Siemens S7-300 - Page 67

246 pages

To Next Page

To Next Page

To Previous Page

To Previous Page

Loading...

Configuring the Ethernet CP with STEP 7

3.4 Sending entries for the IP access protection to the Advanced CP using HTTP/HTTPS

Configuring and commissioning S7 CPs for Industrial Ethernet

Configuration Manual, 09/2013, C79000-G8976-C182-13

67

●

CP operation without enabled security - IP-ACL is effective

Communications partners can send entries for the IP-ACL to the CP using HTTP. These

communications partners must be entered in the IP-ACL during configuration with the

"Modify" access right.

●

CP operation with enabled security - firewall rules are effective

If the CP is operated with security enabled, its behavior is as follows:

– The right to transfer additional IP access rights is set in the role assignment in user

administration.

For the intended user, enable the entry "Web: Expand IP access control list" in the

rights list.

– Communications partners entered with this right can send entries for IP Access

protection to the CP using HTTP or HTTPS.

– The transferred entries are transformed into corresponding firewall rules by the CP.

Enabling security when IP-ACL is already configured - effect

By enabling security, an additional, user-related security level is added to dynamic access to

the IP access protection. Access is then only possible in the context of the user

administration and with the assignment of suitable rights.

The CP configuration reacts as follows when security is enabled:

Entries with the "Modify" access right in the IP-ACL are always linked to the "Access" access

right. When you enable security, the entries with the "Access" access right are transformed

from the IP-ACL into firewall rules. This makes access using the relevant IP address

possible.

The previous "Modify" access right intended for an IP address must, however, be assigned

explicitly to a user in the user administration with the entry "Web: Expand IP access control

list".

Note

Online view – security enabled

The online view of the security confi

guration of the CP in STEP 7 displays the dynamically

updated firewall rules.

Transfer methods for additional IP access rights

Several methods are available for the transfer and these are explained below:

● Transfer in the update center of Web diagnostics

● Call using POST request

● Other transfer methods using software tools

Table of Contents

Other manuals for Siemens S7-300

Installation And Operating Manual356 pages

Installation Manual238 pages

Operating Instructions226 pages

User Manual34 pages

Related product manuals

Preview: Siemens S7-300 Series

Siemens S7-300 Series

Preview: Siemens Simatic S7-300

Siemens Simatic S7-300

Preview: Siemens SITRANS S7-300

Siemens SITRANS S7-300

Preview: Siemens SIMATIC S7-300 Series

Siemens SIMATIC S7-300 Series

Preview: SIMATIC S7-300 Module data

SIMATIC S7-300 Module data

Preview: Siemens S7-1200

Siemens S7-1200

Preview: Siemens S7 Series

Siemens S7 Series

Preview: Siemens SIMATIC S7

Siemens SIMATIC S7

Siemens SIMATIC S7 F

Preview: Siemens Simantic S7-1500

Siemens Simantic S7-1500

Preview: Siemens Simatic S7 Series

Siemens Simatic S7 Series

Preview: SIMATIC S7-1500 Automation System

SIMATIC S7-1500 Automation System