manualshive.com logo in svg

Rockwell Automation 1783-RA2TGB, Руководство пользователя, Страница: 9 / 42

Поделиться
Скачать
Rockwell Automation 1783-RA2TGB Скачать руководство пользователя страница 9

Rockwell Automation Publication 1783-UM014A-EN-P - October 2021

9

Chapter 1          Remote Access Architecture

Best Practices

FactoryTalk Remote Access Administrator enforces two-factor-
authentication.

The FactoryTalk Remote Access software must be up to date in case 
security improvements are released.

Configure strong, complex user passwords.

Stratix 4300 routers must be connected to the internet through its WAN 
port. Stratix 4300 routers do not enable any service through that port and 
only need an outgoing connection through to the configured outgoing 
port (TCP port 443, 80, or 5935). An additional firewall can provide more 
protection.

Undertake a formal threat and risk assessment in relation to remote 
access.

Use the provided role-based access control.

Use the provided physical controls to enable or disable remote access.

Monitor security incidents and logs pro-actively to provide timely 
incident response and accurate forensics.

Conduct regular reviews and assessments of the secure remote access 
solution and technologies to maintain compliance with policies and 
procedures.

Apply defense in depth practices for the secure remote access solution, 
including practices to secure the remote computer.

Содержание 1783-RA2TGB

Страница 1: ...Stratix 4300 Remote Access Routers Catalog Number 1783 RA2TGB 1783 RA5TGB User Manual Original Instructions...

Страница 2: ...Automation Inc with respect to use of information circuits equipment or software described in this manual Reproduction of the contents of this manual in whole or in part without written permission of...

Страница 3: ...GB 11 Multi factor Authentication 13 Typical Remote Access Architectures 14 Secure Remote Connectivity Use Case Cell Area Zone SRA 14 Secure Remote Connectivity Use Case Modem Direct Isolated Machine...

Страница 4: ...4 Rockwell Automation Publication 1783 UM014A EN P October 2021 Appendix A Status Indicators 37 Status Indicators Descriptions 37 Export Logs 38 Audit Logs 38 Index 39...

Страница 5: ...structure EtherNet IP Network Devices User Manual publication ENET UM006 Describes how to configure and use EtherNet IP devices to communicate on the EtherNet IP network Ethernet Reference Manual publ...

Страница 6: ...6 Rockwell Automation Publication 1783 UM014A EN P October 2021 Notes...

Страница 7: ...e to customer operations and encourage collaboration between OEMs and customers The Stratix 4300 router Full gigabit router Supports configuration via FactoryTalk Remote Access software Uses VPN conne...

Страница 8: ...access to remote equipment through a VPN connection 2 Server infrastructure is a distributed cloud based server infrastructure that facilitates the connections 3 FactoryTalk Remote access is a web ba...

Страница 9: ...oing connection through to the configured outgoing port TCP port 443 80 or 5935 An additional firewall can provide more protection Undertake a formal threat and risk assessment in relation to remote a...

Страница 10: ...te Access Routers 1783 RA2TGB Figure 1 1783 RA2TGB 1 2 3 4 5 6 7 8 9 10 Table 1 1783 RA2TGB Router Front View 1 Restart Status Indicator 2 Server USB Status Indicator 3 COM RX Status Indicator 4 USB 2...

Страница 11: ...783 RA5TGB Figure 2 1783 RA5TGB 1 2 3 4 5 6 7 8 9 10 Table 2 1783 RA5TGB Router Front View 1 Restart Status Indicator 2 Server USB Status Indicator 3 COM RX Status Indicator 4 USB 2 0 5 WAN 6 LAN1 LAN...

Страница 12: ...on corresponds to the restart button Once the command is received a proper feedback is returned by the status indicator OUT0 The output is active when the router is connected to its associated Domain...

Страница 13: ...guration click the activation link This link can be scanned with any application that supports the Google Authenticator standard 2 Use one of the following links from your device to download an authen...

Страница 14: ...access purposes and if needed for NAT Routing purposes for the cell area zone Without NAT or Routing there are no North or South data flows through the Stratix 4300 East or West data flow for example...

Страница 15: ...zone If there is a need for peer to peer or machine to machine communication the Stratix 4300 NAT or Routing features can be configured to allow successful communication WAN LAN Internet Core Switches...

Страница 16: ...AT Routing services for the Cell Area Zone for LAN to WAN communication Without NAT or Routing there are no North South data flows Most other data flows in the cell occur at the industrial Ethernet sw...

