UA Gateway Client Connection
To setup a new UAG client connection, the following connection parameters must be provided:
• URL Name: The fully qualified Endpoint URL to the server to connect to in the format:
"opc.tcp://<ip or hostname>:<[port>"
• Identity Policy: The method through which the UAG server tries to authenticate with the UA server interface. The options are:
◦ Anonymous: connect as an anonymous user (less secure).
◦ Username Password: connect using username and password (must be supplied to connect).
◦ .X509 Certificate: connect using an X.509 certificate.
• Security Policy: The encryption scheme to secure the communication channel (options are industry standards).
• Message Mode: The encryption scheme to secure the communication channel (None, Sign, Sign & Encrypt).
Once the client connection has been configured, UAG attempts to connect to the server with the URL provided in the URL property.
The Connection Status property indicates the status of the connection as follows:
• Disconnected: A connection has not been established yet or failed
• Connecting: A connection is actively being established
• Connected: The connection was successfully established
 | The X.509 user certificate’s dates and digital signature must be valid, and its public key must be trusted by the UA Gateway’s Server Interface for a successful connection. If the certificate’s common name (name defined in the Subject /”CN= “ field) is configured in the Kepware Server User Manager, that user’s permissions are applied to the session created from the connection. Otherwise, the permissions of the “Anonymous Clients” user group are applied instead {See the Kepware Server help section on User Manager). |
Default Connection to OPC UA Server
The default connection on the client interface uses the default settings of the legacy OPC UA server. These defaults are as follows:
• Identity Policy: Username / Password
• Security Policy: Basic256Sha256
• Message Mode: Sign & Encrypt
• URL: default network adapter and port
When the UA Gateway Application Instance Certificate or the legacy OPC UA Server Application Instance Certificate are updated, the certificate is automatically trusted to ensure the default connection persists.
| | If the settings on the legacy OPC UA server are changed, this connection on the UA Gateway client interface must be updated to match to allow for a successful connection. |
 | Security settings must match those enabled in the legacy OPC UA server. |