Secure the VeriStand Gateway on Windows

Updated Jul 25, 2023



  • VeriStand

Operating System

  • Windows

Users with network access to a Windows target running the VeriStand Gateway can interact with channel values on a deployed system. To prevent non-local host access, it is possible to configure VeriStand and the Windows target to block incoming TCP traffic.

  1. Open VeriStand.  
  2. Click File >> Preferences
  3. In Preferences, click Ports and disable Use dynamic port numbers.
    • Note: By default, VeriStand sets the Gateway Services port to 2039, the Project port to 2041, and the Gateway transfer services port to 2042. The following image displays where you can modify the port numbers. 

Preferences option for setting the port information in VeriStand Gateway

  1. Restart VeriStand.   
  2. Open Windows Defender Firewall. 
    • Note: You can use other network security systems if the target does not have access to Windows Defender Firewall. 
  3. Click Advanced Settings
  4. In Windows Defender Firewall with Advanced Security, right-click Inbound Rules and select New Rule
  5. Use the New Inbound Rule Wizard to create a rule that blocks TCP traffic on ports 2039 and 2041. The following image displays the new rule’s properties. 
    • Note: Do not block the Gateway transfer services port. That port is used to communicate with real-time targets.
A view of the neewly created inbound rule properties showing Protocol Type (TCP), Protocold Number (6) and Local Port (Specific Ports: 2039, 2041) under the
  1. Ensure the firewall is turned on.  

After creating the inbound rule, remote users will not be able to access the VeriStand Gateway to deploy a system definition file or interact with channels. However, the local VeriStand Editor and LabVIEW APIs will continue to function.