UA Gateway Client Connection
The following settings are associated with a UAG client connection to a OPC UA server:
• URL Name: The fully qualified Endpoint URL to the server to connect to in the format:
"opc.tcp://<ip or hostname>:<port>"
• Identity Policy: The method through which the UAG server tries to authenticate with the UA server interface. The options are:
◦ Anonymous: connect as an anonymous user (less secure).
◦ Username Password: connect using username and password (must be supplied to connect).
◦ .X509 Certificate: connect using an X.509 certificate.
• Security Policy: The encryption scheme to secure the communication channel (options are industry standards).
• Message Mode: The encryption scheme to secure the communication channel (None, Sign, Sign & Encrypt).
• Publishing Interval: The cyclic rate, in milliseconds, at which the subscription is requested to return notifications to the client.
• Subscription Lifetime: The number of milliseconds without published data before the subscription is terminated.
• Session Timeout: The number of milliseconds a session remains open without activity.
• Passthrough Enabled: Allow the monitored item notification queue size and the discard policy settings to be passed through from the UA Client to the UA Server.
• Monitored Item Queue Size Override: When Passthrough is disabled, this specifies the requested size of the monitored item queue.
• Discard Policy: When Passthrough is disabled, this specifies the discard policy used when a monitored item queue is full.
Once the client connection has been configured, UAG attempts to connect to the server with the URL provided in the URL setting.
The Connection Status setting indicates the status of the connection as follows:
• Disconnected: A connection has not been established yet or failed
• Connecting: A connection is actively being established
• Connected: The connection was successfully established
 | The X.509 user certificate’s dates and digital signature must be valid, and its public key must be trusted by the UA Gateway’s Server Interface for a successful connection. If the certificate’s common name (name defined in the Subject /”CN= “ field) is configured in the Kepware Server User Manager, that user’s permissions are applied to the session created from the connection. Otherwise, the permissions of the “Anonymous Clients” user group are applied instead {See the Kepware Server help section on User Manager). |
Default Connection to OPC UA Server
The default connection on the client interface uses the default settings of the legacy OPC UA server. These defaults are as follows:
• Identity Policy: Username / Password
• Security Policy: Basic256Sha256
• Message Mode: Sign & Encrypt
• URL: default network adapter and port
When the UA Gateway Application Instance Certificate or the legacy OPC UA Server Application Instance Certificate are updated, the certificate is automatically trusted to ensure the default connection persists.
| | If the settings on the legacy OPC UA server are changed, this connection on the UA Gateway client interface must be updated to match to allow for a successful connection. |
 | Security settings must match those enabled in the legacy OPC UA server. |