×
Siemens Industry Online Support
Siemens AG
Tipo di articolo: FAQ, ID articolo: 8970169, Data articolo: 05/07/2017
(17)
Valuta

Which ports are used by the various services for data transfer via TCP and UDP and what should you watch out for when using routers and firewalls?

  • Articolo
  • Riguarda prodotto/i
The various services each use their own port for data transfer via TCP and UDP.

If the data is transferred via routers or if firewalls are used, the port must be enabled in the router or firewall according to the service implemented.

Note
The rule for port enabling can be used for internal routers. In general, access from the internet to an S7-CPU should be made via VPN (Virtual Private Network).
 

Service

Destination port

Transport protocol

Description

FTP

20, 21

TCP

FTP (File Transfer Protocol) functions are used for file management and access to data blocks in the CPU (client and server function). Here, FTP uses TCP/IP as the underlying protocol.

Using the File Transfer Protocol you can execute commands for files and directories, for example:

  • List or delete files and directories on the remote system
  • Access files in the communications processor (CP). With an FTP client you can download files (your own HTML pages, for example) from a PC into the CP.
Telnet 23 TCP

Telnet helps set up a terminal session on the Telnet server to the Telnet client. This client/server protocol is based on TCP and enables remote configuration, for example.
With SCALANCE products, remote configuration is possible with the CLI (Command Line Interface) via Telnet. You enable or disable the Telnet Server service for unencrypted access to the CLI (Command Line Interface) of the SCALANCE products.

SMTP

25
465

587

TCP

The Simple Mail Transport Protocol is used in the internet to deliver e-mails to a mail server and exchange mails between two mail servers.
SMTP is used to gain access to the e-mail client (CP is SMTP client) on a mail server (SMTP server).

Direction of access
With an S7 CPU or a CP you can send e-mails from the user program. This is done by sending a message to the port used by the mail server (25, 465 or 587) and the IP address of the configured mail server.

DNS 53 TCP,
UDP
The Domain Name System is responsible for name assignment and name resolution in IP-based networks.
bootps (DHCP) 67 (server) UDP The Dynamic Host Configuration Protocol permits you to assign the network configuration to clients by means of a server.
bootpc (DHCP) 68 (client) UDP
TFTP 69 UDP The Trivial File Transfer Protocol (TFTP) is a simple protocol for file transfer. Each file package is acknowledged separately. TFTP is used with SCALANCE products to download firmware or save and load configurations.

HTTP

80

TCP

The Hypertext Transfer Protocol (HTTP) is a transfer protocol for transferring information in the World Wide Web (WWW). Using HTTP you access the web server of the S7-CPU or of the CP to monitor device and process data and to use the web diagnostics functions.

RFC1006

102

TCP

RFC 1006 entitled "ISO Transport Service on top of the TCP" (ISO-on-TCP) is a protocol extension for the TCP protocol and permits a reliable connection between two systems.

RFC 1006 is used for standard connections in the SIMATIC environment.

  • STEP 7 remote programming via LAN

  • ISO-on-TCP connections

  • S7 connections via Industrial Ethernet

Note

  • Port 102 is blocked by default in routers and firewalls.
  • Further information about the RFC1006 service is available in Entry 15048962.
NTP 123 UDP The Network Time Protocol (NTP) is a standard for time synchronization in IP-based networks.
SNMP 161,162 UDP Simple Network Management Protocol (SNMP) is a UDP-based protocol that has been specified specially for the administration of data networks. The SNMP is for managing and configuring the different network components. In this way routers, switches and other components that are usually widely distributed can be managed from a central workstation.
HTTPS 443 TCP Hyper Text Transfer Protocol Secure (HTTPS) is for encryption and authentication of the communication between web server and browser in the World Wide Web.
ISAKMP 500 UDP The Internet Security Association and Key Management Protocol (ISAKMP) is a protocol for establishing security associations (SA) and exchanging cryptic codes in the internet.
Modbus 502 TCP
Modbus TCP is a standardized connection to the cyclic client-server communication.
Syslog 514 UDP The syslog protocol is for transferring syslog messages. Syslog messages contain short text messages (less than 1024 bytes) and are transferred unencrypted.
IPSec 4500 TCP,
UDP
Internet Protocol Security (IPS) is a security protocol that provides the following protection goals for communication over IP networks:
  • Confidentiality
  • Authenticity
  • Integrity

It is used to establish virtual private networks (VPN).

Table 1

Table 2 lists the product groups with the UDP/TCP protocols.
 

