Xem mẫu

Setting up security in STEP 7 Professional SIMATIC NET Industrial Ethernet Security Setting up security in STEP 7 Professional ___________________ User interface and menu ______ ___________________ Firewall in advanced mode _____ VPN for network linking_______ Getting Started 09/2014 C79000-G8976-C379-01 Legal information Warning notice system This manual contains notices you have to observe in order to ensure your personal safety, as well as to prevent damage to property. The notices referring to your personal safety are highlighted in the manual by a safety alert symbol, notices referring only to property damage have no safety alert symbol. These notices shown below are graded according to the degree of danger. DANGER indicates that death or severe personal injury will result if proper precautions are not taken. WARNING indicates that death or severe personal injury may result if proper precautions are not taken. CAUTION indicates that minor personal injury can result if proper precautions are not taken. NOTICE indicates that property damage can result if proper precautions are not taken. If more than one degree of danger is present, the warning notice representing the highest degree of danger will be used. A notice warning of injury to persons with a safety alert symbol may also include a warning relating to property damage. Qualified Personnel The product/system described in this documentation may be operated only by personnel qualified for the specific task in accordance with the relevant documentation, in particular its warning notices and safety instructions. Qualified personnel are those who, based on their training and experience, are capable of identifying risks and avoiding potential hazards when working with these products/systems. Proper use of Siemens products Note the following: WARNING Siemens products may only be used for the applications described in the catalog and in the relevant technical documentation. If products and components from other manufacturers are used, these must be recommended or approved by Siemens. Proper transport, storage, installation, assembly, commissioning, operation and maintenance are required to ensure that the products operate safely and without any problems. The permissible ambient conditions must be complied with. The information in the relevant documentation must be observed. Trademarks All names identified by ® are registered trademarks of Siemens AG. The remaining trademarks in this publication may be trademarks whose use by third parties for their own purposes could violate the rights of the owner. Disclaimer of Liability We have reviewed the contents of this publication to ensure consistency with the hardware and software described. Since variance cannot be precluded entirely, we cannot guarantee full consistency. However, the information in this publication is reviewed regularly and any necessary corrections are included in subsequent editions. Siemens AG Industry Sector Postfach 48 48 90026 NÜRNBERG GERMANY C79000-G8976-C379-01 Ⓟ 09/2014 Subject to change Copyright © Siemens AG 2014. All rights reserved Table of contents 1 Preface................................................................................................................................................... 5 2 User interface and menu commands....................................................................................................... 9 2.1 User interface and menu commands........................................................................................9 3 Basic configuration................................................................................................................................ 15 3.1 Configuring IP addresses for SCALANCE S ..........................................................................15 3.1.1 Overview.................................................................................................................................15 3.1.2 Set up SCALANCE S and the network...................................................................................16 3.1.3 Making IP settings for the PC.................................................................................................17 3.1.4 Creating a project and security module..................................................................................18 3.1.5 Creating the security project...................................................................................................19 3.1.6 Assigning IP addresses ..........................................................................................................19 3.1.7 Downloading the configuration to SCALANCE S ...................................................................21 3.2 Configuring IP addresses for a CP.........................................................................................22 3.2.1 Overview.................................................................................................................................22 3.2.2 Making IP settings for the PC.................................................................................................23 3.2.3 Creating a project and security module..................................................................................24 3.2.4 Creating the security project...................................................................................................25 3.2.5 Assigning IP addresses ..........................................................................................................26 3.2.6 Downloading the configuration to the security module...........................................................26 4 Firewall in advanced mode.................................................................................................................... 29 4.1 Global rule sets.......................................................................................................................29 4.1.1 Overview.................................................................................................................................29 4.1.2 Make the IP settings for the PCs............................................................................................32 4.1.3 Configuring the local firewall...................................................................................................33 4.1.4 Configuring global firewall rule sets........................................................................................35 4.1.5 Downloading the configuration to the security module...........................................................37 4.1.6 Testing firewall function ..........................................................................................................39 4.2 Firewall rules for connections.................................................................................................45 4.2.1 Overview.................................................................................................................................45 4.2.2 Make the IP settings for the PCs............................................................................................47 4.2.3 Configuring the local firewall...................................................................................................49 4.2.4 Configuring connection firewall rules......................................................................................50 4.2.5 Downloading the configuration to the security module...........................................................51 4.2.6 Testing firewall function ..........................................................................................................52 4.3 User-specific firewall...............................................................................................................58 4.3.1 Overview.................................................................................................................................58 4.3.2 Make the IP settings for the PCs............................................................................................59 4.3.3 Configuring the local firewall...................................................................................................61 4.3.4 Creating remote access users................................................................................................61 4.3.5 Configuring user-specific firewall rule sets .............................................................................62 4.3.6 Downloading the configuration to the security module...........................................................65 4.3.7 Activating a user-specific firewall rule set...............................................................................66 Setting up security in STEP 7 Professional Getting Started, 09/2014, C79000-G8976-C379-01 3 Table of contents 4.3.8 Testing firewall function ......................................................................................................... 