Rockwell Automation Publication 1756-UM021A-EN-P - September 2023 27
Chapter 3 System Manager
General Protection mode
When Protection Mode is enabled on your device, the security of the device is enhanced by
disabling software updates, application downloads, and remote configurations. In this state,
the device rejects the following actions:
• Interface updates: TCP/IP configuration (configuration method, network address,
hostname), Ethernet Link configuration (link enable, speed, and duplex) and remote
configuration requests via CIP™.
• Firmware updates via USB or remotely through FactoryTalk® Remote Access™.
• FactoryTalk Optix application updates.
The device accepts settings and reboot requests through the System Manager web interface,
FactoryTalk Optix System Tags, and FactoryTalk Remote Access tools, which all require user
authentication. This helps to make sure that changes are only made by authorized
administrators.
General options
Hostname
The Hostname is a unique identifier that is assigned to the device. It is used to identify and
communicate with the device over the network and can be used to configure or troubleshoot
the device as needed. This name is the device name visualized on the FactoryTalk Remote
Access organization.
Web server interfaces
• WAN— Enable this option to allow access to the System Manager through the device's
WAN port (Port 1). This makes it easy for you to remotely manage and configure the
device via the web interface.
• LAN—Enable this option to use the System Manager through the device's
LAN port (Port 2). This allows you to access the web interface for device management
and configuration via the local network.
IMPORTANT Protection Mode is disabled by default for all out-of-the-box products
and after a factory reset. To reduce the surface of cyberattacks is
highly recommended to enable this option in a production environment,
to help unauthorized changes and potential security risks.
It is recommended to configure the options above to let the web server be only
accessible from the strictly needed interfaces, to reduce surface exposure to
cyberattacks. Ideally, it should be only enabled when the configuration must be changed.
To Next Page
Loading...
Need help?
General
