if it is not already in the list.
For remote access into a gateway via VPN, the VPN subnet might need to be added to the LAN whitelist. Add a subnet as a range of addresses, not a single address.
For IP addresses, enter an address or a range, with the range defined with the subnet mask length using CIDR (Classless Inter-Domain Routing) notation. (For example, enter the base address, followed by a slash, and then the subnet mask length as the number of most significant bits of the IP address, such as 192.168.0.0/16.)
Adding an IP Address to a Whitelist or Blacklist
-
Select the IP Address box that is below Whitelist IP or Blacklist IP for the network type (LAN or WAN) that you want to add the address to.
-
Enter the IP address.
Note: To enter a range of IP addresses, define the range with the subnet mask length using CIDR notation. (For example, enter the base address, followed by a slash, and then the subnet mask length as the number of most significant bits of the IP address, such as 192.168.0.0/16.)
-
Select Add.
-
Select Save.