Pilz 311502 Скачать руководство пользователя страница 48 | Manualshive

Страница: 48 / 51

Pilz 311502 Скачать руководство пользователя страница 48

Network data

Operating Manual PCOM sec br2
1004534-EN-04

| 48

14

Network data

Interface

Log

Direc-
tion

Trans-
port log

Port no.

Can be de-
activated

Description

User interface

HTTP

In

TCP

0 … 65535
Def.: 80

No

Browser is always for-
warded to HTTPS

User interface

HTTPS

In

TCP

0 … 65535
Def.: 443

No

Transport protection by
TLSv1.2 or TLSv1.3. Ac-
cess to the user inter-
face via user name and
password. The server is
authenticated via an
X.509 certificate.

VPN access

propriet-
ary

In

TCP

1194

Yes
Def.: Active

Authenticated and en-
crypted log. The connec-
tion setup is protected
by user name and pass-
word. The server is au-
thenticated via X.509
certificate.

VPN Web Service

HTTP

In

TCP

4080

Yes
Def.: Active

Critical services are only
accessible via the VPN
tunnel.

NTP Server

NTP

In

UDP

123

No

accessible only via
device port X2

NTP client

NTP

Out

UDP

123

Yes
Def: Inactive

Protection configurable
by shared encrypted
key.

DNS client

DNS

Out

UDP

53

Yes
Def: Inactive

E-Mail log for-
warding

SMTP

Out

TCP

0 … 65535
Def.: 25

Yes
Def: Inactive

Optional use of TLS and
SMTP authentication

Syslog-log
forwarding

SYSLOG Out

UDP

0 … 65535
Def.: 514

Yes
Def: Inactive

RADIUS client

RADIUS

Out

UDP

0 … 65535
Def.: 1812

Yes
Def: Inactive

Protected by Server
Shared Secret

Switching Loop
detection

propriet-
ary

In/out

Layer2

0x88b5

No

Frames are received
only via device port X2

«
...
46
47
48
49
50
...
»

Содержание 311502

Страница 1: ...PCOM sec br2 Operating Manual 1004534 EN 04...

Страница 2: ...KG Copies may be made for internal purposes Suggestions and comments for improving this documentation will be gratefully received Pilz PIT PMI PNOZ Primo PSEN PSS PVIS SafetyBUS p SafetyEYE SafetyNET...

Страница 3: ...10 3 4 Commissioning 11 3 5 User accounts 11 3 6 Operation 11 3 7 Decommissioning 12 4 Overview 13 4 1 Unit features 13 4 2 Front view 14 5 Function description 15 5 1 Block diagram 16 5 2 VPN tunnel...

Страница 4: ...client 33 9 2 Create new client connection 33 9 3 Log in to client 34 9 4 Authentication procedure 34 10 Firmware update 37 11 Operation 38 11 1 LED indicators 38 11 2 Recovery 39 11 3 Error mode 40...

Страница 5: ...t is particularly important is identified as follows DANGER This warning must be heeded It warns of a hazardous situation that poses an immediate threat of serious injury and death and indicates preve...

Страница 6: ...s if possible Pilz can charge a fee for the data medium and for sending The request for the source code must be received 3 years at the latest after the receipt of the relevant GPL or LPGL Irrespectiv...

Страница 7: ...other environments If installed in other environments measures should be taken to comply with the applicable standards and directives for the respective installation site with regard to in terference...

Страница 8: ...ll be rendered invalid if The product was used contrary to the purpose for which it is intended Damage can be attributed to not having followed the guidelines in the manual Operating personnel are not...

Страница 9: ...y security problems of the SecurityBridge to the following E mail ad dress security pilz de 3 2 Defense in depth Defense in depth is a security design concept Several different security measures to pr...

Страница 10: ...n depth concept provided the product has to be arranged in the network as shown in the figure Network overview The chapter Network data 48 de scribes the network protocols that the product uses to com...

