Firewall; Pre-Check Of Messages By The Mac Firewall; Firewall Settings For Configured Connection Connections Via A Vpn Tunnel - Siemens SIMATIC S7-1200 CP 1243-8 IRC Operating Instructions Manual

For telecontrol

Hide thumbs Also See for SIMATIC S7-1200 CP 1243-8 IRC:

Operating instructions manual (112 pages)

Application example (38 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

page of 230

/ 230
Contents
Table of Contents
Bookmarks

Table of Contents

Configuration

4.16 Security

● Key exchange interval

Period after which the key is exchanged again between the CP and the master. The

interval must be matched up on both communications partners.

Range of values: 0...65535 min. at 0 (zero), the key is never changed (function disabled).

Default setting: 15 min.

Recommendation: Set the key exchange interval for the CP twice as high as for the

master.

● Authentication timeout

Maximum waiting time for the response from the master to an authentication request of

the CP.

Exceeding the wait time is evaluated as an error by the CP. In this case, the CP

generates a security event and sends this to the master.

Range of values: 1... 65535 s Default setting: 5

● Pre-shared key

The pre-shared key can be configured in two ways:

– Manual configuration

– Import as file

The pre-shared key of the CP must be identical to the pre-shared key of the master.

4.16.4

Firewall

4.16.4.1

Pre-check of messages by the MAC firewall.

Each incoming or outgoing frame initially runs through the MAC firewall (layer 2). If the frame

is discarded at this level, it will not be checked by the IP firewall (layer 3). This means that

with suitable MAC firewall rules, IP communication can be restricted or blocked.

4.16.4.2

Firewall settings for configured connection connections via a VPN tunnel

IP rules in advanced firewall mode

If you set up configured connection connections with a VPN tunnel between the CP and a

communications partner, you will need to adapt the local firewall settings of the CP:

In advanced firewall mode ("Security > Firewall > IP rules") select the action "Allow*" for both

communications directions of the VPN tunnel.

See section Settings for online security diagnostics and downloading to station with the

firewall activated (Page 109) for information on this.

108

Enter the pre-shared key in STEP 7 manually as a hexadecimal value.

Import the pre-shared key from the file system of the engineering station if the pre-

shared key was generated by the master or another system.

Operating Instructions, 02/2018, C79000-G8976-C385-03

CP 1243-8 IRC

Table of Contents

Show Quick Links

Quick Links:
Configuration Examples

Hide quick links:

Table of Contents

Firewall; Pre-Check Of Messages By The Mac Firewall; Firewall Settings For Configured Connection Connections Via A Vpn Tunnel - Siemens SIMATIC S7-1200 CP 1243-8 IRC Operating Instructions Manual

Firewall

Pre-check of messages by the MAC firewall.

Firewall settings for configured connection connections via a VPN tunnel

Hide quick links:

Related Manuals for Siemens SIMATIC S7-1200 CP 1243-8 IRC

Related Content for Siemens SIMATIC S7-1200 CP 1243-8 IRC

Table of Contents