Phoenix Contact 1153079 Скачать руководство пользователя

Страница: 22 / 54

FL MGUARD 1000 product family

22 / 52

PHOENIX CONTACT

108413_en_06

2.5.5

Firewall and device access

At the firewall, a distinction is made between incoming and

routed

data traffic:

–

Incoming data traffic

is the packets that are sent to the device (device access).

–

Routed data traffic

is the packets that are

routed

through the device, for example that

come in via net zone 2 (XF2) and go out via net zone 1 (XF1).

Firewall (for incoming data traffic) = device access

Firewall (for routed data traffic) = routing

Table 2

Default setting

: firewall for incoming data traffic

Service,

protocol

Incoming via

Port

Description

HTTPS

Net zone 2 (XF2)

TCP 443

Corresponding requests to the

web server of the device are per

mitted, i.e.:

– login and configuration via

web-based management

– login and configuration via

RESTful server (

Config API

)

SNMP

Net zone 2 (XF2)

UDP 161

Corresponding requests to the

SNMP server of the device are

permitted.

DHCP

Net zone 2 (XF2)

UDP 67

Corresponding requests to the

DHCP server of the device are

permitted.

DNS

Net zone 2 (XF2)

TCP 53
UDP 53

Corresponding requests to the

DNS server of the device are per

mitted.

NTP

Net zone 2 (XF2)

UDP 123

Corresponding requests to the

NTP server of the device are per

mitted.

ICMP
(IPv4)

Net zone 2 (XF2)

Ping requests (

ICMP requests

) to

the configured or assigned (per

DHCP) IPv4 addresses of the net

zones (in

router mode

) or the man

agement IP address (in

stealth

mode

) are permitted.

Access to all other network services and network protocols of the device are dropped by

the firewall.

Default setting

All packets that are sent from net zone 2 (XF2), i.e. from subnetwork 192.168.1.0/24, to

any target address are forwarded by the device (

routed

(Rule: 192.168.1.0/24 --> 0.0.0.0/0 = ACCEPT).
All other packets are rejected.

Содержание 1153079

Страница 1: ...User manual UM EN FL MGUARD 1000 FL MGUARD 1000 Installation and startup...

Страница 2: ...achsmarktstra e 8 32825 Blomberg Germany phoenixcontact com 108413_en_06 FL MGUARD 1000 Installation and startup Designation Version Order No FL MGUARD 1102 1153079 User manual This user manual is val...

Страница 3: ...tus and diagnostic indicators 14 2 5 Default setting 19 3 Mounting and installation 23 3 1 Mounting and removal 23 3 2 Connecting the supply voltage 24 3 3 Connecting to the network 25 3 4 Connecting...

Страница 4: ...ACT 108413_en_06 5 2 Using smart mode 43 6 Device replacement device defect and repair 45 6 1 Secure deletion of sensitive data 45 6 2 Device replacement 45 6 3 Device defect and repair 45 6 4 Disposa...

Страница 5: ...on technology as well as applicable stan dards and other regulations 1 4 Intended use The devices of the FL MGUARD 1000 series are security routers for industrial use with integrated stateful packet i...

Страница 6: ...of material damage due to incorrect wiring Connect the network connections of the device to Ethernet installations only Some tele communications connections also use RJ45 jacks these must not be conne...

Страница 7: ...tect network capable devices solutions and PC based software Phoenix Contact strongly recommends using an Information Security Management System ISMS to manage all of the infrastructure based organiza...

Страница 8: ...r the measures you have taken still provide adequate protection for your components networks and systems threat analyses should be performed regularly Perform a threat analysis on a regular basis Deac...

Страница 9: ...Response Team PSIRT The Phoenix Contact PSIRT is the central team for Phoenix Contact as well as for its sub sidiaries authorized to respond to potential security vulnerabilities incidents and other...

Страница 10: ...FL MGUARD 1000 product family 10 52 PHOENIX CONTACT 108413_en_06...

Страница 11: ...s or multiple subnets with the same IP configuration can easily be integrated into an existing network without having to change the IP configuration of the machine or the subnets Figure 2 1 NAT router...

