Xem mẫu
Setting up security in STEP 7
Professional
SIMATIC NET
Industrial Ethernet Security Setting up security in STEP 7 Professional
___________________
User interface and menu ______
___________________
Firewall in advanced mode _____
VPN for network linking_______
Getting Started
09/2014
C79000-G8976-C379-01
Legal information
Warning notice system
This manual contains notices you have to observe in order to ensure your personal safety, as well as to prevent damage to property. The notices referring to your personal safety are highlighted in the manual by a safety alert symbol, notices referring only to property damage have no safety alert symbol. These notices shown below are graded according to the degree of danger.
DANGER
indicates that death or severe personal injury will result if proper precautions are not taken.
WARNING
indicates that death or severe personal injury may result if proper precautions are not taken.
CAUTION
indicates that minor personal injury can result if proper precautions are not taken.
NOTICE
indicates that property damage can result if proper precautions are not taken.
If more than one degree of danger is present, the warning notice representing the highest degree of danger will be used. A notice warning of injury to persons with a safety alert symbol may also include a warning relating to property damage.
Qualified Personnel
The product/system described in this documentation may be operated only by personnel qualified for the specific
task in accordance with the relevant documentation, in particular its warning notices and safety instructions. Qualified personnel are those who, based on their training and experience, are capable of identifying risks and avoiding potential hazards when working with these products/systems.
Proper use of Siemens products Note the following:
WARNING
Siemens products may only be used for the applications described in the catalog and in the relevant technical documentation. If products and components from other manufacturers are used, these must be recommended or approved by Siemens. Proper transport, storage, installation, assembly, commissioning, operation and maintenance are required to ensure that the products operate safely and without any problems. The permissible ambient conditions must be complied with. The information in the relevant documentation must be observed.
Trademarks
All names identified by ® are registered trademarks of Siemens AG. The remaining trademarks in this publication may be trademarks whose use by third parties for their own purposes could violate the rights of the owner.
Disclaimer of Liability
We have reviewed the contents of this publication to ensure consistency with the hardware and software described. Since variance cannot be precluded entirely, we cannot guarantee full consistency. However, the information in this publication is reviewed regularly and any necessary corrections are included in subsequent editions.
Siemens AG Industry Sector Postfach 48 48 90026 NÜRNBERG
GERMANY
C79000-G8976-C379-01
Ⓟ 09/2014 Subject to change
Copyright © Siemens AG 2014.
All rights reserved
Table of contents
1 Preface................................................................................................................................................... 5
2 User interface and menu commands....................................................................................................... 9
2.1 User interface and menu commands........................................................................................9
3 Basic configuration................................................................................................................................ 15
3.1 Configuring IP addresses for SCALANCE S ..........................................................................15 3.1.1 Overview.................................................................................................................................15 3.1.2 Set up SCALANCE S and the network...................................................................................16 3.1.3 Making IP settings for the PC.................................................................................................17 3.1.4 Creating a project and security module..................................................................................18 3.1.5 Creating the security project...................................................................................................19 3.1.6 Assigning IP addresses ..........................................................................................................19 3.1.7 Downloading the configuration to SCALANCE S ...................................................................21
3.2 Configuring IP addresses for a CP.........................................................................................22 3.2.1 Overview.................................................................................................................................22 3.2.2 Making IP settings for the PC.................................................................................................23 3.2.3 Creating a project and security module..................................................................................24 3.2.4 Creating the security project...................................................................................................25 3.2.5 Assigning IP addresses ..........................................................................................................26 3.2.6 Downloading the configuration to the security module...........................................................26
4 Firewall in advanced mode.................................................................................................................... 29
4.1 Global rule sets.......................................................................................................................29 4.1.1 Overview.................................................................................................................................29 4.1.2 Make the IP settings for the PCs............................................................................................32 4.1.3 Configuring the local firewall...................................................................................................33 4.1.4 Configuring global firewall rule sets........................................................................................35 4.1.5 Downloading the configuration to the security module...........................................................37 4.1.6 Testing firewall function ..........................................................................................................39
4.2 Firewall rules for connections.................................................................................................45 4.2.1 Overview.................................................................................................................................45 4.2.2 Make the IP settings for the PCs............................................................................................47 4.2.3 Configuring the local firewall...................................................................................................49 4.2.4 Configuring connection firewall rules......................................................................................50 4.2.5 Downloading the configuration to the security module...........................................................51 4.2.6 Testing firewall function ..........................................................................................................52
