Configuration, programming
4.4 Security
CP 1543-1
Operating Instructions, 05/2017, C79000-G8976-C289-07
41
Firewall sequence when checking incoming and outgoing frames
Each incoming or outgoing frame initially runs through the MAC firewall (layer 2). If the frame
is discarded at this level, it is not checked by the IP firewall (layer 3). This means that with
suitable MAC firewall rules, IP communication can be restricted or blocked.
Notation for the source IP address (advanced firewall mode)
If you specify an address range for the source IP address in the advanced firewall settings of
the CP 1543-1, make sure that the notation is correct:
● Separate the two IP addresses only using a hyphen.
Correct: 192.168.10.0-192.168.10.255
● Do not enter any other characters between the two IP addresses.
Incorrect: 192.168.10.0 - 192.168.10.255
If you enter the range incorrectly, the firewall rule will not be used.
HTTP and HTTPS not possible with IPv6
It is not possible to use HTTP and HTTPS communication on the Web server of the station
using the IPv6 protocol.
If the firewall is enabled in the local security settings in the entry "Firewall > Predefined IPv6
rules": The selected check boxes "Allow HTTP" and "Allow HTTPS" have no function.
Firewall settings for connections via a VPN tunnel
IP rules in advanced firewall mode
If you have configured connections between CPs, note the following setting if you operate
the CPs in advanced firewall mode.
In the parameter group "Security > Firewall > IP rules" select the setting "Allow" for tunnel
connections.
If you do not enable the option, the VPN connection is terminated and re-established.
This applies to connections between a CP 1543-1 and for example a CP 343-1 Advanced,
CP 443-1 Advanced, CP 1628 or CP 1243-1.
Online diagnostics and downloading to station with the firewall activated (Page 42)
To Next Page
Loading...