Страница 12: ...uld result in a malfunction Immediately upon delivery refer to the delivery note to ensure that the delivery is com plete Submit claims for any transport damage immediately and inform Phoenix Contact...

Страница 13: ...1 RJ45 Ethernet port see Section 3 3 LNK ACT LED top SPD LED bottom see Section 2 4 2 Connection of digital inputs via COMBICON con nector Push in contact See Section 3 4 Status and diagnostic LEDs Se...

Страница 14: ...update Ready for opera tion Test mode alarm Wait until the device has been started up com pletely The firmware is written to the device NOTE An interruptionin the power supply can damage the device Do...

Страница 15: ...four seconds The smart mode func tion is executed Do not switch off the de vice NOTE An interrup tion in the power sup ply can damage the device Do not switch off the device Wait until the smart mode...

Страница 16: ...EDs LNK ACT and SPD Designation Color Status Meaning LNK ACT XF1 XF2 Upper LED Green On Link active Flashing Data packets are being transmit ted Off Link not active SPD XF1 XF2 Lower LED Green or ange...

Страница 17: ...n Color Status Meaning US1 Green On Supply voltage within the tolerance range see Section 7 Off Supply voltage not present or too low see Section 7 US2 Green On The devices do not have a redundant pow...

Страница 18: ...F5 have gone out and PF1 flashes green heartbeat On permanent A serious error occurred The device did not reach readi ness for operation All network interfaces have been deactivated Restart the device...

Страница 19: ...evice is restricted by the firewall for incoming data traf fic see Firewall for incoming data traffic device access Table 2 7 Default setting configuration of the network interfaces Function Net zone...

Страница 20: ...7 DNS client Net zone 1 XF1 Net zone 2 XF2 applies the settings of net zone 1 Sends DNS requests to available DNS servers via UDP port 53 Default setting The address of a DNS server can be as signed p...

Страница 21: ...SNMP server Net zone 2 XF2 Request via UDP Port 161 SNMP Clients that are connected with the device via net zone 2 can access the SNMP server read only DHCP server Net zone 2 XF2 Request via UDP port...

Страница 22: ...configuration via RESTful server Config API SNMP Net zone 2 XF2 UDP 161 Corresponding requests to the SNMP server of the device are permitted DHCP Net zone 2 XF2 UDP 67 Corresponding requests to the D...

Страница 23: ...il Push the module from the front towards the mounting surface B Once the module has been snapped on properly check that it is fixed securely Connect the DIN rail to protective earth ground Figure 3 1...

Страница 24: ...rail Functional grounding of the module is achieved when the module is snapped onto the grounded DIN rail or via clamping point 5 functional ground FE of COMBICON connector XD1 NOTE Electrical voltage...

Страница 25: ...1 or 2 until the connector engages with a click NOTE Connect the network connections Ethernet of the device to LAN installations on ly Some telecommunications connections also use RJ45 connections th...

Страница 26: ...V DC Connecting I Os Remove COMBICON connector XG1 or XG2 from the device Connect the desired connecting cable to the COMBICON connector see Table 3 3 and 3 4 Plug COMBICON connector XG1 or XG2 onto...

Страница 27: ...on the back of the device Format SD 32 0 mm 24 0 mm 2 1 mm Figure 3 3 SD card holder on the back of the device On principle we cannot guarantee the functionality and compatibility of SD cards from oth...

Страница 28: ...FL MGUARD 1000 product family 28 52 PHOENIX CONTACT 108413_en_06...

Страница 29: ...between two subnets The IP configuration of the device and the connected devices has to be adapted to the respective own network structure All devices of net zone 2 XF2 can automatically obtain their...

Страница 30: ...is generally neither necessary to configure the device nor possible due to the lack of ac cess options via the web based management HTTPS In Easy Protect Mode firmware updates can be performed via the...

Страница 31: ...ive Easy Protect Mode 4 2 2 Protecting network clients Connect the devices to be protected with net zone 2 of the device via a network port XF2 To protect several devices connect them to the device vi...

Страница 32: ...possible for clients in one net zone to communicate and exchange data among each other and with clients from the other net zone With the firewall functions network access to individual or several netw...

