Red Lion G15 HMI with Built in Web Server

Hi
New to the form but have been a lurker for quite a while. Wanted to get other users thoughts and see if there are any reliability issues with the built in web server Red Lion offers with their HMI’s. To give a little back ground these are the main parts I am using:
- G15C0000
- SLX-5ES-1
- SN-6701-GE
As you can see I am using a SN-6701-GE cellular modem. This seems to be quite stable even in an area that does not have the greatest cell reception. I am using a Laird Antenna, TRA6927M3N, and on the Red Lion modem page I see a pretty consistent signal strength of 4 of 5 bars (-116 RSRP). I have no issues in connecting to the modem ever. Its up time is pretty consistent. I also have no issues in connecting through Crimson 3.1 and debugging on line. Uploads to the controller never have an issue either.

My issue is with the web server. I seem to be constantly dropping the web server connection. It might stay up for 3-4 days before failing. The amount of users connecting at any given time would be less than five. I have been told by Red Lion, that there should be no problem with up to 10 users connecting at once. The only way to solve the web server being down is to power cycle the HMI. As this is a remote site, it’s not easily to complete. My end user is also not happy with having to send someone out to the site and not having consistent up time with remote access (web server). I have had this system in use for over a year (also with two different HMI’s) that’s another story but problem has carried over to both HMI’s, so it’s not an isolated issue with one G15.

The web server settings in Crimson are:
TCP-HTTP
Port 1080
Everything else is default under the control tab.

Features Tab
Remote View: Enabled
Remote Control: Enabled
Everything else is default under the remote view section

Custom Site: disabled
System Pages disabled

Security Tab
Authentication: Form
Credentials (Source): Security Manager

IP Restrictions: Do not restrict

Advanced Tab
Nothing enabled here.

My end user is at the end of their rope with the product. I have had four tickets in with Red Lion to try and solve this issue and they can’t seem to nail down the issue. On the current ticket they seem to almost be complete with even helping me anymore.

My end user purchased two of the same setups about 6 months ago. One of the units is in testing stages and will be deployed by the end of August. The other one should follow about a month after. I need to come up with a solution before the 2nd and 3rd unit is deployed or else I could be in for a world of pain constantly troubleshooting 3 web servers.

Thanks for your help.

If there are any know reliability issues, I should also state I am looking into other options for a PLC that offers a built in web server that has the ability for full control. If any other forum members can point me in a good direction that would be really helpful.

Red Lion's webserver is very simply on those classic G3 terminals; the browser just sends HTTP refresh requests as fast as it can. There are no fancy local applets or Java or HTML5, which is one reason that virtually any browser of any age can access them.

But this means that the browser is just hammering the device for updates. I've never seen anyone connect more than one client to them.

Is the Remote Refresh value on the Web Server config screen in Crimson still set to 0 (for fastest update) ? Set it to 1 or 2 seconds and you'll probably see a dramatic reduction in data volume across that modem.

Are you confident that the cellular modem's IP address does not directly face the Internet ? TCP bots would eat up all the available connections in hours or days if all you did was forward Port 80 to the G3. At a bare minimum you should be using the IPSec or OpenVPN to connect to the remote site.

I realize you say you are having problems with the Web-Server, but what you describe really sounds like the modem setting for "Keep-Alive" is not turned on.

damica1 said:

I realize you say you are having problems with the Web-Server, but what you describe really sounds like the modem setting for "Keep-Alive" is not turned on.

Click to expand...

Thanks for your response. My networking knowledge is still being worked on. Is this setting under PPPoE? If so would the username and password be of my connection to my ISP?

I am also still trying to understand how the PPPoE setting would affect the web server. Thanks for your time and help.

Ken Roach said:

Red Lion's webserver is very simply on those classic G3 terminals; the browser just sends HTTP refresh requests as fast as it can. There are no fancy local applets or Java or HTML5, which is one reason that virtually any browser of any age can access them.

But this means that the browser is just hammering the device for updates. I've never seen anyone connect more than one client to them.

