Niagara Fox Protocol Explained — Automation OR Management Level?

Most BAS engineers learn that Niagara’s Fox protocol is “the management-level thing” — and stop there. That’s wrong. Fox runs at the AUTOMATION level too, and it absolutely does NOT touch the FIELD level. In this BAS Tip, we walk through where Fox actually lives in a real Niagara/Tridium stack: Supervisor ↔ JACE, JACE ↔ JACE, and Workbench ↔ Station — at every Niagara-to-Niagara link. We also clear up three things people frequently mistake for Fox (Workbench → Platform via Niagarad/platformtls, browser-to-station HTTPS, and field-side BACnet/Modbus traffic), then walk the firewall ports your IT team will ask about. What you’ll get out of this video: • A clean mental model of the three-tier BAS stack and which protocol runs where • The TCP port table for plain Fox (1911), Foxs (4911 TLS), and Foxwss (443 over WebSocket) • Why the protocol does NOT define the level — the role does • How NiagaraNetwork drivers actually move histories, alarms, and live points • Four real gotchas: legacy AX↔N4 plain-Fox, TLS certificate trust, user-account matching across stations, and Fox vs BACnet on the wire If you commission, configure, or troubleshoot Niagara stations, this is the protocol explanation you wish you had on day one. --- Chapters 00:00 Cold open 00:21 What Fox actually is 00:56 Three-tier BAS stack 01:35 Fox between every Niagara thing 02:01 Protocol does NOT define the level 02:27 Plain Fox · port 1911 02:54 Foxs · port 4911 (TLS) 03:17 Foxwss · port 443 (HTTPS tunnel) 03:48 Things that look like Fox but aren’t 04:28 Browser → Station = HTTPS 04:52 Field-protocol traffic 05:23 NiagaraNetwork driver 05:34 Supervisor pulls from every JACE 06:33 JACE ↔ JACE peer link 06:58 Firewall view (port table) 07:41 Gotcha #1 · plain Fox in legacy sites 08:06 Gotcha #2 · TLS certificates 08:33 Gotcha #3 · user accounts must match 08:57 Gotcha #4 · Fox is not BACnet 09:22 Recap matrix 09:59 3 takeaways 10:24 Sign off