NX100 Pre-installation Manual Planning control/monitor connectionsIssue 3.2 2017-03-31 Page 8-13Web based controlAn Ethernet port is available on the SBC’s motherboard (A1U1) on the back of the control cabinet’sfront door. This port allows a user with proper authentication to remotely control and interrogate theNX100’s operational status. Most functionality available on the front panel AUI is available remotely,provided the user has been granted proper authorization (refer to the NX100 Operations andMaintenance Manual for details on setting user permissions). Nautel recommends you use shieldedCat5 cable or better to make this connection.Remote AccessThe only access to the AUI is through the LAN connector on the control/interface PWB (A4).For security purposes, Nautel recommends you place your transmitter behind a router acting as afirewall. To allow remote AUI access to a transmitter behind a firewall, the firewall must allow TCPtraffic through the following ports:• TCP port 80: required to allow the web browser operating on the remote computer to accessthe web server operating on the transmitter.• TCP port 3501: used for regular AUI-to-transmitter communication. Also used to perform asecurity check to allow the remote web browser to access AUI content from the transmitter’sweb server.• TCP ports 161 and 162: Used for SNMP Agents and Traps, respectively.For security purposes, Nautel recommends you block the following port:• TCP port 22: block during normal operation; when required, may be used to allow SecureShell (SSH) programs such as PuTTY, etc. to access the transmitter.Once your transmitter is isolated behind a firewall, there are a variety of standard networkmanagement techniques that can be used to establish a connection, including routing tables and avirtual private network (VPN).Detailed information about network management is beyond the scope of this manual. Selecting aspecific technique may depend on your existing network configuration. Nautel recommends that theplanning, implementation and ongoing support of a network that includes a transmitter be performedby a team that includes at least one member with suitable knowledge of network management.NOTE: If you have more than one transmitter on the same LAN, you will need to use port forwardingto allow access to individual transmitters on the network.