Table of Contents
Advertisement
● Authentication requests before key exchange
Maximum number of authentication requests of the CP with the master. When this
number is reached, the session key is renewed.
Range of values: 1...10000 Default setting: 1000
Recommendation: Set the number for the CP twice as high as for the master.
● Key exchange interval
Period after which the key is exchanged again between the CP and the master. The
interval must be matched up on both communications partners.
Range of values: 0...65535 min. at 0 (zero), the key is never changed (function disabled).
Default setting: 15 min.
Recommendation: Set the key exchange interval for the CP twice as high as for the
master.
● Authentication timeout
Maximum waiting time for the response from the master to an authentication request of
the CP.
Exceeding the wait time is evaluated as an error by the CP. In this case, the CP
generates a security event and sends this to the master.
Range of values: 1... 65535 s Default setting: 5
● Pre-shared key
The pre-shared key can be configured in two ways:
– Manual configuration
– Import as file
The pre-shared key of the CP must be identical to the pre-shared key of the master.
4.9.4
Firewall
4.9.4.1
Pre-check of messages by the MAC firewall.
Each incoming or outgoing frame initially runs through the MAC firewall (layer 2). If the frame
is discarded at this level, it will not be checked by the IP firewall (layer 3). This means that
with suitable MAC firewall rules, IP communication can be restricted or blocked.
CP 1243-1
Operating Instructions, 04/2017, C79000-G8976-C365-03
Enter the pre-shared key in STEP 7 manually as a hexadecimal value.
Import the pre-shared key from the file system of the engineering station if the pre-
shared key was generated by the master or another engineering system.
Configuration
4.9 Security
67
- Quick Links:
- Properties of the Cp
- Configuration Examples
Hide quick links:
Advertisement
Table of Contents
