Configuration and operation
4.7 Table "Certificate manager" (CP 1542SP-1 IRC, CP 1543SP-1)
CP 1542SP-1, CP 1542SP-1 IRC, CP 1543SP-1
92 Operating Instructions, 01/2017, C79000-G8976-C426-03
Notation for the source IP address (advanced firewall mode)
If you specify an address range for the source IP address in the advanced firewall settings of
the CP, make sure that the notation is correct:
● Separate the two IP addresses only using a hyphen.
Correct: 192.168.10.0-192.168.10.255
● Do not enter any other characters between the two IP addresses.
Incorrect: 192.168.10.0 - 192.168.10.255
If you enter the range incorrectly, the firewall rule will not be used.
Firewall settings for S7 connections via a VPN tunnel
IP rules in advanced firewall mode
If you set up configured connections (S7, OUC) with a VPN tunnel between the CP and a
communications partner, you will need to adapt the local firewall settings of the CP:
In advanced firewall mode ("Security > Firewall > IP rules") select the action "Allow*" for both
communications directions of the VPN tunnel.
Filtering of the system events
Communications problems if the value for system events is set too high
If the value for filtering the system events is set too high, you may not be able to achieve the
maximum performance for the communication. The high number of output error messages
can delay or prevent the processing of the communications connections.
In "Security > Log settings > Configure system events", set the "Level:" parameter to the
value "3 (Error)" to ensure the reliable establishment of the communications connections.
Table "Certificate manager" (CP 1542SP-1 IRC, CP 1543SP-1)
If the Security functions are enabled, in the STEP 7 project the certificates for all Security
modules involved are generated for example to allow communication via VPN connections.
Certificates generated by STEP 7 such as SSL certificates or VPN group certificates are
automatically assigned to the corresponding modules and do not need to be assigned using
the local security settings.
To Next Page
Loading...
Need help?
General
