Ads network ports, Ads via gateway, Ads via nat – BECKHOFF IPC-Security User Manual

After the ADS route between both devices has been created, the routing table on Device1 will look as follows:

AMS-NetID

Transport address

Hostname (if applicable)

192.168.1.2.1.1

192.168.1.2

Device2

Similarily, the routing table on Device2 will look as follows:

AMS-NetID

Transport address

Hostname (if applicable)

192.168.1.1.1.1

192.168.1.1

Device1

A.2.2. ADS network ports

This scenario describes how a firewall needs to be configured so that ADS devices can communicate with
each other. Here, a laptop needs to communicate with an Embedded-PC that hosts the TwinCAT Runtime.
The firewall can either be a hardware firewall or a software firewall like the one that is integrated into Microsoft
Windows.

You need to configure the following rules in your firewall to allow ADS communication from the laptop to the
Embedded-PC:

Direction

Port

Protocol

Action

Incoming

48898

TCP

Allow

Incoming

48899

UDP

Allow

A.2.3. ADS via gateway

ADS communication can also be routed via a gateway computer that separates two networks from each
other. In this case, the gateway computer needs to host a set of hierarchical ADS routes, which can either
be configured manually or via the TwinCAT Remote Manager (TwinCAT 2). There are a few important things
to consider when adding the ADS routes. Please see [1] for getting up-to-date information about this topic.

A.2.4. ADS via NAT

ADS communication can also be performed via NAT devices, e.g. a firewall. However, there are a few
important things to consider when adding the ADS routes. Please see [1] for getting up-to-date information
about this topic.

IPC Security

35