This document describes how to block all services/servers like HTTP, FTP, IPtoUSB,... on an Ewon Cosy+ device.
This can be needed when, for instance, HTTP and FTP servers cannot be used onsite because not matching the onsite security policies.
APPLICABLE PRODUCTS
Ewon : Cosy+
IN THIS ARTICLE
Block HTTP & FTP servers
For this, first make sure your device runs the firmware 23.0s0 or above.
From this version, a new COM parameter is available called "ClosedDevice".
You can access it using the tabular edition of the device web interface.
The ClosedDevice parameter is a bitwise value that allows you to block the access to the web server (HTTP) and or the FTP server on the LAN and VPN IP interfaces. With firmware 23.0s0 the WAN interface is fully protected, so no service is available on this interface.
Here is the table of the possible values :
| Bit Setting | Decimal Value | Description | |
| 0 | 00000000 | 0 | No additional protection (default) |
| 1 | 00000001 | 1 | Close FTP Server on LAN interface |
| 2 | 00000010 | 2 | Close HTTP Server on LAN interface |
| 1 + 2 | 00000011 | 3 | Close FTP and HTTP Servers on LAN interface |
| 5 | 00010000 | 16 | Close FTP server on VPN interface |
| 1 + 5 | 00010001 | 17 | Close FTP server on LAN & VPN interfaces |
| 6 | 00100000 | 32 | Close HTTP server on VPN interface |
| 2 + 6 | 00100010 | 34 | Close HTTP server on LAN & VPN interfaces |
| 5 + 6 | 00110000 | 48 | Close FTP & HTTP servers on VPN interface |
| 1 + 2 + 3 + 4 + 5 + 6 | 00111111 | 63 | Close all protocols on all interfaces |
The HTTP & FTP servers ports blocked by the ClosedDevice parameters are the ones configured in the COM parameters "IpsHttpP1", "IpsHttpP2" and "IpsFtpP"
NOTE : A reboot of the device is required to apply properly the blocking of the selected service.
Block Ebuddy connections
To block the Ebuddy UDP port 1507, you can set the COM parameter "CfgProtoDis" to 1.