Configuration
4.16 Security
CP 1243-8 IRC
108 Operating Instructions, 02/2018, C79000-G8976-C385-03
●
Period after which the key is exchanged again between the CP and the master. The
interval must be matched up on both communications partners.
Range of values: 0...65535 min. at 0 (zero), the key is never changed (function disabled).
Default setting: 15 min.
Recommendation: Set the key exchange interval for the CP twice as high as for the
master.
●
Maximum waiting time for the response from the master to an authentication request of
the CP.
Exceeding the wait time is evaluated as an error by the CP. In this case, the CP
generates a security event and sends this to the master.
Range of values: 1... 65535 s Default setting: 5
●
The pre-shared key can be configured in two ways:
– Manual configuration
Enter the pre-shared key in STEP 7 manually as a hexadecimal value.
– Import as file
Import the pre-shared key from the file system of the engineering station if the pre-
shared key was generated by the master or another system.
The pre-shared key of the CP must be identical to the pre-shared key of the master.
Pre-check of messages by the MAC firewall.
Each incoming or outgoing frame initially runs through the MAC firewall (layer 2). If the frame
is discarded at this level, it will not be checked by the IP firewall (layer 3). This means that
with suitable MAC firewall rules, IP communication can be restricted or blocked.
Firewall settings for configured connection connections via a VPN tunnel
IP rules in advanced firewall mode
If you set up configured connection connections with a VPN tunnel between the CP and a
communications partner, you will need to adapt the local firewall settings of the CP:
In advanced firewall mode ("Security > Firewall > IP rules") select the action "Allow*" for both
communications directions of the VPN tunnel.
See section Settings for online security diagnostics and downloading to station with the
firewall activated (Page 109) for information on this.
To Next Page
Loading...
Need help?
General
