Chromeleon and Windows Firewall (from WinXP SP2 on)

Starting with Windows XP SP2, Microsoft introduced a firewall. To operate Chromeleon with this firewall, you may have to define exceptions.

Windows XP (SP2 and later)

Programs that are added automatically to the exception list

During installation, the following programs are automatically added to the firewall exceptions list:

Program	Details
CMServer.exe	Required if the Chromeleon Server is running on the system and the system will be accessed remotely (i.e., from another system on the network) by either the Chromeleon Client or the Chromeleon Server Configuration program.
CmDDKHost.exe	Required for controlling the following devices: Agilent: GC 7890 (also see explanation in section "Firewall Settings for TCP/IP ports".) Thermo Scientific: Accela Autosampler Surveyor (Plus) Autosampler
CMDriver.exe	Required if the Chromeleon Server is running on the system and the system will be used for any of the following: Data acquisition with a Varian CP-3800 GC Installation of a Dionex P680, UCI-100, UVD 340U, or UVD 170U via a LAN connection (Browse button on the General tab page in the Chromeleon Server Configuration program) Firmware updates for Dionex devices (P680, UCI-100, UVD 340U, UVD 170U) that are connected to the Chromeleon Server via a LAN
PDAManager.exe	Required for controlling the Thermo Scientific Accela PDA 80 Hz detector.

Programs that have to be added manually to the exception list

Program	Details
Dhcp4nt.exe	Required if a BootP Server is running on the system and the system is connected to an Agilent HP 1100 HPLC System, Agilent 6890 GC, or Agilent 6850 GC via a LAN.
CmLicSrv.exe	Required if a Chromeleon License Server is running on the system and the system provides licenses to other systems connected via a LAN. Note: Under Windows Server 2008, you must also add the rule "COM + Network". To do so, select the respective check box on the Exceptions tab page.
CMIPUtil.exe	Required if the system is used to assign IP addresses to Dionex modules.
CMOTAgent.exe	Required in order to use the Online Transfer Agent.

To add a program to the exception list under Windows XP:

Click Start > Control Panel > Windows Firewall.
On the Exceptions tab page, click Add Program.
Add the program(s) listed above, using the Browse button.

Firewall Settings for TCP/IP Ports (Agilent GC 7890 and Waters Acquity System)

To allow the TCP/IP port(s) configured for the Agilent GC 7890 and Waters Acquity system to traverse the Windows firewall, you must add the selected ports to the exceptions list.

Click Start > Control Panel > Windows Firewall.
On the Exceptions tab page, click Add Port.
In the Add Port dialog box, enter a name for the exception (e.g. GC7890FrontDetector) and a number of the port to be opened. Then select TCP.

Agilent GC 7890: For the port used for each individual detector, refer to the instrument configuration in the Chromeleon Server Configuration. (On the Front (Back) Detector tab page, click Signal. On the Signal Configuration dialog page, refer to TCP Port option for the port number of the detector.)

Waters Acquity: Name: DCOM Port, Port number: 135; Protocol: TCP;
(Agilent GC 7890 only) Repeat steps 1 to 3 for each detector that is connected to the GC (you can connect a maximum of four detectors to the GC 7890).

Windows Vista and Windows 7

Network Configuration under Windows Vista and Windows 7

During installation of Chromeleon on a Windows Vista or Windows 7 operating system (32/64 bit), all required Chromeleon applications are added to the exceptions list and the corresponding rules are generated automatically to allow network communication for these applications.

The firewall exceptions configured during Chromeleon setup also allow network connections to instruments, such as:

Thermo Surveyor Plus system (pump, autosampler, UV and PDA detectors)
Thermo Accela system (autosampler and PDA detector)
Agilent GC 7890
Waters Acquity UPLC system

Network connections to instruments are expected to be of the "Domain" or "Private" network profile type.

If you are having difficulties to establish communication between the PC and connected instruments, however, a possible cause for no communication is that the instrument LAN is not configured as a private network. In this case, the recommended procedure is to change your network location type to "Private".

Should it not be possible for any reason to change the network location type to "Private", you can extend the existing inbound rules for the CmDDKHost.exe and CmDriver.exe applications by adding the "Public" profile in the Windows Firewall settings (under Advanced settings -> Inbound Rules) instead. This will allow inbound network traffic to communicate also via the "Public" network profile type.

Contact your network or system administrator for support, if needed.

Adding a Program or TCP/IP Port to the Exception List

If, for any reason, a program or TCP/IP port is missing in the exceptions list, add the program or TCP/IP port as described below (steps refer to Windows 7).

Adding a program:

Click Start > Control Panel > System and Security > Windows Firewall.
In the left pane, click Allow a program or feature through Windows Firewall.
Click Change settings. If you are asked for an administrator password or confirmation, type the password or provide confirmation.
Select the Name check box next to the program you want to allow.
Select whether the program should be allowed to communicate to a private or public network location.

Adding a TCP/IP port:

Click Start > Control Panel > Windows Firewall.
In the left pane, click Advanced settings.
In the left pane of the Windows Firewall with Advanced Security dialog box, click Inbound Rules, and then, in the right pane, click New Rule.
In the Rule Type dialog box, click Port. Then follow the onscreen instructions.