Table of Contents
Advertisement
5.8
Security functions
Note the range and application of the security functions of the CP, refer to the section Other
services and properties (Page 11).
5.8.1
Firewall
5.8.1.1
Firewall sequence when checking incoming and outgoing frames
Each incoming or outgoing frame initially runs through the MAC firewall (layer 2). If the frame
is discarded at this level, it will not be checked by the IP firewall (layer 3). This means that
with suitable MAC firewall rules, IP communication can be restricted or blocked.
5.8.1.2
Notation for the source IP address (advanced firewall mode)
If you specify an address range for the source IP address in the advanced firewall settings of
the CP, make sure that the notation is correct:
● Separate the two IP addresses only using a hyphen.
Correct: 192.168.10.0-192.168.10.255
● Do not enter any other characters between the two IP addresses.
Incorrect: 192.168.10.0 - 192.168.10.255
If you enter the range incorrectly, the firewall rule will not be used.
5.8.2
Filtering of the system events
Communications problems if the value for system events is set too high
If the value for filtering the system events is set too high, you may not be able to achieve the
maximum performance for the communication. The high number of output error messages
can delay or prevent the processing of the communications connections.
In "Security > Log settings > Configure system events", set the "Level:" parameter to the
value "3 (Error)" to ensure the reliable establishment of the communications connections.
Siemens Automation
CP 1243-1 PCC
Operating Instructions, 02/2015, C79000-G8976-C384-01
Configuration and operation
5.8 Security functions
39
Advertisement
Table of Contents