Страница 11: ...Make sure you regularly change the passwords of the user accounts on the system and or ask the users to change their passwords themselves Retain the passwords safely and train the personnel to deal wi...

Страница 12: ...Unless otherwise documented you should ensure that all the files created by the Secur ityBridge can only be used by authorised users 3 7 Decommissioning Make sure that the SecurityBridge is safely dec...

Страница 13: ...face VPN server to build a VPN tunnel for safe transfer of data Forwarding rules for IP connections and fieldbuses Bypass mode temporary deactivation of security functions for diagnostic purposes Setu...

Страница 14: ...XXXXXX XXXXXX XX Firmware XXXX Fig PCOM sec br2 Legend X1 Network Ethernet port for connecting the configuration PC X2 Device Ethernet port for connecting to the protected system X3 24 V 0 V Peripher...

Страница 15: ...mpany network Fig Overview The SecurityBridge is used with in the company network to prevent unauthorised access to downstream devices in a protected network The access from the client PC to the devic...

Страница 16: ...uration PC This enables tap proof manip ulation proof data transfer between the client PC and SecurityBridge Only the VPN client from Pilz is supported Up to 5 client connections can exist simultaneou...

Страница 17: ...there is at least one VPN Client connected If there is a 0 signal at the output then no VPN Client is connected BYPASS Bypass mode is signalled via the digital output If there is a 1 signal at the ou...

Страница 18: ...event of an ambient temperature of over 45 C note that the temperature of the connected USB memory could rise to over 70 C Using the USB memory An inserted USB stick can be formatted and incorporated...

Страница 19: ...g rail in an upright position so that the earthing springs on the device are pressed on to the mounting rail The ambient temperature of the devices in the control cabinet must not exceed the figure st...

Страница 20: ...put must be a max of 30 m The supply of the module and the supply of the SC outputs are galvanically isolated Module supply Polarity protection Overvoltage protection Protect the supply voltage as fol...

Страница 21: ...X1 network port Connection to the unprotected network company network Ethernet interface X2 device port Connection to the protected network Supported Internet protocol IPv4 Supported functions Autoneg...

Страница 22: ...a a standard browser The following web browsers will always be supported Internet Explorer IE from Version 9 Microsoft Edge Mozilla Firefox from Version 23 7 0 Google Chrome from Version 27 Safari fro...

Страница 23: ...e password see Security 9 6 Change network settings To access the SecurityBridge PCOM sec br2 from the company network change the network settings of the SecurityBridge The settings are adapted in the...

Страница 24: ...r RADIUS System permissions Administration User can perform administrative functions on the Se curityBridge However he has no access to the pro tected system PNOZmulti PSS 4000 1 User management User...

Страница 25: ...owing actions can then be delegated List users Create new user Change user data 8 3 3 Create user A user account must be created for each user who wants to access the protected system via VPN client o...

Страница 26: ...d in the Security Bridge for the RADIUS server are accepted INFORMATION Via the RADIUS server a user can either be assigned to a user group or be assigned one or more permissions If you attempt to ass...

Страница 27: ...of 5 OPC servers can be created 4 OPC servers for the product range PSS 4000 and 1 OPC server for the product range PVIS Create Generic Devices Generic Devices are all devices with a network interface...

Страница 28: ...n the protected network A maximum of 25 rules administrative rules and forward ing rules can be defined per device Administrative access rules The system allows the definition of administrative access...

Страница 29: ...secure the configuration 31 Certificate download You can download the CA certificate and server certificate from the user interface to your PC You can import the CA certificate into the browser PC see...

Страница 30: ...n automatically download the certificate The download is secured by a passphrase Further information on the password policy can be found in the Online Help on the SecurityBridge Generate certificates...

Страница 31: ...ed The status is displayed on the user interface and on the device via a configurable LED CAUTION Loss of security when bypass mode is activated The security functions are deactivated in bypass mode M...

