Helmholz WALL IE 700-860-WAL01 Manual
Industrial ethernet bridge and firewall
Hide thumbs
Also See for WALL IE 700-860-WAL01:
- Quick start manual (21 pages) ,
- Manual (63 pages) ,
- Quick start manual (22 pages)
Table of Contents
Advertisement
Quick Links
Advertisement
Table of Contents
Subscribe to Our Youtube Channel
Related Manuals for Helmholz WALL IE 700-860-WAL01
Summary of Contents for Helmholz WALL IE 700-860-WAL01
- Page 1 Version 1 | 5/15/2017 | as of firmware V 1.04 Manual order number: 900-860-WAL01 Helmholz GmbH & Co. KG | Hannberger Weg 2 | 91091 Großenseebach | Germany Phone +49 9135 7380-0 | Fax +49 9135 7380-110 | info@helmholz.de | www.helmholz.com...
- Page 2 (photocopy, microfilm, or any other methods), even for training purposes or with the use of electronic systems, without written approval from Helmholz GmbH & Co. KG. To download the latest version of this manual, please visit our website at www.helmholz.de. We welcome all ideas and suggestions.
-
Page 3: Table Of Contents
Contents General ......................5 Target audience for this manual....................5 Safety instructions ........................5 Note symbols and signal words ....................6 Intended use ........................... 7 Improper use ........................... 7 Installation ..........................8 1.6.1 Access restriction ......................... 8 1.6.2 Electrical installation ......................8 1.6.3 Protection against electrostatic discharges ................ - Page 4 Port forwarding ........................24 MAC address filtering ..................26 Static routes ....................27 Use with Simatic Step 7 / TIA portal ............... 28 Solution in Step 7 ........................29 Use in the TIA portal ......................30 Setting up a route on the PC ....................32 Other functions ....................
-
Page 5: General
1 General This operating manual applies only to devices, assemblies, software, and services of Helmholz GmbH & Co. KG. 1.1 Target audience for this manual This description is only intended for trained personnel qualified in control and automation engineering who are familiar with the applicable national standards. For installation, commissioning, and operation of the components, compliance with the instructions and explanations in this operating manual is essential. -
Page 6: Note Symbols And Signal Words
1.3 Note symbols and signal words If the hazard warning is ignored, there is an imminent danger to life and health of people from electrical voltage. If the hazard warning is ignored, there is a probable danger to life and health of people from electrical voltage. -
Page 7: Intended Use
Modifications to hardware or software configurations which extend beyond the documented options are not permitted and nullify the liability of Helmholz GmbH & Co. KG. The device may not be used as the only means for preventing hazardous situations on machinery and systems. -
Page 8: Installation
1.6 Installation 1.6.1 Access restriction The modules are open operating equipment and must only be installed in electrical equipment rooms, cabinets, or housings. Access to the electrical equipment rooms, cabinets, or housings must only be possible using a tool or key, and access should only be granted to trained or authorized personnel. -
Page 9: Liability
1.6.8 Disclaimer of liability Helmholz GmbH & Co. KG is not liable for damages if these were caused by use or application of products that was improper or not as intended. Helmholz GmbH & Co. KG assumes no liability for any printing errors or other inaccuracies that may appear in the operating manual, unless there are serious errors of which Helmholz GmbH &... -
Page 10: Overview
2 Overview WALL IE, the new Industrial Ethernet Bridge and Firewall, simply integrates your machinery network into the higher-level production network. A packet filter protects the networks from unauthorized access. If identical IP address ranges are to be realized, WALL IE functions as a bridge. The NAT operating mode serves the forwarding of the data traffic between various IPv4 networks. -
Page 11: Connection Of The Power Supply
2.2 Connection of the power supply The WALL IE is connected with 24 V DC voltage via the 5-pin power supply socket. There is also a connection for the functional ground (FG). The connection of a functional ground is recommended. The inputs IN1 and IN2 do not yet have a function in the current firmware version, but will be available in a later firmware version for the external switching of firewall rules. -
Page 12: Initial Access To The Web Interface
3 Initial access to the web interface The WALL IE is set on the LAN-side at the factory with the IP address 192.168.0.100 and the subnet mask 255.255.255.0. Access to the web interface is only possible via the LAN connections P2—P4. The IP address of your network adapter must first be set in accordance with the IP subnet of the WALL IE:... -