4.3 User-specific firewall...............................................................................................................58 4.3.1 Overview.................................................................................................................................58 4.3.2 Make the IP settings for the PCs............................................................................................59 4.3.3 Configuring the local firewall...................................................................................................61 4.3.4 Creating remote access users................................................................................................61 4.3.5 Configuring user-specific firewall rule sets .............................................................................62 4.3.6 Downloading the configuration to the security module...........................................................65 4.3.7 Activating a user-specific firewall rule set...............................................................................66
Setting up security in STEP 7 Professional
Getting Started, 09/2014, C79000-G8976-C379-01 3
Table of contents
4.3.8 Testing firewall function ......................................................................................................... 67
4.4 NAT........................................................................................................................................ 71 4.4.1 Overview................................................................................................................................ 71 4.4.2 Making IP settings for the PC ................................................................................................ 73 4.4.3 Configuring destination NAT and local firewall...................................................................... 75 4.4.4 Downloading the configuration to the security module.......................................................... 77 4.4.5 Testing NAT function ............................................................................................................. 78
5 VPN for network linking......................................................................................................................... 87
5.1 VPN tunnel in the LAN between all security products ........................................................... 87 5.1.1 Overview................................................................................................................................ 87 5.1.2 Make the IP settings for the PCs ........................................................................................... 89 5.1.3 Creating SOFTNET Security Client module .......................................................................... 91 5.1.4 Configuring a VPN group....................................................................................................... 91 5.1.5 Saving the SOFTNET Security Client configuration.............................................................. 93 5.1.6 Downloading the configuration to the security module.......................................................... 93 5.1.7 Set up a tunnel with the SOFTNET Security Client............................................................... 95 5.1.8 Testing the tunnel .................................................................................................................. 96
5.2 VPN tunnel SOFTNET Security Client and CPs or SCALANCE S........................................ 99 5.2.1 Overview................................................................................................................................ 99 5.2.2 Make the IP settings for the PCs ......................................................................................... 101 5.2.3 Creating SOFTNET Security Client module ........................................................................ 103 5.2.4 Configuring a VPN group..................................................................................................... 103 5.2.5 Configuring VPN properties of the security module............................................................. 105 5.2.6 Saving the SOFTNET Security Client configuration............................................................ 105 5.2.7 Downloading the configuration to the security module........................................................ 105 5.2.8 Set up a tunnel with the SOFTNET Security Client............................................................. 107 5.2.9 Testing the tunnel ................................................................................................................ 108
5.3 VPN with SOFTNET Security Client and SCALANCE S as user-specific firewall............... 111 5.3.1 Overview.............................................................................................................................. 111 5.3.2 Make the IP settings for the PCs ......................................................................................... 113 5.3.3 Creating SOFTNET Security Client module ........................................................................ 115 5.3.4 Configuring a VPN group..................................................................................................... 115 5.3.5 Configuring VPN properties of the security module............................................................. 117 5.3.6 Configuring the local firewall................................................................................................ 117 5.3.7 Creating remote access users............................................................................................. 118 5.3.8 Configuring user-specific firewall rule sets .......................................................................... 119 5.3.9 Saving the SOFTNET Security Client configuration............................................................ 122 5.3.10 Downloading the configuration to the security module........................................................ 122 5.3.11 Set up a tunnel with the SOFTNET Security Client............................................................. 124 5.3.12 Activating a user-specific firewall rule set............................................................................ 126 5.3.13 Testing the tunnel and firewall function ............................................................................... 127
Setting up security in STEP 7 Professional 4 Getting Started, 09/2014, C79000-G8976-C379-01
Preface 1
Getting results fast with Getting Started
Based on simple test networks, you will learn how to handle the security modules and the STEP 7 Professional configuration tool. You will soon see that you can implement the security functions of security modules in the network without any great project engineering effort.
Based on a variety of security examples, you will be able to implement the basic functions of the security modules and the SOFTNET Security Client.
IP settings for the Examples
Note
The IP settings in the examples are freely selected and do not cause any conflicts in the isolated test network.
In a real network, you would need to adapt these IP settings to avoid possible address conflicts.
Validity of this Getting Started Configuration software:
● STEP 7 Professional V13 Products:
● SCALANCE S
– SCALANCE S602, order number: 6GK5 602-0BA10-2AA3 – SCALANCE S612, order number: 6GK5 612-0BA10-2AA3 – SCALANCE S623, order number: 6GK5 623-0BA10-2AA3
– SCALANCE S627-2M, order number: 6GK5 627-2BA10-2AA3 ● CPs
– CP 343-1 Advanced GX31 as of V3.0, order number: 6GK7 343-1GX31-0XE0 – CP 443-1 Advanced GX30 as of V3.0, order number: 6GK7 443-1GX30-0XE0 – CP 1543-1 as of V1.1, order number: 6GK7 543-1AX00-0XE0
– CP 1243-1, order number: 6GK7 243-1BX30-0XE0 ● VPN client software
– SOFTNET Security Client as of V4.0, order number: 6GK1 704-1VW04-0AA0
Setting up security in STEP 7 Professional
Getting Started, 09/2014, C79000-G8976-C379-01 5
...
- tailieumienphi.vn
nguon tai.lieu . vn