Security; Using Vpn - Effects On Communication; Reloading Firewall Rules - Siemens SIMATIC NET CP 443-1 Advanced Manual

Remedy
Note the following recommendations:
● Do not call communication program blocks cyclically in OB1!
Communication should be called timecontrolled in a suitable cyclicinterrupt OB. The call
interval of this OB should be significantly higher than the average cycle time of OB1.
● You should set a minimum cycle time that is higher than the average runtime of OB1.
This frees resources for communication on the CPU. This is, for example, a solution for
existing applications when communication already takes place cyclically in OB1.
● If necessary, reduce the time taken for communication processing on the CPU by
changing the parameter "Scan cycle load from communication" in the properties of the
CPU.
6.10

Security

6.10.1

Using VPN - effects on communication

Communication via VPN tunnel
Communication via a VPN tunnel reduces speed compared with communication outside a
VPN tunnel.
In mixed operation with S7 communication and connections of the open communications
services (SEND/RECEIVE interface), remember that the CP handles the open
communications services with higher priority.
6.10.2

Reloading firewall rules

Behavior with an active tunnel connection
Reloading firewall rules using the "Reload firewall rules online" (in STEP 7 / HW Config in
"CP properties", "Security" tab) can lead to communication on an active tunnel connection
being aborted.
CP 443-1 Advanced (GX30)
Manual, 03/2019, C79000-G8976-C256-05
Configuration and operation
6.10 Security
81