1. Manuals
  2. Brands
  3. Siemens Manuals
  4. Industrial Electrical
  5. SIMATIC ET 200SP
  6. Operating instructions manual

Settings For Online Security Diagnostics And Downloading To Station With The Firewall Activated; Notation For The Source Ip Address (Advanced Firewall Mode) - Siemens SIMATIC NET ET 200SP Operating Instructions Manual

Industrial ethernet
Hide thumbs Also See for SIMATIC NET ET 200SP:
Table of Contents

Advertisement

4.9.2.2
Settings for online security diagnostics and downloading to station with the firewall
activated
Setting the firewall for online functions
With the security functions enabled, follow the steps outlined below.
Global security functions:
1. Select the entry "Firewall > Services > Define services for IP rules".
2. Select the "ICMP" tab.
3. Insert a new entry of the type "Echo Reply" and another of the type "Echo Request".
Local security functions of the CP:
Now select the CP in the S7 station.
1. Enable the advanced firewall mode in the local security settings of the CP in the "Security
> Firewall" parameter group.
2. Open the "IP rules" parameter group.
3. In the table, insert a new IP rule for the previously created global services as follows:
– Action: Accept; From:: External; To: Station; Service > ICMPv4/6 service > Echo
– Action: Accept; From:: Station; To: External; Service > ICMPv4/6 service > Echo
4. For the IP rule for the "Echo Request" service, enter the IP address of the engineering
station under "Source IP address".
With these rules, the CP can only be reached from the engineering station with ICMP
packets (ping) via the firewall.
Note
Additional services for online security diagnostics and download
If you wish to use the "Online security diagnostics" or "Download to device" functions, you
need to create additional rules or disable the "Echo Request" / "Echo Reply" services.
4.9.2.3

Notation for the source IP address (advanced firewall mode)

If you specify an address range for the source IP address in the advanced firewall settings of
the CP, make sure that the notation is correct:
● Separate the two IP addresses only using a hyphen.
Correct: 192.168.10.0-192.168.10.255
● Do not enter any other characters between the two IP addresses.
Incorrect: 192.168.10.0 - 192.168.10.255
If you enter the range incorrectly, the firewall rule will not be used.
CP 154xSP-1
Operating Instructions, 12/2019, C79000-G8976-C426-05
Request (the previously globally created service)
Reply (the previously globally created service)
Configuration
4.9 Security (CP 1543SP-1)
63

Advertisement

Table of Contents
loading

Related Manuals for Siemens SIMATIC NET ET 200SP

Related Content for Siemens SIMATIC NET ET 200SP

This manual is also suitable for:

Cp 1542sp-1Cp 1542sp-1 ircCp 1543sp-1

Table of Contents