Industrial Ethernet Security With Cp 1543-1; Firewall - Siemens SIMATIC ET 200AL System Manual

Industrial Ethernet Security with CP 1543-1

15.1 Firewall

• VPN groups
You can combine the CP 1543-1 with other security modules into VPN groups through
configuration. IPsec tunnels are established between all the security modules of a VPN
group (VPN). All internal nodes of these security modules can communicate securely with
each other through this tunnel.
• Protection for devices and network segments
The firewall and VPN groups protective functions can be applied to the operation of single
devices, multiple devices, or entire network segments.
Additional information
An overview with links to the most important contributions on Industrial Security is available
in this FAQ (https://support.industry.siemens.com/cs/ww/en/view/92651441).
15.1 Firewall
Tasks of the firewall
The purpose of the firewall functionality is to protect networks and stations from outside
influences and disturbances. This means that only certain previously specified
communications relations are permitted.
To filter the data traffic, IPv4 addresses, IPv4 subnets, port numbers or MAC addresses among
other things can be used.
The firewall functionality can be configured for the following protocol levels:
• IP firewall with stateful packet inspection (layer 3 and 4)
• Firewall also for Ethernet "non-IP" frames according to IEEE 802.3 (layer 2)
Firewall rules
Firewall rules describe which packets are permitted or forbidden in which direction.
426
Function Manual, 05/2021, A5E03735815-AJ
Communication