Configuration
4.8 Security
CP 1243-1
Operating Instructions, 12/2016, C79000-G8976-C365-02
49
Pre-check of messages by the MAC firewall.
Each incoming or outgoing frame initially runs through the MAC firewall (layer 2). If the frame
is discarded at this level, it will not be checked by the IP firewall (layer 3). This means that
with suitable MAC firewall rules, IP communication can be restricted or blocked.
Notation for the source IP address (advanced firewall mode)
If you specify an address range for the source IP address in the advanced firewall settings of
the CP, make sure that the notation is correct:
● Separate the two IP addresses only using a hyphen.
Correct: 192.168.10.0-192.168.10.255
● Do not enter any other characters between the two IP addresses.
Incorrect: 192.168.10.0 - 192.168.10.255
If you enter the range incorrectly, the firewall rule will not be used.
Firewall settings for configured connection connections via a VPN tunnel
IP rules in advanced firewall mode
If you set up configured connection connections with a VPN tunnel between the CP and a
communications partner, you will need to adapt the local firewall settings of the CP:
In advanced firewall mode ("Security > Firewall > IP rules") select the action "Allow*" for both
communications directions of the VPN tunnel.
Settings for online security diagnostics and downloading to station with the firewall activated
(Page 49)
Settings for online security diagnostics and downloading to station with the firewall
activated
Setting the firewall for online functions
With the security functions enabled, follow the steps outlined below:
1. In the global security settings (see project tree), select the entry "Firewall > Services >
Define services for IP rules".
2. Select the "ICMP" tab.
3. Insert a new entry of the type "Echo Reply" and another of the type "Echo Request".
To Next Page
Loading...
Need help?
General
