Check For Security Events - Siemens SIMATIC ET 200AL System Manual

OPC UA communication
9.3 Using the S7-1500 as an OPC UA server
Example
A client transmits incorrect authentication data (for example, incorrect password) when a
connection is established. The new state of the "ActivationFailed" session is entered with the
corresponding session ID in the diagnostic buffer.
Subscription states and state transitions
①
②
③
④
Figure 9-53
9.3.7.4

Check for security events

If the CPU diagnostics detects a security event during the OPC UA communication, it can
enter it in the diagnostic buffer.
Requirements
• S7-1500 CPUs as of firmware version 2.8
• The "Check for security events" option is activated (properties of the CPU > OPC UA >
Server > Diagnostics).
Security events detected in diagnostics
S7-1500 CPUs perform diagnostics on the following OPC UA relevant security events:
• Client-certificate is invalid (for example, syntactically or semantically incorrect, incorrect
signature, current date is not in the validity period)
• User name/password login failed (deactivated or incorrect data)
• Client wants to use a specific security policy or a specific message security mode; the
server does not support the security policy or the requested security mode.
• Client does not establish connection according to specification (OPC UA Spec) (for
example, unexpected SecureChannelID/SessionID/client Nonce)
308
Client connects to server, login with correct authentication data (correct credentials).
Client closes connection correctly.
Client no longer sends messages; session ends with timeout.
Client connects to server, login with incorrect authentication data.
Session states and state transitions
Function Manual, 05/2021, A5E03735815-AJ
Communication