Siemens SIMATIC ET 200AL System Manual page 1546

Industrial Ethernet Security with CP 1543-1
All-round protection - the task of Industrial Ethernet Security
With Industrial Ethernet Security, individual devices, automation cells or network segments of
an Ethernet network can be protected. Data transfer can also be protected by a combination
of different security measures:
• Data espionage
• Data manipulation
• Unauthorized access
Security measures
• Firewall
– IP firewall with stateful packet inspection (layer 3 and 4)
– Firewall also for Ethernet "non-IP" frames according to IEEE 802.3 (layer 2)
– Bandwidth limitation
– Global firewall rules
All network nodes located in the internal network segment of a CP 1543-1 are protected
by its firewall. Exception: If you access the CPU via the interface of the CP with the "Access
to PLC via communication module" function, the firewall does not protect this connection.
• Logging
To allow monitoring, events can be stored in log files that can be read out using the
configuration tool or can be sent automatically to a Syslog server.
• HTTPS
For encrypted transfer of websites, for example during process control.
• FTPS (explicit mode)
For encrypted transfer of files.
• Secure NTP
For secure time-of-day synchronization and transmission.
• SNMPv3
For secure transmission of network analysis information safe from eavesdropping.
Communication
Function Manual, 05/2021, A5E03735815-AJ
15
425