Remote Connectivity with VPN

Secure virtual private networks (VPN) are secure connections over public networks that allow remote connectivity. Many companies have VPNs for employees to access business systems, email, and typical office functions. If you want to VPN into your Rockwell Automation® Ethernet network, the firewall must be configured to allow that traffic. Rockwell Automation knowledgebase tech note QA54467 defines ports that need to be unblocked.

So, what if your IT department refuses to open the firewall ports so you can connect to your control system? What are your other remote connectivity options? Remote desktop is where you connect your remote PC to a PC connected to the network inside the firewall. These software packages, while free for personal use, do require a subscription or perpetual license for commercial use. Remote desktop is just that. When connected to the remote PC, all the resources must reside on that remote PC. If you want to go online with a Logix controller on Ethernet, the PC must be connected to that network with an activated copy of Studio 5000®.

Cloud-Based Appliances

Many manufacturers make cloud-based VPN appliances to promote remote connectivity. I am very familiar with the Ewon® product, so I will use it as an example. Cloud-based VPNs use an outbound connection on ports 443 or 1194. For port 443, if you do not recognize it, it’s the port to the World Wide Web (WWW) via HTTPS. This is the exact same secure port you might use to sign-in to your online banking portal. Appliances have a connection to a cloud-based server (WAN) and a connection to the local network (LAN). Using the client software, a secure encrypted outbound connection is established.

The Advantages of Remote Connectivity

There are several advantages to using a remote access appliance. First, only a connection to the web is required, as they typically work with existing firewall rules. Second, only the devices connected to the LAN side may be accessed remotely. Lastly, they work with most major brands of control systems. With the Ewon solution, you can also control the remote connectivity from the factory floor using a physical key switch. The switch can be paired with an email or text notification, so both the equipment manufacturer and the end-user are notified that a remote connection is active. Finally, ensure that whatever VPN solution you choose has third-party cybersecurity certifications and has undergone penetration testing. Security by obscurity is not a strategy!

We Can Help You Stay Connected

Your facility requires a unique solution to meet the needs of your business and the employees who support it. Our Automation Specialists are here to help you evaluate your needs and recommend the right technology. Contact us today!

Click Here to Download our FREE ABCs of Industrial Networks eBook!