Honeywell 900U02-0100 User And Installation Manual page 60

At level 1 network, ControlEdge HC900 controller and Scanners connect to one switch, and it is the most
critical network in the system as a failure or loss of service on this network can result in loss of control.
At level 2 network, Engineering Workstation, third party devices, HMI, and SCADA connect to the
switched of this level. A failure of this level network may result in a loss of view of the process if HMI or
SCADA is employed.
The two network levels must be isolated with each other.
CAUTION
The ControlEdge HC900-expansion I/O link is a private network and the switch used for the
interconnection of the ControlEdge HC900 Processor and Scanners must not be connected to any other
LAN or WAN. Likewise, no devices or communication traffic other than the ControlEdge HC900
components should be connected to the I/O link Switch. Failure to comply will cause communication
failures on the I/O link causing I/O modules to go in and out of their failsafe settings.
Components of the Ethernet Open Connectivity Network, are those which link a ControlEdge HC900
Controller to Peers, to HMI Supervisory Stations, and to other Ethernet 10/100Base-T devices that
support TCP/IP. The Ethernet Open Connectivity Network is potentially more complex than the I/O
expansion network, and in some cases, may require the services of an IT networking professional.
Note: Although the ControlEdge HC900 E1/E2 ports provide protection against Cyber-security/DOS type
attacks, additional protection is required for safety applications using a firewall device configured to
prevent uncontrolled messages into the controller
Recommended firewall settings:
 Close all TCP and UDP communication to Ethernet ports into controller except:

Modbus TCP (port 502 by default)

Controller Peer to Peer (UDP port 502)

SNTP port 123 (ONLY if NTP server is enabled)

SMTP port 25 (ONLY if email used)
 Rate Limiting
In general, one host should not be allowed to occupy unlimited bandwidth. For example, "broadcast storms" could
be caused by an incorrectly configured topology, or a malfunctioning device. Firewalls can prevent storms seen by
the PLC ETH1/ETH2 ports. Limit rate of all traffic (Ingress/egress) to ETH1/ETH2 <= 3 MB/s.
 Denial-Of-Service
Settings should also be enabled in the Firewall device if possible. These settings may include the following scan
types Null, XMAS, NMAP-XMAS, SYN/FIN, FIN, NMAP-ID, SYN/RST, SYN, Flood and others.
Firewall device(s) should be introduced above the network at the control network level prior to the supervisory
control network level. "Figure 1: System architecture".
46 ControlEdge HC900 Process & Safety Controller User and Installation Manual Revision 10
May 2019