Recommended steps

After the initial commissioning, we recommend that you pay attention to the following points to further configure the gateway and ensure a stable and secure operating environment.

Only use secure IdentityTokens

The gateway is configured with the activated IdentityToken "Anonymous" in the delivery state. We recommend disabling this IdentityToken so that only authenticated users can connect to the OPC UA server interface of the gateway. You can disable this setting in the configuration of the endpoints of the TwinCAT OPC UA Gateway Configurator.

Configuration of a user group with access rights

You should use the TwinCAT OPC UA Gateway Configurator to define a user group that has access rights to the gateway. Users from this user group can then be specified as IdentityToken when connecting an OPC UA client to the gateway.

Leave insecure endpoints disabled

Endpoints classified as insecure are not offered by the TwinCAT OPC UA Gateway by default. These can be made available in the gateway via a configuration parameter when configuring the endpoints – however, we strongly advise against this and only recommend using the endpoints that are currently considered secure.

Furthermore, the unencrypted endpoint ("None/None") is disabled in the gateway's delivery state and we recommend leaving it disabled. If this needs to be activated for compatibility reasons, this can also be done via the configuration parameters in the configurator.

Disable 'Accept all certificates'

By default, the gateway is configured for easy commissioning so that it automatically trusts all client certificates without having to manually exchange certificates on the gateway side. For security reasons, we recommend disabling this setting. This setting can be disabled via the TwinCAT OPC UA Gateway configurator when configuring the endpoints.