Certain deployments require secured access to the triggers. NiceLabel Automation allows you to enable security measures that grant trigger access only to trustworthy network devices. Security configuration depends on the trigger type. Some of the trigger types allow configuration of security access by design. For all triggers that are based on TCP/IP protocol, you can further define all details within the Windows Firewall.
Configuring Firewall
When using TCP/IP based triggers, such as TCP/IP Server Trigger, HTTP Server Trigger or Web Service Trigger make sure you allow external applications to connect to the triggers. Each trigger runs within NiceLabel Automation service, to which access is governed by Windows Firewall.
Note
By default, the Windows Firewall is configured to allow all inbound connections to the NiceLabel Automation service. This makes it easier for you to configure and test triggers, but can be susceptible to unauthorized access.
If the NiceLabel Automation deployment in your company is a subject to strict security regulations, you must update the firewall rules according to them.
For example:
-
You can fine-tune the firewall to accept incoming traffic from well-known sources only.
-
You can allow inbound data only on pre-defined ports.
-
You can allow connection only from certain users.
-
You can define on which interfaces your will accept incoming connection.
To make changes in the Windows Firewall, open the Windows Firewall with Advanced Security management console from Control Panel > System And Security -> Windows Firewall > Advanced Settings.
Note
If NiceLabel Automation is linked to NiceLabel Control Center products, make sure you enable inbound connection on port 56415/TCP. If you close this port, you won't be able to manage NiceLabel Automation from Control Center.
Allowing Access Based on the File Access Permissions
File trigger executes upon the time-stamp-change event in the monitored file or files. You must place the trigger files in a folder, which the NiceLabel Automation service can access. The user account running the Service must be able to access the files. Simultaneously, access permissions to the location also determine, which user and/or application can save the trigger file. You should set up access permissions in a way that only authorized users can save the files.
Allowing Access Based on the IP Address & Hostname
You can protect access to TCP/IP Server trigger with two lists of IP addresses and host names.
-
The first list 'Allow connections from the following hosts' contains IP addresses or host names of devices that can send data to the trigger. If a device has its IP address listed here, it is allowed to send data to the trigger.
-
The second list 'Deny connections from the following hosts' contains IP addresses or host names of devices that are not allowed to send data. If a device has its IP address listed here, it is not allowed to send data to the trigger.
Allowing Access Based on User names & Passwords
You can protect access to HTTP Server trigger by enabling the user authentication. When enabled, each HTTP request sent to the HTTP Server trigger must include the 'user name & password' combination that matches the defined combination.
Allowing Access Based on Application Group Membership
You can protect access to HTTP Server trigger adding users to an application group in Control Center. With this option enabled, only authenticated members of this group are allowed to access the trigger.