Configuring Software and Hardware Firewalls to Support National Instruments Products

Publish Date: Oct 28, 2013

Overview

National Instruments software packages and embedded hardware targets take advantage of network communication for
application deployment, remote control of applications or instruments, transferring data, accessing and hosting web servers and
services, and more. When using National Instruments network-enabled products with hardware or software firewalls, information
about individual network port access may be needed to permit communication. This tutorial briefly explains the networking settings
associated with performing common tasks using NI products, including the default TCP/UDP ports used and how to reconfigure
these ports (if possible).
Table of Contents

1.
2.
3.
4.

Introduction to Network Ports and Firewalls

Network Ports and Settings Used by National Instruments Products
Summary Table (Network Ports and Settings)
Additional Assistance

1. Introduction to Network Ports and Firewalls

On modern computer systems, network communication including web page traffic, file transfers, emails, and more can be logically
divided into different layers; this is known as the OSI Model. One layer, known as the network layer, is responsible for successfully
routing network traffic, and providing error detection and diagnostic capability. The main network layer protocol used for both local
network and Internet communication is known as Internet Protocol (IP). Another layer, known as the transport layer, is responsible
for providing end-to-end communication services for applications. Two of the most common transport layer protocols are
Transmission Control Protocol (TCP) and User Datagram Protocol (UDP).
In order for a piece of network traffic to reach an application on a remote system, it must contain two key pieces of information: an
address for the computer(s) that should receive the traffic (this is referred to as an IP address when using the IP protocol), and a
destination port number for the application on the remote system(s) that should process the data. The IP address of the computer
transmitting the data or request is also sent along with a source port number used by the originating application. In practice, each
transport layer protocol (e.g. TCP, UDP) allows for up to 65,535 ports that applications can use.
If an application on a given computer is accepting data, or "listening" on a given port, then the potential exists for that application
to receive network data and do something based on that data. In this way, network traffic can affect the operation of a system up
to the extent that an application allows. To reduce the effect that network traffic can have on a computer's operation, both
networking equipment and individual computers may employ filters called firewalls that use a set of rules to allow or block certain
unwanted network traffic (based on IP addresses, ports, or applications that are attempting to send the traffic).
Hardware Firewalls

Hardware firewalls are commonly built into networking equipment (such as routers), and examine each piece of network traffic
(known as packets) as they are received and then re-transmitted. The header of each packet contains information about the
destination IP address, transport layer protocol used, remote port number, and more. Hardware firewalls can filter packets based
on this information and a set of user-defined rules, resulting in certain network packets being allowed and others being dropped
without re-transmission.
Although each individual hardware firewall may be configured differently (or have different default settings), many personal
network routers are set up by default to allow all outgoing traffic and disable all incoming traffic between a local and external
network. All traffic within the local network itself is typically allowed by default, and incoming traffic based on a recent outgoing
request is also typically allowed.
Software Firewalls

In addition to the presence of hardware firewalls on network, individual computers may also run firewall software packages to filter
network communications and protect against the unwanted influence of remote machines. While software firewalls have a similar
objective as hardware firewalls, they use different methods to do this filtering.
To filter packets based on header information (IP address, transport layer protocol, port, etc), software firewalls commonly employ
an intermediate network driver that can accept or reject traffic based on rules before passing it to an application (in the case of
incoming packets) or for outbound transmission. To filter network traffic based on the individual running application, or process,
that is attempting to send or receive data, software firewalls can also intercept software calls between applications and underlying
transport layer protocol drivers. Using this method, for example, certain applications could be denied the opportunity to listen for
data on a specific port, while others could be granted this permission.
Although each software firewall package may be configured differently (or have different default settings), many personal firewall
software packages are set up by default to allow all outgoing port traffic and disable all incoming port traffic. However, these
packages typically also enable incoming port traffic that is expected based on a previous outgoing request. As mentioned
previously, firewall software may also prompt the user to allow or restrict port access for individual applications.
1/6

www.ni.com

2. Network Ports and Settings Used by National Instruments Products

A wide variety of National Instruments products take advantage of network communication to provide different types of
functionality -- from identifying networked hardware targets to providing access to web services created in LabVIEW. Given the
fact that the majority of corporate and personal networks feature a combination of hardware and software firewalls, it is often
necessary to change firewall settings to allow the network traffic needed for a given National Instruments product to function
properly.
The remainder of this document outlines the transport layer protocols and ports that different National Instruments products and
features use, as well as where you can change these ports (if this is possible). Please see the documentation for your hardware or
software firewall for instructions on how to change firewall settings in order to allow the desired traffic. If you are working on a large
network in which you do not have access to change hardware or software firewall settings, please contact your network
administrator and reference this document.
Remember that in most situations it is only necessary to configure your hardware or software firewalls to enable
incoming connections to server ports (for servers running on your local PCs or embedded hardware targets). When
using software firewalls, you may also be prompted to allow individual applications to send or receive data.
Hardware Identification (Measurement & Automation Explorer)

