PI Firewall database

PI Firewalls allow you to block connections from certain addresses. If a PI Firewall exists, it takes precedence over a trust; that is, before an application can connect to Data Archive, it must first pass the PI Firewall before it attempts a trust logon. Data Archive recognizes modifications to PI Firewalls within 15 minutes, or upon restarting Data Archive, whichever comes first.

When you add a PI Firewall you are adding an entry to the PI Firewall database, which is maintained by the PI Net Manager subsystem. The process manages all connections to Data Archive, including subsystem connections and TCP/IP applications. When Data Archive receives an incoming connection, pinetmgr first checks the PI Firewall Database for partial or complete IP host names or addresses.

Use the PI Firewall to allow or disallow connections from designated workstations or subnets. If there is no entry in the PI Firewall database that would allow an incoming connection, the connection will be terminated immediately.

Requests from the local host, that is, the same computer on which pinetmgr is running, are always allowed. So, in effect, the firewall does not apply to the local host.