Страница 32: ...the configuration is loaded automatic ally When you saved a configuration on the computer the configuration can be restored by uploading the backup file to the user interface If you did not generate...

Страница 33: ...rsion 9 2 Create new client connection To create a connection to SecurityBridge for the first time a new client connection has to be created Proceed as follows 1 Start the VPN client by clicking All p...

Страница 34: ...entials must be created on the user interface of the SecurityBridge a Open the VPN client click Connect select a connection and enter your user name and your password 9 4 Authentication procedure Duri...

Страница 35: ...ind user name in the user management Found No No No No No Ye s Ye s Ye s Ye s Ye s Ye s RADIUS server configured Authentication via RADIUS server Successful Check Setup mode User permitted Check passw...

Страница 36: ...ocedure via the RADIUS server Request to the primary RADIUS server Request to the secondary RADIUS server Authentication successful Check group or permissions from the response Authentication failed V...

Страница 37: ...ce The firmware can only be updated by users with Administration permission The update packet is digitally signed to prevent manipulation An update packet can be downloaded to the device from the down...

Страница 38: ...n Green No error present Red One or more recoverable errors on the Security Bridge for more information see event log Red One or more internal errors on the SecurityBridge for more information see eve...

Страница 39: ...e Meaning No network connection Green Network connection exists 11 2 Recovery If you experience problems with the configuration a failed firmware update or any other situation in which the system is n...

Страница 40: ...r interface opens in Recovery mode This interface is only available in English 7 To restore the system you can choose between the following options Firmware Recovery The firmware is reset and restored...

Страница 41: ...e deleted from the device Proceed as follows Reset the configuration to the factory settings as described in the chapter Recovery 39 Switch off the SecurityBridge If you used an USB memory remove the...

Страница 42: ...er net interfaces at the base unit The project is changed via this connection and transferred to the PNOZmulti This connection is protected The PNOZmulti base unit is in the protec ted network Access...

Страница 43: ...pening contact of the key switch to the input I0 protected connection unprotected connection PAS4000 or PNOZmulti Configurator Key switch PNOZmulti PSS 4000 VPN tunnel Input I0 or 24 VDC SecurityBridg...

Страница 44: ...tablish connection to SecurityBridge 22 2 Create user 25 3 Create device 27 4 Forwarding rules for PSS 4000 27 Here you have to configure the forwarding rule for the communication of both PSS 4000 in...

Страница 45: ...5 5 W Status indicator LED Inputs Number 1 Voltage at inputs 24 V DC Input type in accordance with EN 61131 2 3 Input current at rated voltage 10 mA Semiconductor outputs Number 1 Voltage 24 V Curren...

Страница 46: ...ccordance with the standard EN 61131 2 Overvoltage category II Pollution degree 2 Rated insulation voltage 30 V Protection type In accordance with the standard EN 60529 Housing IP20 Terminals IP20 Mou...

Страница 47: ...r cross section with spring loaded terminals Flexible with without crimp connector 0 2 2 5 mm 24 12 AWG Spring loaded terminals Terminal points per connec tion 2 Stripping length with spring loaded te...

Страница 48: ...ser name and pass word The server is au thenticated via X 509 certificate VPN Web Service HTTP In TCP 4080 Yes Def Active Critical services are only accessible via the VPN tunnel NTP Server NTP In UDP...

Страница 49: ...rc 701 Device name IP address ip The device s MAC address was changed to mac 702 Device name IP address ip Device is not active 1000 The start configuration was reset and the logging events were delet...

Страница 50: ...e Features Order no PCOM sec br2 Module for secure authentication and communication with PNOZmulti 2 and PSS 4000 311 502 16 2 Accessories Connection terminals Product type Features Order no Set4 Spri...

Страница 51: ...XXXX en 0X 2021 01 Printed in Germany Pilz GmbH Co KG 2021 Support Technical support is available from Pilz round the clock Pilz develops environmentally friendly products using ecological materials a...

Отзывы:

Нет отзывов