With the control you can set up a firewall for the primary network interface, and for a sandbox if needed. You can block incoming network traffic for specific senders and services.
Application
Related topics
- Existing network connection
- SELinux security software
Description of function
The Firewall menu item opens the Firewall settings window. The menu item can be found in the Network/Remote Access group of the Settings application.
If you activate the firewall, the control displays an icon at the bottom right in the taskbar. The control displays the following icons, depending on the security level:
Icon | Meaning |
---|---|
![]() | Firewall protection does not yet exist although it has been activated. Example: A dynamic IP address is used in the network interface configuration, but the DHCP server has not yet assigned an IP address. |
![]() | Firewall active with medium security level. |
![]() | Firewall active with high security level. All services except for SSH are blocked. |
Firewall settings

The Firewall settings window contains the following settings:
Setting | Meaning |
---|---|
Active | Activate or deactivate firewall |
Interface | Select the interface
If a control has two Ethernet interfaces, then by default the DHCP server for the machine network is active for the second interface. With this setting you cannot activate the firewall for eth1 because the firewall and DHCP server mutually exclude each other. |
Report other inhibited packets | Activate the firewall with a high security level All services except for SSH are blocked. |
Inhibit ICMP echo answer | If this check box is selected, the control does not respond to a ping request. |
Service | Brief designation of services configured with the firewall. You can change the settings even if the services are not started.
DNC server using the RPC protocol for external applications that were developed with RemoTools SDK (port 19003) Manual For more detailed information, consult the RemoTools SDK manual. Server with user data and configuration of user administration Functionality for TNCremo, TeleService, and other HEIDENHAIN PC tools (port 19000) Service provided by the OPC UA NC Server (port 4840). Only incoming SMB connections, meaning a Windows share on the control. Outgoing SMB connections are not influenced, meaning a Windows share connected to the control. SecureShell protocol (port 22) for secure LSV2 handling with active user administration; starting with HEROS 504 Access to screen contents. If you block this service, then not even TeleService programs from HEIDENHAIN can access the control. If you block this service, the control displays a warning in the VNC settings window. |
Method | Configure accessibility
In the Computer column you must define the computer for which access is permitted. If you do not define a computer, the control activates Prohibit all. |
Log |
|
Computer | IP address or host name of the computers with access rights. Separated by commas, if there are multiple computers The control converts the host name to an IP address when the control starts. If the IP address changes, you must restart the control or change the setting. The control issues an error message if it cannot convert the host name to an IP address. Only with the Permit some method |
Advanced options | Only for network specialists |
Set standard values | Reset the settings to the default values recommended by HEIDENHAIN |
Notes
- Have your network specialist check and, if necessary, change the standard settings.
- When user administration is active, you can set up only secure network connections via SSH. The control automatically disables the LSV2 connections via the serial interfaces (COM1 and COM2) and the network connections without user identification.
- The firewall does not protect the second network interface eth1. Connect only trustworthy hardware to this interface, and do not use this interface for Internet connections.