Page 13: Initial Login
For security reasons, the web interface can only be reached through a secured HTTPS connection. An exception rule needs to be confirmed once in order to reach the website. A certificate for the connection authentication can be stored in the "Device/HTTPS" menu. 3.1 Initial Login You will be prompted to set a password at the initial Login. -
Page 14: Main View
3.2 Main view The "Overview" main view contains an overview of the most important settings and information of the WALL IE. The topmost line contains the menu with the functions for configuration. 3.2.1 Menu overview WALL IE, Industrial Ethernet Bridge and Firewall | Version 1 | 15.05.2017... -
Page 15: Responsive Design
3.2.2 Responsive design The web interface is also suitable for use on tablets and smartphones ("Responsive design"). Please note that web access to the WALL IE is equipped with inactivity monitoring for security reasons. When the website isn't used for several minutes, an automatic "log out" takes place. WALL IE, Industrial Ethernet Bridge and Firewall | Version 1 | 15.05.2017... -
Page 16: Adjustment Of The Ip Addresses (Network Interface)
3.3 Adjustment of the IP addresses (Network interface) Click on the "Network" menu and select the sub-menu "Interface". The desired IP addresses for LAN and WAN and the related subnet masks (LAN/WAN net mask) can be defined here. The default gateway is necessary when devices from the LAN wish to establish a connection with the Internet or when devices from the LAN should communicate with other networks via WAN. -
Page 17: The Bridge Mode
4 The bridge mode In the bridge operating mode, WALL IE behaves like a layer 2 switch between the automation cell (LAN) and the production network (WAN). The packet filter can be used to limit access between the two areas. This enables the separation of a part of the production network without using different network addresses. - Page 18 In the bridge mode, all ports are blocked for "WAN-to-LAN" data transfer as a default! In order to enable access, packet filter rules must be created or the default action for the packet filters be set to "Accept". The "LAN to WAN" data transfer is initially always allowed, but can also be limited by packet filters or the default action.
-
Page 19: Packet Filter Functionality
5 Packet filter functionality The packet filters define the of access between the production network (WAN) and the automation cell (LAN) in both directions. For example, it can be configured that only certain participants from the production network may exchange data with defined participants from the automation cell. - Page 20 A new rule is entered with the symbol. In the example above, a PC in the WAN network with the IP address 10.10.1.10 (e.g. visualization) is now allowed access to the CPU 10.10.1.30 in the LAN network via port 102 with the TCP protocol. Source IP IP address of the device in the external network (WAN) from which the query originates.
-
Page 21: Nat Operating Mode
6 NAT operating mode When several automation cells with the same address range are to be incorporated into a production network, this can result in collisions, as the addresses in the entire network are not unambiguous. Using Network Address Translation (NAT), WALL IE makes it possible to incorporate several automation cells into the production network. -
Page 22: Basic Nat
6.1 Basic NAT Basic NAT, also known as "1:1 NAT" or "Static NAT", is the translation of individual IP addresses or of complete address ranges. The "External IP" must be a free or unused IP address in the WAN network. The "Internal IP" is the IP address of the device in the LAN that is assigned to the "External IP"... -
Page 23: Napt
6.2 NAPT "NAPT for LAN to WAN traffic" replaces the sender addresses of queries from the LAN through the address of the WALL IE in the WAN. NAPT is also referred to as "Port Address Translation" (PAT). Source IP 10.10.1.1:xxx Source 192.168.10.1:80 The option "NAPT: Active"... -
Page 24: Port Forwarding
If the NAPT option is deactivated, the query packets from the LAN are forwarded from the LAN to the WAN with their original sender IP and sender port. In this configuration, however, no answer frame can be sent back from the WAN to the LAN. 6.3 Port forwarding With the help of port forwarding ("Port forwarding for WAN to LAN traffic"), it can be configured that packets at a certain TCP/UDP port of the WALL IE (WAN) can be forwarded to a participant in the... - Page 25 If with the packet filters "WAN to LAN" the default action is set to "Reject" or "Drop", the corresponding filter rules for access must also be created for each port forwarding entry. It is not possible to use the reserved ports 443 and 80 when WALL IE has activated its own websites on the WAN (Web Interface Access = "WAN and LAN", see chapter 10.4).
