Firewall; Pre-Check Of Messages By The Mac Firewall; Online Diagnostics And Downloading To Station With The Firewall Activated - Siemens ET 200SP Operating Instructions Manual

Industrial ethernet

Hide thumbs Also See for ET 200SP:

System manual (320 pages)

Manual (270 pages)

Operating instructions manual (166 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

page of 122

/ 122
Contents
Table of Contents
Bookmarks

Table of Contents

VPN subscriber (active) ⇔ gateway (dyn. IP address) ⇔ Internet ⇔ gateway (fixed IP

address) ⇔ CP (passive)

Configure the permission for VPN connection establishment for the CP as a passive

subscriber as follows:

1. In STEP 7, go to the devices and network view.

2. Select the CP.

3. Open the parameter group "VPN" in the local security settings.

4. For each VPN connection with the CP as a passive VPN subscriber, change the default

setting "Initiator/Responder" to the setting "Responder".

4.6.2

Firewall

4.6.2.1

Pre-check of messages by the MAC firewall.

Each incoming or outgoing frame initially runs through the MAC firewall (layer 2). If the frame

is discarded at this level, it will not be checked by the IP firewall (layer 3). This means that

with suitable MAC firewall rules, IP communication can be restricted or blocked.

4.6.2.2

Online diagnostics and downloading to station with the firewall activated

Setting the firewall - steps involved

With the security function enabled, follow the steps outlined below:

1. In the global security settings (see project tree), select the entry "Firewall > Services >

Define services for IP rules".

2. Select the "ICMP" tab.

3. Insert a new entry of the type "Echo Reply" and another of the type "Echo Request".

4. Now select the CP in the ET 200SP station.

5. Enable the advanced firewall mode in the local security settings of the CP in the "Security

> Firewall" parameter group.

6. Open the "IP rules" parameter group.

7. In the table, insert a new IP rule for the previously created global services as follows:

– Action: Allow; "From external -> To station " with the globally created "Echo request"

– Action: Allow; "From station -> to external" with the globally created "Echo reply"

8. For the IP rule for the Echo Request, enter the IP address of the PG/PC in "Source IP

address". This ensures that only PING packets from your PG/PC can pass through the

firewall.

CP 1542SP-1, CP 1542SP-1 IRC, CP 1543SP-1

Operating Instructions, 01/2017, C79000-G8976-C426-03

service

Configuration and operation

4.6 Security configuration(CP 1543SP-1)

Table of Contents

Show Quick Links

Hide quick links:

Table of Contents

This manual is also suitable for:

Cp 1542sp-1 Cp 1542sp-1 irc Cp 1543sp-1

Firewall; Pre-Check Of Messages By The Mac Firewall; Online Diagnostics And Downloading To Station With The Firewall Activated - Siemens ET 200SP Operating Instructions Manual

Firewall

Pre-check of messages by the MAC firewall.

Online diagnostics and downloading to station with the firewall activated

Hide quick links:

Related Manuals for Siemens ET 200SP

Related Content for Siemens ET 200SP

This manual is also suitable for:

Table of Contents