Service

Product groups

SCALANCE X with Management functionsSCALANCE WPLCPLC CPsPC CPsIE/AS-i Link
IE/PB Link
IWLAN/PB Link
FTP server---X1)X-
TelnetXX--XX5)
SMTPXX--XX3)
DNS----X-
bootpc
(DHCP client)
XX-X1)XX3)
TFTP clientXX--XX3)
HTTPXXX10)X1)XX3)
RFC1006--X10)X1)XX4)
NTPX6)X6)7)X10)X1)XX
SNMPXXX10)X1)XX
HTTPSXXX10)-X-
Syslog clientX8)X----
ISAKMP----X-
Modbus TCP--X9)X2)--
IPsec----X-

Table 2

1) Information about which Industrial Ethernet CPs support these services is available in the following entries: 16767769 und 15368142.
2)
The Modbus TCP service is supported with the Modbus/TCP CP product. Further information about Modbus/TCP communication is available in Entry 22660304.
3) This service is supported only by IE/AS-i Link.
4) This service is supported only by IE/PB Link and IWLAN/PB Link.
5) This service is supported only by IWLAN/PB Link.
6) SCALANCE X and SCALANCE W support the Simple Network Time Protocol (SNTP), the simple form of the Network Time Protocol (NTP).
7) SCALANCE W in compliance with IEEE 802.11n supports Network Time Protocol (NTP). An overview of the SIMATIC NET Industrial Wireless LAN components in compliance with IEEE 802.11n is available in the following entry: 56692761.
8) SCALANCE X-300, X-400 and X-500 can be used as Syslog clients.
9) The Modbus TCP service is supported with the Modbus/TCP CP product. Further information about Modbus/TCP communication is available in Entry 22660304.
10) Information about which CPUs support this service is available in Entry: 18909487.

Further Information

  • Entry 80917729shows which ports are used by WinCC Advanced, WinCC Runtime Advanced, WinCC Runtime Professional, Basic Panels, Comfort Panels, Panels and IPC.
  • Entry 109573355 includes information about which ports have to be enabled on the Teleservice adapter IE Advanced to be able to download a configuration via Ethernet.
  • Entry 50203404 includes an overview with links to the essential entries for Industrial Security (plant security).

Further information about the above-mentioned products is available in the manuals below.
 

ManualEntry ID
Industrial Ethernet Switches SCALANCE X-200 Operating Instructions102051962
Industrial Ethernet Switches SCALANCE X-300 Operating Instructions

25248331

Industrial Ethernet Switches SCALANCE X-400 Operating Instructions74844640
SIMATIC NET Industrial Ethernet Switches SCALANCE XM-400/XR-500
Web Based Management (WBM) - Configuration Manual

109482667

SIMATIC NET Industrial Ethernet Switches SCALANCE XM-400/XR-500 Command Line Interface (CLI) - Configuration Manual109482670
SIMATIC NET Industrial Wireless LAN SCALANCE W780/W740 in compliance with
IEEE 802.11n Web Based Management - Configuration Manual
109480851
SIMATIC NET Industrial Wireless LAN SCALANCE W760/W720 in compliance with
IEEE 802.11n Web Based Management - Configuration Manual
109480845
SIMATIC NET Industrial Wireless LAN SCALANCE W770/W730 in compliance with
IEEE 802.11n Web Based Management
108612828
SIMATIC NET Industrial Wireless LAN SCALANCE W780/W740 in compliance with
IEEE 802.11n Command Line Interface - Configuration Manual
109480852
SIMATIC NET Industrial Wireless LAN SCALANCE W760/W720 in compliance with
IEEE 802.11n Web Based Management - Configuration Manual
109480845
SIMATIC NET Industrial Wireless LAN SCALANCE W770/W730 in compliance with
IEEE 802.11n Web Based Management - Configuration Manual
109480849
IE/PB Link PN IO19299692
IWLAN/PB Link21379908
SIMATIC NET IE/AS Interface LINK PN IO61455401

Table 3

Avvertenze di sicurezza
Al fine di proteggere impianti, sistemi, macchine e reti da minacce cibernetiche, è necessario implementare – e mantenere continuamente – un concetto di Industrial Security globale e all’avanguardia. I prodotti e le soluzioni Siemens costituiscono soltanto una componente imprescindibile di questo concetto. Ulteriori informazioni inerenti Industrial Security sono disponibili al sito
http://www.siemens.com/industrialsecurity.
Sostegno per la statistica
Con questa funzione gli ID del risultato di ricerca saranno visualizzati secondo il numero desiderato (formato .txt)

Generare elenco
Copiare URL
Cockpit mySupport