Please ensure Javascript is enabled for purposes of website accessibility
Powered by Zoomin Software. For more details please contactZoomin

AVEVA™ Operations Management Interface

TABLE OF CONTENTS

About security allowlists

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
  • Last UpdatedDec 09, 2024
  • 2 minute read

You can configure two types of allowlists:

  • End-user Address and Range

  • Target Host Address and Range

The target host allowlist is enabled by default, while the client allowlist is disabled by default. When a allowlist is enabled, a list of IP addresses must be specified.

To enable a type of allowlist, change the enabled setting from "false" to "true". For example:

<add key="ClientWhitelistByIPAddressesEnabled" value="false"/>

<add key="ClientWhitelistByIPAddressesEnabled" value="true"/>

Note: The enabled setting is set to "true" by default for InTouch Access Anywhere.

Addresses are entered in the standard format, for example 10.2.88.1, and are separated by semicolons (;).

Address ranges are defined using a lower IP, the character "-", and the upper IP. For example: 10.2.88.1-10.2.88.5

The IP addresses of each Access Anywhere Server must be configured in the EricomSecureGateway.Config file, or you will be prompted with the below error message:

Target Host Error Message

Note: This is an example IP address. This value will be associated with the InTouch Access Anywhere host you are trying to connect to.

The values below provide an example for how each type of allowlist would be configured in the EricomSecureGateway.exe.config file:

  • End-user Address and Range:

    <add key="ClientWhitelistAllowedIPv4Addresses" value="10.2.88.1-10.2.88.5;10.2.88.10" />

    The IP Address of each client node is included.

  • Target Host Address and Range

    <add key="TargetHostWhitelistAllowedIPv4Addresses" value="15.1.1.1;15.1.1.2" />

    The IP Address of each InTouch Access Anywhere Server(s) connecting through the Gateway.

The following diagram illustrates an example allowlist security configuration for clients, the Gateway, and the Access Anywhere Server. The IP addresses of all allowlisted clients are represented.

Allowlist Security Diagram

The list of all the configuration options is:

<Visitor>

<add key="HandshakeTimeoutSeconds" value="60" />

<add key="ClientWhitelistByIPAddressesEnabled" value="false" />

<add key="ClientWhitelistAllowedIPv4Addresses" value="" />

<add key="ClientWhitelistAllowedIPv6Addresses" value="" />

<add key="TargetHostWhitelistByIPAddressesEnabled" value="false" />

<add key="TargetHostWhitelistAllowedIPv4Addresses" value="" />

<add key="TargetHostWhitelistAllowedIPv6Addresses" value="" />

</Visitor>

<Admin>

<add key="InactivityTimeoutMinutes" value="5" />

<add key="WhitelistByIPAddressesEnabled" value="true" />

<add key="WhitelistAllowedIPv4Addresses" value="" />

<add key="WhitelistAllowedIPv6Addresses" value="" />

</Admin>

Note: ClientWhitelistByIPAddressesEnabled and the Admin allowlist settings existed in previous versions as "LockdownAllowed****Addresses, if these settings are currently configured, simply copy the parameters to the new values.

TitleResults for “How to create a CRG?”Also Available in