We have a factory machine controlled by an ordinary PC running XP SP2. It also has special software from the machine maker and we don't update with XP hotfixes. So there has been no need to connect it to our network to date. However we have become concerned that CDs and USB drives could be mounted and a virus or malware introduced. We want to install NAV 2012 for the realtime protection feature. Our problem is then is how to get definition updates and only updates.

We are thinking a external firewall such as a Netgear FVS318G in between the PC and our network would be set to only allow NAV to connect for updates and only allow those updates in. To do this, does NAV have a unique set of ports and IP numbers (and anything else) I can use to construct firewall rules on.