Windows Firewall Configuration for ConnextDDS

5 posts / 0 new
Last post
Tao
Offline
Last seen: 1 month 1 week ago
Joined: 01/13/2022
Posts: 8
Windows Firewall Configuration for ConnextDDS

I wonder is there any guideline on how to configure Windows firewall to allow DDS go through the network? Any port to open, and IP to allow, and process to have access?

When I completely disable Windows Firewall it works, but this is obviously not the most secured approach... 

 

r
Offline
Last seen: 2 weeks 4 days ago
Joined: 06/17/2019
Posts: 42

Connext DDS uses the ports specified in the DDS specification. Assuming you're using the included UDP transport, we have a excell spreadsheet that calculates the ports used (based on domain name and participant ID) here: https://community.rti.com/filedepot?cid=11&fid=14

These ports can be changed to use non-standard port numbers, but it is not recommended and would break interoperability unless you change the ports on all participants that need to communicate. 

You likely only have to open ports on one side, but then discovery will likely take longer (since you'll have to wait for another DP to contact the non-firewalled DP first to communicate). 
The TCP transport can utilize a single port for discovery and payload traffic I believe (but you lose multicast and will likely increase latency, especially for best-effort communication flows)
One last thing we sometimes see is customers utilizing domain tags and condensing all participants into using a single domain to limit UDP port usage. Domain tags can be utilized as "psudo domains" in a way to prevent communication between different participants that have different tags. However they are not as flexible as partitions. 

Howard's picture
Offline
Last seen: 3 hours 22 min ago
Joined: 11/29/2012
Posts: 434

In addition to the info by Ross above, DDS will usually work through the Windows firewall if the network connection type is "private" or "domain".  If the network connection is "public", then the firewall restrictions prevent DDS from discovering DDS apps outside the host.  If you can change your network connection type to "private" or "domain" (requires you to have a domain to login to), DDS may work without having to reconfigure your firewall to open up ports used by DDS.

Tao
Offline
Last seen: 1 month 1 week ago
Joined: 01/13/2022
Posts: 8

Thanks a lot Ross and Howard, I set the network it solved the issue!

Based on this post to set the network.

https://docs.microsoft.com/en-us/answers/questions/73866/how-to-change-network-settings-from-public-to-priv.html

Howard's picture
Offline
Last seen: 3 hours 22 min ago
Joined: 11/29/2012
Posts: 434

Thanks for posting the link!