1. Manuals
  2. Brands
  3. Siemens Manuals
  4. Controller
  5. Simatic S7-1500
  6. Operating instructions manual

Firewall; Firewall Sequence When Checking Incoming And Outgoing Frames; Notation For The Source Ip Address (Advanced Firewall Mode); Http And Https Not Possible With Ipv6 - Siemens S7-1500 Operating Instructions Manual

Simatic net
Hide thumbs Also See for S7-1500:
Table of Contents

Advertisement

4.4.2

Firewall

4.4.2.1

Firewall sequence when checking incoming and outgoing frames

Each incoming or outgoing frame initially runs through the MAC firewall (layer 2). If the frame
is discarded at this level, it is not checked by the IP firewall (layer 3). This means that with
suitable MAC firewall rules, IP communication can be restricted or blocked.
4.4.2.2

Notation for the source IP address (advanced firewall mode)

If you specify an address range for the source IP address in the advanced firewall settings of
the CP 1543-1, make sure that the notation is correct:
● Separate the two IP addresses only using a hyphen.
Correct: 192.168.10.0-192.168.10.255
● Do not enter any other characters between the two IP addresses.
Incorrect: 192.168.10.0 - 192.168.10.255
If you enter the range incorrectly, the firewall rule will not be used.
4.4.2.3

HTTP and HTTPS not possible with IPv6

It is not possible to use HTTP and HTTPS communication on the Web server of the station
using the IPv6 protocol.
If the firewall is enabled in the local security settings in the entry "Firewall > Predefined IPv6
rules": The selected check boxes "Allow HTTP" and "Allow HTTPS" have no function.
4.4.2.4

Firewall settings for connections via a VPN tunnel

IP rules in advanced firewall mode
If you have configured connections between CPs, note the following setting if you operate
the CPs in advanced firewall mode.
In the parameter group "Security > Firewall > IP rules" select the setting "Allow" for tunnel
connections.
If you do not enable the option, the VPN connection is terminated and re-established.
This applies to connections between a CP 1543-1 and for example a CP 343-1 Advanced,
CP 443-1 Advanced, CP 1628 or CP 1243-1.
See also
Online diagnostics and downloading to station with the firewall activated (Page 42)
CP 1543-1
Operating Instructions, 05/2017, C79000-G8976-C289-07
Configuration, programming
4.4 Security
41
Show Quick Links

Hide quick links:

Advertisement

Table of Contents
loading

Related Manuals for Siemens S7-1500

Related Content for Siemens S7-1500

This manual is also suitable for:

Cp 1543-1

Table of Contents