How to block all the unused Ewon Flexy/Cosy131 services on the LAN, WAN and/or VPN interface

This document describes how to block all the unused services/servers like HTTP, FTP, IPtoSerial,... on an Ewon Flexy/Cosy131 device.

This can be needed when, for instance, HTTP and FTP servers cannot be used onsite because not matching the onsite security policies.

APPLICABLE PRODUCTS

Ewon : Flexy

Ewon : Cosy131

IN THIS ARTICLE

• Block HTTP & FTP servers
• Block IPtoSerial services
• Block Ebuddy connections
• Block USPIP Service

Block HTTP & FTP servers

For this, first make sure your device runs the firmware 14.9 or above.
From this version, a new COM parameter is available called "ClosedDevice".
You can access it either by using the tabular edition of the device web interface, by a comcfg.txt configuration file pushed via FTP or USB/SD card or through BASIC/JAVA programming.




The ClosedDevice parameter is a bitwise value that allows you to block the access to the web server (HTTP) and or the FTP server on the different Ewon IP interfaces (LAN, WAN & VPN).

Here is the table of the possible values :

The HTTP & FTP servers ports blocked by the ClosedDevice parameters are the ones configured in the COM parameters "IpsHttpP1", "IpsHttpP2" and "IpsFtpP"



NOTE : A reboot of the device is required to apply properly the blocking of the selected service.

Block IPtoSerial services

By default, the IptoSerial (aka Serial gateways) services like ModbusTCP to Modbus RTU, Siemens ISOTCP to MPI,... are opened.
If there are not used and you want to block them on all IP interfaces, just set the respective ports to 0 and reboot your device.
You can access it either through the menu IOServers > Global Settings or via the tabular edition of the device web interface, by a config.txt configuration file pushed via FTP or USB/SD card or through BASIC/JAVA programming

Block Ebuddy connections

To block the Ebuddy UDP port 1507, you can set the COM parameter "CfgProtoDis" to 0