Settings For Online Security Diagnostics And Downloading To Station With The Firewall Activated; Notation For The Source Ip Address (Advanced Firewall Mode); Time-Of-Day Synchronization - Siemens SIMATIC S7-1200 CP 1243-8 IRC Operating Instructions Manual

For telecontrol

Hide thumbs Also See for SIMATIC S7-1200 CP 1243-8 IRC:

Operating instructions manual (112 pages)

Application example (38 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

page of 230

/ 230
Contents
Table of Contents
Bookmarks

Table of Contents

4.16.4.3

Settings for online security diagnostics and downloading to station with the firewall

activated

Setting the firewall for online functions

With the security functions enabled, follow the steps outlined below:

1. In the global security settings (see project tree), select the entry "Firewall > Services >

Define services for IP rules".

2. Select the "ICMP" tab.

3. Insert a new entry of the type "Echo Reply" and another of the type "Echo Request".

4. Now select the CP in the S7 station.

5. Enable the advanced firewall mode in the local security settings of the CP in the "Security

> Firewall" parameter group.

6. Open the "IP rules" parameter group.

7. In the table, insert a new IP rule for the previously created global services as follows:

– Action: Allow; "From external -> To station " with the globally created "Echo request"

– Action: Allow; "From station -> to external" with the globally created "Echo reply"

8. For the IP rule for the Echo Request, enter the IP address of the engineering station in

"Source IP address". This ensures that only ICMP frames (ping) from your engineering

station can pass through the firewall.

4.16.4.4

Notation for the source IP address (advanced firewall mode)

If you specify an address range for the source IP address in the advanced firewall settings of

the CP, make sure that the notation is correct:

● Separate the two IP addresses only using a hyphen.

Correct: 192.168.10.0-192.168.10.255

● Do not enter any other characters between the two IP addresses.

Incorrect: 192.168.10.0 - 192.168.10.255

If you enter the range incorrectly, the firewall rule will not be used.

4.16.5

Time-of-day synchronization

For the configuration of the time-of-day synchronization read the section Time-of-day

synchronization (Page 100).

CP 1243-8 IRC

Operating Instructions, 02/2018, C79000-G8976-C385-03

service

Configuration

4.16 Security

109

Table of Contents

Show Quick Links

Quick Links:
Configuration Examples

Hide quick links:

Table of Contents

Settings For Online Security Diagnostics And Downloading To Station With The Firewall Activated; Notation For The Source Ip Address (Advanced Firewall Mode); Time-Of-Day Synchronization - Siemens SIMATIC S7-1200 CP 1243-8 IRC Operating Instructions Manual

Notation for the source IP address (advanced firewall mode)

Time-of-day synchronization

Hide quick links:

Related Manuals for Siemens SIMATIC S7-1200 CP 1243-8 IRC

Related Content for Siemens SIMATIC S7-1200 CP 1243-8 IRC

Table of Contents