Is the Remote Refresh value on the Web Server config screen in Crimson still set to 0 (for fastest update) ? Set it to 1 or 2 seconds and you'll probably see a dramatic reduction in data volume across that modem.

Are you confident that the cellular modem's IP address does not directly face the Internet ? TCP bots would eat up all the available connections in hours or days if all you did was forward Port 80 to the G3. At a bare minimum you should be using the IPSec or OpenVPN to connect to the remote site.

Click to expand...

Hi Ken, thanks for your response. I am using Crimson 3112.000 and not seeing the setting, Remote Refresh Value. I have been through all the Web Server tabs (Control, Features, Security and Advanced) and the associated settings and can't seem to find it.

Regarding the cellular modems IP address, yes it does directly face the internet. If TCP bots did eat up all the connections, would a power cycle of the modem drop all those connections and reestablish the connection to the web server? I will definitely look into IPSec or OpenVPN and see how the customer wants to proceed.

I use a lot of CR3000 HMIs programmed with Crimson 3.1 and connected through VPN routers with a variety of bandwidths. In Crimson Web Server Advanced Tab, I have had to set the Compress Reply option (at the bottom) to Never in order to get consistent images when accessing them with Chrome. Most all the other settings are left at default (except some of them have remote control enabled).

The symptoms you describe are very different, and this setting might cause an increase in data usage.

We use the Stridelinx VPN routers for most of these that are to be accessed over the internet. They're easy to set up and provide extra security plus logging who has accessed them.

No idea if it will help but there is a new version of firmware available, Build 3112.000 (7/17/19)

There is a command called CommitAndReset() in the System Functions that would allow you to force the HMI to automatically reset say every 24 hours. A work-around, but if it sorts the problem it could be worth doing.

OkiePC said:

I use a lot of CR3000 HMIs programmed with Crimson 3.1 and connected through VPN routers with a variety of bandwidths. In Crimson Web Server Advanced Tab, I have had to set the Compress Reply option (at the bottom) to Never in order to get consistent images when accessing them with Chrome. Most all the other settings are left at default (except some of them have remote control enabled).

The symptoms you describe are very different, and this setting might cause an increase in data usage.

We use the Stridelinx VPN routers for most of these that are to be accessed over the internet. They're easy to set up and provide extra security plus logging who has accessed them.

Click to expand...

Thanks OkiePC, I will check out that line of routers.

BryanG said:

No idea if it will help but there is a new version of firmware available, Build 3112.000 (7/17/19)

Click to expand...

Thanks for the tip, I actually updated to it this past Thursday. I have never had an issue with remote downloads, over TCP/IP, before but I have a feeling there is a bug in this firmware version as it can't stop run time. I worked with an employee of Red Lion for over 2 hours on Friday trying to convince him of the issue and finally at the end of the call he admitted there might be a firmware issue. He was sending out the issue internally for further troubleshooting. So if you haven't updated yet, I would wait on it.

Regarding the cellular modems IP address, yes it does directly face the internet. If TCP bots did eat up all the connections, would a power cycle of the modem drop all those connections and reestablish the connection to the web server? I will definitely look into IPSec or OpenVPN and see how the customer wants to proceed.

Click to expand...

Yes. While a power cycle could reset virtually any problem, requiring a power cycle is also consistent with all the TCP connections being consumed.

If you connect *anything* with an open TCP port, especially Port 80, to the Internet and it will fall victim to bots in a few minutes to a few hours.

If you want to prove this to the boss, set up one of those cellular modems with a honeypot appliance: https://trustfoundry.net/honeypi-easy-honeypot-raspberry-pi/

VPN isn't just a security requirement for remote access these days; it's a basic reliability requirement.

I have seen this a lot on Crimson 3.1 with the CR3000 series units but not on graphite.

The question that I have is whether or not all communications stop or is it just the webserver? In my case they symptom was the webserver but in face all comms were lost. The network capture showed no errors, just loss of comms.

You could create a retentive numeric tag and check one of your device connections using IsDeviceOnline(x) every minute or so and just increment the flag value. It might give you some more info as to what's happening.