Description of Functionality: NI Measurement & Automation Explorer (MAX) sends broadcast network traffic to poll for all locally
available National Instruments network-enabled devices (such as LabVIEW Real-Time targets).
Server Ports: UDP port 44525
Are the Ports Configurable?: No
Web Servers and Remote Control

Web Monitoring and Configuration of Networked Devices

Description of Functionality: As of the release of LabVIEW 2010, it is possible to monitor and configure many National
Instruments network-enabled devices using a web browser.
Server Ports: UDP port 5353 (used for device detection over mDNS), TCP port 52725 (used for the NI Network Browser utility),
TCP port 3580 (web monitoring and configuration server port)
Are the Ports Configurable?: No
Location of Port Settings: You can not change the web monitoring and configuration server ports. However, you can choose to
enable SSL communication by visiting the web monitoring and configuration page for a given system (http://IP_ADDRESS:5353)
and using the Web Server Configuration page and the settings under System Web Server.
LabVIEW Remote Front Panels
Description of Functionality: Remote Front Panels enable viewing and controlling VI front panels on one PC or embedded target
from another network-connected PC.
Server Ports: TCP port 8000 (default if SSL disabled), TCP port 433 (default of SSL enabled)
Are the Ports Configurable?: Yes
Location of Port Settings: Remote front panel settings for VIs that run on a desktop PC can be configured from the Tools >>
Web Server page under Remote Panel Server and HTTP port. The Remote front panel server can also optionally be configured to
use SSL from the same settings page, and use a separate SSL port. When configuring the remote front panel server for an
embedded hardware target, these same settings are accessible from the LabVIEW project by right clicking on the target and
selecting Properties >> Web Server.
Web Services Created by LabVIEW
Description of Functionality: LabVIEW applications can be made into web services and then accessed from other networked
systems when hosted using the LabVIEW Application Web Server.
Server Ports: TCP port 8080 (default)
Are the Ports Configurable?: Yes
Location of Port Settings: You can change the Application Web Server port used to host LabVIEW web services using the web
monitoring and configuration page for the server machine. This can be accessed by visiting (http://IP_ADDRESS:5353) and then
visiting the Web Server Configuration page and using the settings under Application Web Server. In addition, it is possible to
assign additional ports and optionally use SSL for Application Web Server communication using these settings.
Programmatic Application Control with VI Server
Description of Functionality: VI Server can be used to programmatically control front panel objects, VIs, and LabVIEW on a
given computer from either the local system or a remote machine.
Server Ports: TCP port 3363 (default)
Are the Ports Configurable?: Yes
Location of Port Settings: You can change the VI Server port on a development computer by navigating to the Tools >> Options
2/6

www.ni.com

Location of Port Settings: You can change the VI Server port on a development computer by navigating to the Tools >> Options
>> VI Server menu. To change the VI Server port on an embedded hardware target (e.g. CompactRIO), right click on the target in
the LabVIEW Project and select Properties >> VI Server.
Remote Instrument Control with VISA Server
Description of Functionality: In addition to communicating with instruments connected to a local machine through the NI-VISA
API, it is possible to remotely control instruments that are physically connected to another machine -- using the VISA Server.
Server Ports: TCP port 3537 (default)
Are the Ports Configurable?: Yes
Location of Port Settings: To view and change port settings for the VISA server on a PC, open NI Measurement & Automation
Explorer (MAX) software and navigate to Tools >> NI-VISA >> VISA Options >> VISA Server.
FPGA Compile Farms
Description of Functionality: You can send a LabVIEW FPGA compile job to a single remote computer for compilation, or use a
remote bank of computers for site-wide compilation (each compile still utilizes only one computer). Remote compilation on one
machine can be accomplished by installing LabVIEW FPGA Compile Worker software on that machine, and LabVIEW FPGA
Compile Server software on either the local or remote machine. Site-wide remote compilation systems can be built using a bank of
computers with LabVIEW FPGA Compile Worker software installed, and a server computer with the LabVIEW FPGA Compile
Server and LabVIEW FPGA Compile Farm Toolkit installed.
Server Ports: TCP port 3580 (same as Web Monitoring and Configuration server)
Are the Ports Configurable?: No
Legacy: G Web Server
Description of Functionality: The G Web Server is part of the LabVIEW Internet Toolkit, and can be used to provide remote
machines with access to CGI applications written in LabVIEW.
Server Ports: TCP port 80 (default)
Are the Ports Configurable?: Yes
Location of Port Settings: You can configure the G Web Server using the LabVIEW menu located at Tools >> Internet >> G Web
Server Configuration.
File, Email, Web Page, and Data Communication

