Siemens SIMATIC NET S7-1500 - Restricting Communications Services in the CPU

To Next Page

To Previous Page

Configuration, programming

4.2 Restricting communications services in the CPU

CP 1543-1

34 Operating Instructions, 12/2019, C79000-G8976-C289-08

Protocol /

function

Port number (pro-

tocol)

Default of the port

Port status

Authentication

Online security

diagnostics

8448 (TCP) Closed Open after configuration No

HTTP

80 (TCP) Closed Open after configuration No

HTTPS

443 (TCP)

Closed

Open after configuration

Yes

FTP

20 (TCP)

21 (TCP)

Closed Open after configuration No

FTPS

989 (TCP)

990 (TCP)

Closed Open after configuration Yes

SNMP

161 (UDP)

Open

Open after configuration

Yes (with SNMPv3)

* For information on avoiding opening port 102 during diagnostics, see section Online

security diagnostics via port 8448 (Page 68).

Ports of communication partners and routers

Make sure that you enable the required client ports in the corresponding firewall on the

communications partners and in intermediary routers.

These can be:

● DHCP / 67, 68 (UDP)

● DNS / 53 (UDP)

● NTP / 123 (UDP)

● SMTP / 25 (TCP) - Open in CP on block call (outgoing only)

● SMTPS / 587 (TCP) - Open in CP on block call (outgoing only)

4.2 Restricting communications services in the CPU

Communications services without connections

The CPU can be a server for a series of communications services without connections being

configured for the CPU. Other communications partners can access CPU data. This means

that it is no longer possible for the local CPU to control communication with the clients.

The reliability of these communications services is set by the "Connection mechanisms"

parameter in the "Protection & Security" parameter group of the CPU.

Main Page

Siemens SIMATIC NET S7-1500 - Restricting Communications Services in the CPU

Table of Contents

Related product manuals