67 4.4 NAT........................................................................................................................................ 71 4.4.1 Overview................................................................................................................................ 71 4.4.2 Making IP settings for the PC ................................................................................................ 73 4.4.3 Configuring destination NAT and local firewall...................................................................... 75 4.4.4 Downloading the configuration to the security module.......................................................... 77 4.4.5 Testing NAT function ............................................................................................................. 78 5 VPN for network linking......................................................................................................................... 87 5.1 VPN tunnel in the LAN between all security products ........................................................... 87 5.1.1 Overview................................................................................................................................ 87 5.1.2 Make the IP settings for the PCs ........................................................................................... 89 5.1.3 Creating SOFTNET Security Client module .......................................................................... 91 5.1.4 Configuring a VPN group....................................................................................................... 91 5.1.5 Saving the SOFTNET Security Client configuration.............................................................. 93 5.1.6 Downloading the configuration to the security module.......................................................... 93 5.1.7 Set up a tunnel with the SOFTNET Security Client............................................................... 95 5.1.8 Testing the tunnel .................................................................................................................. 96 5.2 VPN tunnel SOFTNET Security Client and CPs or SCALANCE S........................................ 99 5.2.1 Overview................................................................................................................................ 99 5.2.2 Make the IP settings for the PCs ......................................................................................... 101 5.2.3 Creating SOFTNET Security Client module ........................................................................ 103 5.2.4 Configuring a VPN group..................................................................................................... 103 5.2.5 Configuring VPN properties of the security module............................................................. 105 5.2.6 Saving the SOFTNET Security Client configuration............................................................ 105 5.2.7 Downloading the configuration to the security module........................................................ 105 5.2.8 Set up a tunnel with the SOFTNET Security Client............................................................. 107 5.2.9 Testing the tunnel ................................................................................................................ 108 5.3 VPN with SOFTNET Security Client and SCALANCE S as user-specific firewall............... 111 5.3.1 Overview.............................................................................................................................. 111 5.3.2 Make the IP settings for the PCs ......................................................................................... 113 5.3.3 Creating SOFTNET Security Client module ........................................................................ 115 5.3.4 Configuring a VPN group..................................................................................................... 115 5.3.5 Configuring VPN properties of the security module............................................................. 117 5.3.6 Configuring the local firewall................................................................................................ 117 5.3.7 Creating remote access users............................................................................................. 118 5.3.8 Configuring user-specific firewall rule sets .......................................................................... 119 5.3.9 Saving the SOFTNET Security Client configuration............................................................ 122 5.3.10 Downloading the configuration to the security module........................................................ 122 5.3.11 Set up a tunnel with the SOFTNET Security Client............................................................. 124 5.3.12 Activating a user-specific firewall rule set............................................................................ 126 5.3.13 Testing the tunnel and firewall function ............................................................................... 127 Setting up security in STEP 7 Professional 4 Getting Started, 09/2014, C79000-G8976-C379-01 Preface 1 Getting results fast with Getting Started Based on simple test networks, you will learn how to handle the security modules and the STEP 7 Professional configuration tool. You will soon see that you can implement the security functions of security modules in the network without any great project engineering effort. Based on a variety of security examples, you will be able to implement the basic functions of the security modules and the SOFTNET Security Client. IP settings for the Examples Note The IP settings in the examples are freely selected and do not cause any conflicts in the isolated test network. In a real network, you would need to adapt these IP settings to avoid possible address conflicts. Validity of this Getting Started Configuration software: ● STEP 7 Professional V13 Products: ● SCALANCE S – SCALANCE S602, order number: 6GK5 602-0BA10-2AA3 – SCALANCE S612, order number: 6GK5 612-0BA10-2AA3 – SCALANCE S623, order number: 6GK5 623-0BA10-2AA3 – SCALANCE S627-2M, order number: 6GK5 627-2BA10-2AA3 ● CPs – CP 343-1 Advanced GX31 as of V3.0, order number: 6GK7 343-1GX31-0XE0 – CP 443-1 Advanced GX30 as of V3.0, order number: 6GK7 443-1GX30-0XE0 – CP 1543-1 as of V1.1, order number: 6GK7 543-1AX00-0XE0 – CP 1243-1, order number: 6GK7 243-1BX30-0XE0 ● VPN client software – SOFTNET Security Client as of V4.0, order number: 6GK1 704-1VW04-0AA0 Setting up security in STEP 7 Professional Getting Started, 09/2014, C79000-G8976-C379-01 5 ... - tailieumienphi.vn
nguon tai.lieu . vn