File Transfer (FTP)

Description of Functionality: LabVIEW File Transfer Protocol (FTP) VIs are included in the LabVIEW Internet Toolkit, and
enable writing and reading files to and from remote FTP servers.
Server Ports: TCP port 20 (used in active mode only), TCP port 21 (used in active and passive mode)
Are the Ports Configurable?: Yes (defined by the server)
Location of Port Settings: You can use the FTP VIs in the LabVIEW Internet Toolkit to connect to a remote FTP server -- not to
implement the FTP server itself. Ports 20 and 21 are commonly used by FTP servers, though this can be changed on the server
side, and you can connect to non-standard ports using the LabVIEW VIs. Note that special firewall settings may be needed to
support active FTP connections; for additional information, please follow this link. For passive FTP connections, no firewall
adjustments are typically needed to connect to a remote server.
Email Communication (SMTP)
Description of Functionality: LabVIEW contains Simple Mail Transfer Protocol (SMTP) VIs for sending emails through a remote
SMTP server.
Server Ports: TCP port 25
Are the Ports Configurable?: No
Location of Port Settings: You can use the SMTP VIs in LabVIEW to connect to a remote SMTP server -- not to implement the
SMTP server itself. Port 25 is commonly used by SMTP servers; at this time the LabVIEW SMTP VIs can not be used to access a
non-standard port, or to connect to secure SMTP servers. In most cases, no firewall adjustments should be needed to connect to
a remote SMTP server.
Web Page Communication (HTTP)
Description of Functionality: You can use the HTTP Client VIs to build a Web client that interacts with servers, pages, and Web
services. You can add HTTP headers, store cookies, provide authentication credentials, and send Web requests using HTTP
methods such as POST, GET, PUT, HEAD, and DELETE.
Server Ports: TCP port 80 (default)
Are the Ports Configurable?: Yes (defined by server)
Location of Port Settings: You can use the HTTP Client VIs in LabVIEW to connect to remote Web servers -- not implement the
3/6

www.ni.com

Location of Port Settings: You can use the HTTP Client VIs in LabVIEW to connect to remote Web servers -- not implement the
Web server itself. Port 80 is commonly used by Web servers, but you can use the HTTP Client VIs to connect to servers on
non-standard ports by using a URL with format (http://HOSTNAME:PORT). In most cases, no firewall adjustments should be
needed to connect to a remote HTTP server.
Shared Variables and Network Streams
Description of Functionality: Both Network Shared Variables (available in LabVIEW, LabWindows/CVI, and Measurement
Studio) and Network Streams (available in LabVIEW 2010 and higher) can be used to transmit variable data between machines
on a network. In practice, Network Shared Variables are optimized for polling variable values from one or more remote systems,
while Network Streams are optimized for sending a complete stream of data in a lossless manner between one system and
another. Because Network Shared Variables and Network Streams both make use of an underlying protocol called Logos, they
both use the same network ports.
Server Ports: UDP port 2343 (default), UDP ports 6000-6010 (default), TCP ports 59110 and above (one port for each application
running on the server)
Are the Ports Configurable?: Yes
Location of Port Settings: For Network Shared Variables or Network Streams that are hosted on a Windows PC, you can create
a LogosXT.ini file to specify a different range of TCP ports to use (the UDP ports used are fixed). Follow this link to read about the
location and contents of the LogosXT.ini file: Changing the Default Ports for TCP-Based NI-PSP (Windows). In addition, you can
configure these ports for Network Shared Variables and Network Streams hosted on LabVIEW Real-Time targets by editing the
ni-rt.ini file located in the root FTP directory of the controller. The parameters of interest are the LogosXT_PortBase and
LogosXT_NumPortsToCheck entries in the file.
DataSocket (DSTP)
Description of Functionality: NI DataSocket VIs can be used to communicate with other applications, files, FTP servers, and
Web servers. The specific ports used will depend on the type of server that you are connecting to. In addition, DataSocket VIs can
connect to DataSocket servers that use the DataSocket Transfer Protocol (DSTP).
Server Ports Used: TCP port 3015 (for DSTP)
Are the Ports Configurable?: No. You can start the DataSocket server by navigating to Start >> All Programs >> National
Instruments >> Datasocket >> DataSocket Server.
Direct TCP and UDP Communication

