S7-Firewall
Securing the production-/automation-network from the company-network
General- Scalable "PLC-Firewall"; far beyond IP/MAC-address-filtering
- Automatic detection of the installation direction
- Protection against viruses such as S7-PLC-virus Stuxnet
- Step7-protocol filtering definable by Step7-syntax (S7-Firewall rule),
complete or individual process-data-sectors can be protected, even down to the individual bits of the control. - User-access-management for PLC- and operating-/programming-level in the machine-network,
further PLCs on request. - Access-management depends on IP/MAC-address of the immigrants
- Clear separation of read- and write-accesses
- Safe remote-maintenance-access
- Isolated maintenance area
more...
General
- Scalable "PLC-Firewall"; far beyond IP/MAC-address-filtering
- Automatic detection of the installation direction
- Protection against viruses such as S7-PLC-virus Stuxnet
- Step7-protocol filtering definable by Step7-syntax (S7-Firewall rule),
complete or individual process-data-sectors can be protected, even down to the individual bits of the control. - User-access-management for PLC- and operating-/programming-level in the machine-network,
further PLCs on request. - Access-management depends on IP/MAC-address of the immigrants
- Clear separation of read- and write-accesses
- Safe remote-maintenance-access
- Isolated maintenance area
- Alarm and event log
- optional: key switch
- Quick and easy configuration via integrated web-browser
- NAT
- DHCP client/server
- NTP-client
- Portforwarding
- integrated firewall
- Multiple IP addresses
Each WAN/LAN-port can each receive up to 3 different IP-addresses, so that immediately IP-networks with different network segments and addresses can be controlled remotely (eg 192.168.0.x and 10.xxx and 172.16.xx). - Routing of individual IP-addresses between WAN/LAN-port configurable
What is the S7-firewall
S7-firewall is a scalable "PLC-Firewall", which not only filters IP/MAC-addresses. Free-defined connections can be restricted/set to any data areas of the PLC. The S7-Firewall can be installed anywhere between PLC and operator/programmer-level. The S7-firewall detects the direction of installation automatically. It will be only configured connections authorized.
How does the S7-Firewall work
The PLC-firewall-connections results of the combination of HMI/PG-station and PLC-station
S7-Firewall-settings
The connections are formed from the combination of HMI/PG-station and PLC-station. Each HMI/PLC-station can be used repeatedly. Upon change from Mac- or IP-address this need only be changed centrally in the HMI/PG-station and PLC-station. Each connection is sorted to a connection rule.
The rule-script
In the rule-scripts would the data areas or possible access for the specified connection settled. The script can be accessed via the link of the connection.
Learn-mode
With the learn-mode you can define easy and fast new rules for the S7-Firewall.
Up to 3 IP-addresses per port
The WAN/LAN-port has shared IP-addresses, it can up to 3 different IP-addresses and subnets configured.
S7-firewall is a scalable "PLC-Firewall", which not only filters IP/MAC-addresses. Free-defined connections can be restricted/set to any data areas of the PLC. The S7-Firewall can be installed anywhere between PLC and operator/programmer-level. The S7-firewall detects the direction of installation automatically. It will be only configured connections authorized.
How does the S7-Firewall work
The PLC-firewall-connections results of the combination of HMI/PG-station and PLC-station
S7-Firewall-settings
The connections are formed from the combination of HMI/PG-station and PLC-station. Each HMI/PLC-station can be used repeatedly. Upon change from Mac- or IP-address this need only be changed centrally in the HMI/PG-station and PLC-station. Each connection is sorted to a connection rule.
The rule-script
In the rule-scripts would the data areas or possible access for the specified connection settled. The script can be accessed via the link of the connection.
Learn-mode
With the learn-mode you can define easy and fast new rules for the S7-Firewall.
Up to 3 IP-addresses per port
The WAN/LAN-port has shared IP-addresses, it can up to 3 different IP-addresses and subnets configured.
Protection againt virus attacks
You want to protect your system from viruses? No problem, with the S7-firewall you secure your system against virus attacks, like the virus "Stuxnet" and thus prevent destruction to your system and
process data.
Protection for data-dump and modification
You want to protect your system against unauthorized access and changes? No problem, with the S7-firewall you secure your system against unauthorized access and thus prevent deduction or alteration
of your system and process data.
Permit requests depending on the ip- and mac-address
You have in your facility machines from different manufacturers and no one does get access to the controls of the other? No problem, with the S7-firewall you can filter who can ever communicate
with the control network and which user with which end users. This is done through the IP address and MAC address.
Protection of data areas in the PLC
You have in your facility machinery with complex program structures and want to prevent that the users do not change comprehensible content? No problem, with the S7-firewall you can assign specific
data fields to each user or even generally protect certain data areas in the PLC.
Log messages via e-mail
You want to be informed of access violations and range errors in the communication with your controls? No problem, with the S7-firewall you can be informed about each of these attacks / injuries by
email to determine each polluter.
| Supply voltage: | 24V DC +/- 20% |
| Power consumption: | 3,6 Watt |
| Display: |
Web-Browser 4 Status-LEDs |
| Handling/Configuration: |
Web-Browser Taster for factory settings |
| Interfaces: |
1 x 10/100BaseTX RJ45-Ethernetjack for WAN-Port 4 x 10/100BaseTX RJ45-Ethernetjack switched all Ethernetports are Auto MDI-X (auto negotiation) |
| Operating temperature: | 0 - 55°C |
| Case: | powder coated metal case |
| Dimensions: | 154 x 92 x 28 mm |
| Scope of delivery: | |
|
S7-Firewall Power connector 3pins big |
options:
9373-O-LEARN
Option for S7-Firewall: Learnmode
Monitors the current traffic in the learn-mode, creating the appropriate rules for equipment requests and setpoints
by e-mail
Option for S7-Firewall: Learnmode
Monitors the current traffic in the learn-mode, creating the appropriate rules for equipment requests and setpoints
by e-mail
accessories:
Variationen:
9373-S7-FIREWALL
S7-Firewall
OEM - Version (all accessories optional)
by e-mail
S7-Firewall
OEM - Version (all accessories optional)
by e-mail
Security
S7-EasyProtectDefined PLC-accesses by key-switch
PLC-Router
S7-EasyProtectDefined PLC-accesses by key-switch
TeleRouterThe simple and quick router solution for automation