• Scalable "PLC-Firewall"; far beyond IP/MAC-address-filtering
• Automatic detection of the installation direction
• Protection against viruses such as S7-PLC-virus Stuxnet
• Step7-protocol filtering definable by Step7-syntax (S7-Firewall rule),
  complete or individual process-data-sectors can be protected, even down to the individual bits of the control.
• User-access-management for PLC- and operating-/programming-level in the machine-network,
  further PLCs on request.
• Access-management depends on IP/MAC-address of the immigrants
• Clear separation of read- and write-accesses
• Safe remote-maintenance-access
• Isolated maintenance area
• Alarm and event log
• optional: key switch

• Quick and easy configuration via integrated web-browser
• NAT
• DHCP client/server
• NTP-client
• Portforwarding
• integrated firewall
• Multiple IP addresses
  Each WAN/LAN-port can each receive up to 3 different IP-addresses, so that immediately IP-networks with different network segments and addresses can be controlled remotely (eg 192.168.0.x and 10.xxx and 172.16.xx).
• Routing of individual IP-addresses between WAN/LAN-port configurable

What is the S7-firewall

S7-firewall is a scalable "PLC-Firewall", which not only filters IP/MAC-addresses. Free-defined connections can be restricted/set to any data areas of the PLC. The S7-Firewall can be installed anywhere between PLC and operator/programmer-level. The S7-firewall detects the direction of installation automatically. It will be only configured connections authorized.


How does the S7-Firewall work

The PLC-firewall-connections results of the combination of HMI/PG-station and PLC-station


S7-Firewall-settings







The connections are formed from the combination of HMI/PG-station and PLC-station. Each HMI/PLC-station can be used repeatedly. Upon change from Mac- or IP-address this need only be changed centrally in the HMI/PG-station and PLC-station. Each connection is sorted to a connection rule.


The rule-script



In the rule-scripts would the data areas or possible access for the specified connection settled. The script can be accessed via the link of the connection.


Learn-mode


With the learn-mode you can define easy and fast new rules for the S7-Firewall.


Up to 3 IP-addresses per port



The WAN/LAN-port has shared IP-addresses, it can up to 3 different IP-addresses and subnets configured.

Technical data

technical data
docu / downloads

Applications

Protection againt virus attacks You want to protect your system from viruses? No problem, with the S7-firewall you secure your system against virus attacks, like the virus "Stuxnet" and thus prevent destruction to your system and process data.	Protection for data-dump and modification You want to protect your system against unauthorized access and changes? No problem, with the S7-firewall you secure your system against unauthorized access and thus prevent deduction or alteration of your system and process data.
Permit requests depending on the ip- and mac-address You have in your facility machines from different manufacturers and no one does get access to the controls of the other? No problem, with the S7-firewall you can filter who can ever communicate with the control network and which user with which end users. This is done through the IP address and MAC address.	Protection of data areas in the PLC You have in your facility machinery with complex program structures and want to prevent that the users do not change comprehensible content? No problem, with the S7-firewall you can assign specific data fields to each user or even generally protect certain data areas in the PLC.
Log messages via e-mail You want to be informed of access violations and range errors in the communication with your controls? No problem, with the S7-firewall you can be informed about each of these attacks / injuries by email to determine each polluter.

technical data
applications
docu / downloads

article:
Art. ID.	name
9373-S7-FIREWALL	S7-Firewall OEM - Version (all accessories optional)