Страница 17: ...nfrastructure also provides routing and switching services to all devices including the Stratix 4300 The VLAN required for Internet access or WAN must be extended into the cell area zone IES to provid...

Страница 18: ...tion The WAN is connected directly to distribution to ease routing requirements Any cloud or remote access related traffic from the Stratix 4300 goes directly to the distribution switch Generally the...

Страница 19: ...onnectivity Use Case Modem Direct Isolated Machine The following architecture highlights a remote isolated cell For the Internet connection in this architecture an Internet modem like those provided b...

Страница 20: ...20 Rockwell Automation Publication 1783 UM014A EN P October 2021 Chapter 1 Remote Access Architecture Notes...

Страница 21: ...device in the Stratix 4300 Device Manager The default IP address and LAN ports are set to 192 168 0 1 WAN ports are set to request an address via DHCP The default user name and password are both admi...

Страница 22: ...tion 2 When you are prompted change the password to your device The password change prompts the device to restart 3 To apply the changes restart your device After your device reboots the device manage...

Страница 23: ...Rockwell Automation Publication 1783 UM014A EN P October 2021 23 Chapter 2 Router Integration The date and time settings and Local NTP Server interfaces can both be found under the General tab...

Страница 24: ...14A EN P October 2021 Chapter 2 Router Integration System information about your router can also be found under the General tab The interface tab shows what the ports on the device are doing and the l...

Страница 25: ...2021 25 Chapter 2 Router Integration All LAN port information is also listed under the Interface tab including the MAC address From the Interface tab you can choose your Serial port mode Under the Net...

Страница 26: ...two options for availability mode If you select the mode Always on the router connects to the Domain immediately after power up When a working Internet connection is available it will also restore the...

Страница 27: ...ll user accounts local to the Stratix 4300 are located under the Users tab This tab is where you find your administrator account or change your current password Under the diagnostic page you can ping...

Страница 28: ...es tab find the list of existing IP addresses and click add The following screen appears After adding the IP address you will be prompted to restart Associate the Router with a Domain 1 In the Factory...

Страница 29: ...ind your router in the list that appears 6 Name the router in the Initial name box and click Register To determine the correct MAC address for the Stratix 4300 you can either check the side of the phy...

Страница 30: ...After you click the VPN bar an image for the VPN will blink in your PC s toolbar at the bottom of your screen 8 Click the VPN icon in the toolbar The connection screen to your device appears You can...

Страница 31: ...block is useful in the event that a router is restored to factory settings with the intent to bypass the correct procedure A sequence of two blinking red lights on status indicators on the front pane...

Страница 32: ...nd reduce traffic between remote devices and FactoryTalk Remote Access To add a firewall policy you must be in the FactoryTalk Remote Access environment The firewall option is listed on the right of t...

Страница 33: ...icy name 4 Click Add to configure a rule in the policy definition 5 Add a MAC address and an Ethernet Type FactoryTalk Remote Access VPN supports the virtualization of the datalink layer and the integ...

Страница 34: ...Chapter 2 Router Integration Import a Firewall Policy 1 To import a firewall policy start with the same process as creating one and select import 2 Select the firewall policy that you want to import f...

Страница 35: ...addresses assigned to the two network interfaces are also printed To complete a factory reset use the following steps 1 Turn off the device 2 Press and hold the factory reset button and turn on the de...

Страница 36: ...ernal electronics and software The Restart status indicator returns the feedback To restart the router use the following steps 1 Turn on the device 2 Press and release the restart button The restart s...

Страница 37: ...o a domain 2 Red Flashes An attempt to connect to a different domain than the first initial registration occurred 2 Green Flashes Configuration from the USB stick was successfully completed 2 Red Flas...

Страница 38: ...description The audit trail contains Login logout of users All CRUD create rename update delete operations that are performed on all domain resources Users Groups Permissions Device Configurations Al...

Страница 39: ...cess solution 19 M move devices 31 multifactor authentication 13 R remote access architecture 1783 RA2TGB 10 1783 RA5TGB 11 remove devices 31 router features 12 firewall 14 multifactor authentication...

Страница 40: ...40 Rockwell Automation Publication 1783 UM014A EN P October 2021 Notes...

Страница 41: ...Rockwell Automation Publication 1783 UM014A EN P October 2021 41 Stratix 4300 Remote Access Routers User Manual...

Страница 42: ...les rok auto knowledgebase Local Technical Support Phone Numbers Locate the telephone number for your country rok auto phonesupport Literature Library Find installation instructions manuals brochures...

Отзывы:

Нет отзывов