×
Siemens Industry Online Support
Siemens AG
Entry type: FAQ Entry ID: 62370912, Entry date: 07/23/2012
(1)
Rate

What should you watch out for when enabling and using the security functions of CP343-1 Advanced and CP443-1 Advanced?

  • Entry
  • Associated product(s)

Description
By combining different security functions such as firewall, NAT/NAPT router and VPN (Virtual Private Network) over IPsec tunnel the CPx43-1 Advanced protects individual S7-400 stations, S7-300 stations and even complete automation cells against unauthorized access.

When you enable and use the security functions of the CPx43-1 Advanced you ensure that the CP has the current time and current date. Having the current time and date is extremely important for verifying the validity of the certificates used, for example, when you establish a secure IPsec tunnel connection to one or more security modules.
If you do not take the time from the station (CPU), you can synchronize the time using a SIMATIC procedure or the Network Time Protocol (NTP).

Note on security
Caution
The functions and solutions described in this article confine themselves predominantly to the realization of the automation task. Furthermore, please take into account that corresponding protective measures have to be taken in the context of Industrial Security when connecting your equipment to other parts of the plant, the enterprise network or the internet. More information is available in Entry ID: 50203404.

Additional Information
More information about time synchronization is available in the entries below.
 

Subject Entry ID
How do you configure the SIMATIC S7-300 as time master or time slave for time-of-day synchronization via Industrial Ethernet in SIMATIC mode? 44049612
How do you configure the SIMATIC S7-400 as time master or time slave for time-of-day synchronization via Industrial Ethernet in SIMATIC mode? 18130164
Which SIMATIC S7-300/S7-400 modules support the NTP time-of-day message and how do you activate this kind of time synchronization? 17990844

Security information
In order to protect technical infrastructures, systems, machines and networks against cyber threats, it is necessary to implement – and continuously maintain – a holistic, state-of-the-art IT security concept. Siemens’ products and solutions constitute one element of such a concept. For more information about cyber security, please visit
https://www.siemens.com/cybersecurity#Ouraspiration.