-
Page 26: Mac Address Filtering
7 MAC address filtering With the function "MAC Filtering" communication via the WALL IE can be limited to devices with certain MAC addresses ("Whitelisting“) or devices with certain MAC addresses can be denied access ("Blacklisting"). Filtering for each MAC address can be activated on the WAN, on the LAN, or on both sides. MAC addresses must always be entered in the format "AA:BB:CC:DD:EE:FF,"... -
Page 27: Static Routes
8 Static routes Static routes are used for communication with other automation cells. To this purpose, the network and the address of the router or WALL IE responsible for this ("Next Hop" or "Gateway") must be configured. In order to enable the return route of the answer, a route for the IP address of the WALL IE of machine 1 must be set up in the second gateway! WALL IE, Industrial Ethernet Bridge and Firewall | Version 1 | 15.05.2017... -
Page 28: Use With Simatic Step 7 / Tia Portal
9 Use with Simatic Step 7 / TIA portal Problem: If Simatic CPUs in the LAN behind a WALL IE are to be addressed or planned with an engineering station in the WAN, the problem is that the Step 7 or TIA portal uses the IP address from the project for access to the CPU. -
Page 29: Solution In Step 7
9.1 Solution in Step 7 Step 7 offers the possibility to access a CPU and to use an IP address other than that set in the project. However, in order that the responses from the CPU can also be redirected back to the engineering station in the WAN via the WALL IE, the WALL IE must be entered as the router for the CPU in the project. -
Page 30: Use In The Tia Portal
9.2 Use in the TIA portal Here you use the function "Extended download to device" in the menu under "Online" or, where necessary, "Extended go online". Click on "Access address" and enter the corresponding IP address. Confirm the entry by clicking on the window. - Page 31 This solution can only be used in the Basic NAT operating mode. In the case of NAPT with port forwarding, only one CPU can be reached, as the Simatic Manager/ TIA portal always accesses the CPU with the non-adjustable port 102. The search via the Siemens function "Accessible nodes"...
-
Page 32: Setting Up A Route On The Pc
9.3 Setting up a route on the PC A Windows-PC can also be informed of the assignment of the LAN IP address to a WAN IP address as a "route" in the operating system. To this purpose, call up the command line "CMD" with administrator rights. The operating system is informed of a route with the following command: route add 192.168.10.1 mask 255.255.255.0 10.10.1.11 metric 1 This command temporarily saves the route until the PC restart. -
Page 33: Other Functions
10 Other functions 10.1 Syslog server The Syslog server installed in the WALL IE logs all user and system events with time of day and date. User events are changes to the configuration or the user login. The system events originate from the operating system or the running application. -
Page 34: Change Password (Password)
10.2 Change password (Password) In the "Password" menu it is possible to change the password of the administrator "admin". 10.3 File certificate (HTTPS) A customized company certificate can be filed for the website of the WALL IE. This ensures that the calling of the WALL IE configuration website, in addition to the HTTPS encoding, is also trustworthy. -
Page 35: Firmware Update
10.5 Firmware update The firmware of the WALL IE can be very simply updated via the website. You receive the firmware from the Helmholz website under www.helmholz.de or at Helmholz Support (support@helmholz.de). The firmware comes with the file ending "HUF" and is encoded to protect you from a change. -
Page 36: Time Settings (Time)
10.6 Time settings (Time) The time of day of the WALL IE can be set in the "Time" menu. The time of day is mainly required for the Syslog records. The time of day can be set either manually or be derived automatically from a SNTP server ("Simple Network Time Protocol"). -
Page 37: Export/Import Of Configuration
10.7 Export/import of configuration The configuration of the WALL IE can be exported into a readable configuration file and imported again. It is thus possible to perform a backup of a WALL IE configuration and to copy an existing configuration for a new WALL IE with a similar application. -
Page 38: Resetting To Factory Settings
11 Resetting to factory settings The resetting of the WALL IE to factory settings can be initiated both via the website and without access to the device with the "FCN" button. When resetting the WALL IE, the configuration is irretrievably deleted and the IP settings are set to the delivery status. -
Page 39: Technical Data
12 Technical data Order no. 700-860-WAL01 Name WALL IE - Industrial Bridge and Firewall Interfaces 1x WAN 10/100 Mbps 3x LAN 10/100 Mbps, switch Operating modes Bridge, NAT (Basic NAT, NAPT) IPV4 addresses, protocol (TCP/UDP), ports ("WAN to LAN" and Packet filter "LAN to WAN"...
Need help?
Do you have a question about the WALL IE 700-860-WAL01 and is the answer not in the manual?
Questions and answers