Secure Open User Communication; Secure Ouc Of An S7-1500 Cpu As Tls Client To An External Plc (Tls Server) - Siemens SIMATIC ET 200AL System Manual

6.11

Secure Open User Communication

6.11.1

Secure OUC of an S7-1500 CPU as TLS client to an external PLC (TLS server)

The following section describes how you can set up Open User Communication via TCP
from an S7-1500 CPU as TLS client to a TLS server.
Setting up a secure TCP connection from an S7-1500 CPU as TLS client to a TLS server
S7-1500 CPUs as of firmware version V2.0 support secure communication with addressing
via a Domain Name System (DNS).
For secure TCP communication over the domain name you need to create a data block with
the TCON_QDN_SEC system data type yourself, assign parameters and call it directly at
one of the instructions TSEND_C, TRCV_C or TCON.
Requirements:
● Current date and time are set in the CPU.
● Your network includes at least one DNS server.
● You have configured at least one DNS server for the S7-1500 CPU.
● TLS client and TLS server have all the required certificates.
To set up a secure TCP connection to a TLS server, follow these steps:
1. Create a global data block in the project tree.
2. Define a tag of the data type TCON_QDN_SEC in the global data block.
The example below shows the global data block "Data_block_1" in which the tag
"DNS ConnectionSEC" of the data type TCON_QDN_SEC is defined.
Figure 6-12 Data type TCON_QDN_SEC
Communication
Function Manual, 12/2017, A5E03735815-AF
Open User Communication
6.11 Secure Open User Communication
93