Description of Functionality: Using the UDP and TCP VIs in LabVIEW, you can directly send and receive UDP and TCP
communication to and from other machines on a network.
Protocol and Ports Used: Defined by application code or server
Is the Port Configurable?: Yes
Location of Port Settings: The TCP and UDP VIs enable listening on your port of choice, or sending data to another machine on
a port number that you specify.
Time Synchronization (NTP, SNTP)

Description of Functionality: Certain NI embedded hardware targets have a built-in ability to set their system time based on a
network time server (typically a Simple Network Time Protocol, or SNTP server). On other hardware targets, example code is
available for programmatically retrieving a time via NTP or SNTP and setting the system time based on that value.
Server Ports: TCP port 123 (default)
Is the Port Configurable?: Yes (defined by server)
Location of Port Settings: Note that code running on NI hardware targets is typically used to connect to a network time server -not implement the time server itself. Therefore, the network port used will depend on the server that you are connecting to. For
CompactRIO targets, you can use the instructions in this reference to configure the server and port to connect to: Configuring
CompactRIO Real-Time Controllers to Synchronize to SNTP Servers. If you are using code on another target to connect to a
network time server, you can set the server and port to connect to using that code. In most cases, no firewall adjustments should
be needed to connect to a remote NTP or SNTP server.
Device-Specific Port Information

NI ENET-232 and ENET-485

Description of Functionality: The NI ENET-232 and NI ENET-485 devices enable you to control RS-232 and RS-485
connections remotely via Ethernet.
Server Ports: TCP port 5225
Are the Ports Configurable?: No
NI GPIB-ENET/100 and NI GPIB-ENET/1000
Description of Functionality: Using NI GPIB-ENET devices, you can control communication with GPIB instruments remotely via
4/6

www.ni.com

Description of Functionality: Using NI GPIB-ENET devices, you can control communication with GPIB instruments remotely via
Ethernet.
Server Ports: TCP ports 5000, 5003, 5005, 5010, and 5015
Are the Ports Configurable?: No
3. Summary Table (Network Ports and Settings)

Product or Feature

Server Ports
(default)

Port Configuration Location

MAX Hardware Identification

UDP 44525

NA

Web Monitoring and Configuration

UDP 5353, TCP 52725, TCP 3580

NA (can enable SSL at

http://IP_ADDRESS:5353 via Web Server
Configuration page)

LabVIEW Remote Front Panels

TCP 8000 (no SSL), TCP 433 (SSL)

LabVIEW Web Services

TCP 8080

LabVIEW VI Server

TCP 3363

NI VISA Server

TCP 3537

Measurement & Automation Explorer:

Tools >> NI-VISA >> VISA Options >>
VISA Server

LabVIEW FPGA Compile Farms

(LabVIEW 2010 and later)

TCP 3580

NA

LabVIEW G Web Server

TCP 80

LabVIEW: Tools >> Internet >> G Web

Server Configuration

FTP VIs (LabVIEW Internet Toolkit)

TCP 20 (active mode), 21 (passive

mode)

Defined by server, can access

non-standard ports using API.

Email VIs (SMTP)

TCP 25

Defined by server, can not access

non-standard ports using API.

HTTP Client VIs

TCP 80

Defined by server, can access

non-standard ports using API.

Network Shared Variables

UDP 2343, UDP 6000-6010, TCP 59110

and above (one port for each application
instance)

Network Streams

Same as above

Same as above

DataSocket (DSTP)

TCP 3015

NA

LabVIEW TCP and UDP VIs

NA

Defined by application

Time Synchronization (NTP, SNTP)

TCP 123

Defined by server, can access

non-standard ports using API.

PC (in LabVIEW ): Tools >> Web

Server
Embedded RT target (in LabVIEW):
right click on target in Project >>
Properties >> Web Server
http://IP_ADDRESS:5353 then visit Web
Server Configuration page under
Application Web Server
PC (in LabVIEW): Tools >> Options >>
VI Server
Embedded RT target (in LabVIEW):
right click on target in Project >>
Properties >> VI Server

PC: use LogosXT.ini file (read this)

Embedded RT target: use ni-rt.ini file in
root directory (LogosXT_PortBase and
LogosXT_NumPortsToCheck entries)

CompactRIO: (read this)

5/6

www.ni.com

NI ENET-232, NI ENET-485

TCP 5225

NA

NI GPIB-ENET/100, NI GPIB-ENET/1000 TCP 5000, 5003, 5005, 5010, and 5015

NA

4. Additional Assistance

If you are experiencing issues with firewalls and NI products, visit ni.com/support and call or e-mail an Applications Engineer for
assistance. You can also ask about any products not mentioned in this tutorial, and request that they be added for future
reference.

6/6

www.ni.com