Страница 33: ...e assigned automatically per DHCP or a static configuration can be made see below If the configuration computer has already been configured to obtain its IP setting via DHCP the device automatically a...

Страница 34: ...192 168 1 100 to the configuration computer The device serves as default gateway for the configuration computer Manually entering a static IP setting To configure static IP settings for the configura...

Страница 35: ...Initial startup 108413_en_06 PHOENIX CONTACT 35 52 From the answer to the ping request you can tell whether the device reacts to re quests from the configuration computer...

Страница 36: ...imported into a new device This makes it possible to carry out a device exchange quickly and easily if a malfunction should ever occur in a device Furthermore new devices can easily be commissioned b...

Страница 37: ...he configuration computer with the device see Section 4 3 2 Start a web browser on the configuration computer Enter the IP address of the connected network interface of the device into the address lin...

Страница 38: ...te The start page for the web based management of mGuardNT opens Figure 4 7 Start page for web based management The functions that can be configured by means of the web based management are de scribed...

Страница 39: ...he Mode button for at least 5 seconds The FAIL LED lights up red Release the Mode button The device restarts The PF1 5 LEDs light up orange The device is ready for operation when the PF1 LED flashes g...

Страница 40: ...ration API in short Config API The Config API is provided via a RESTful web server of the device The data is transmitted via the HTTP S protocol which is also used to call up websites How to use the C...

Страница 41: ...s the installed firmware version with the last configura tion that was saved All settings passwords and certificates remain unaltered 5 1 2 Restoring configuration access Applications The IP configura...

Страница 42: ...ement interface The device configuration passwords and certificates are to remain unaltered Result The firmware of the device is updated to a higher version by means of the update file stored on the S...

Страница 43: ...ns Press and hold the Mode button for at least 5 seconds until all PF LEDs flash green continuously fast Release the Mode button The selected function is executed All PF LEDs that are not assigned to...

Страница 44: ...default settings Selected Is being executed Completed successfully Failed The LED shows which smart mode function has been selected see Table 5 1 Additionally PF1 5 flash green simultaneously three ti...

Страница 45: ...temperature range specified for trans port see Section 7 If necessary use dehumidifying agents Use suitable ESD packaging to protect components that are sensitive to electro static discharge Make sur...

Страница 46: ...spose of packaging materials that are no longer needed cardboard packaging paper bubble wrap sheets etc with household waste in accordance with the cur rently applicable national regulations Dispose o...

Страница 47: ...y Air pressure operation 68 kPa 108 kPa 3000 m above sea level Ambient compatibility Free from substances that would hinder coating with paint or varnish accord ing to VW specification Pollution degre...

Страница 48: ...ital inputs Number 3 Voltage of input signal 0 V DC 36 V DC Maximum input current 5 mA Mechanical tests Vibration resistance in accordance with IEC 60068 2 6 Operation storage transport 5g 10 Hz 150 H...

Страница 49: ...EN 61000 4 4 IEC 1000 4 4 burst Data cables Power supply Requirements in accordance with DIN EN 61000 6 2 Test intensity 3 criterion A Test intensity 3 criterion A Immunity in accordance with EN 61000...

Страница 50: ...FL MGUARD 1000 product family 50 52 PHOENIX CONTACT 108413_en_06...

Страница 51: ...products in your specific application in particular with regard to observing the applicable standards and regulations All information made available in the technical data is supplied without any accom...

Страница 52: ...products Subsidiaries If there are any problems that cannot be solved using the documentation please contact your Phoenix Contact subsidiary Subsidiary contact information is available at phoenixconta...

Страница 53: ......

Страница 54: ...PHOENIX CONTACT GmbH Co KG Flachsmarktstra e 8 32825 Blomberg Germany Phone 49 5235 3 00 Fax 49 5235 3 41200 E mail info phoenixcontact com phoenixcontact com PHOENIX CONTACT 108413__en_06 Order No 06...

Результаты поиска

Содержание 1153079

Отзывы:

Похожие инструкции для 1153079

Бренды по названию

Популярные бренды

Phoenix Contact 1153079, Руководство по установке и запуску

Результаты поиска

Содержание 1153079

Отзывы:

Похожие инструкции для 1153079

Бренды по названию

Популярные бренды