Secure Ouc Of An S7-1500 Cpu As Tls Server To An External Plc (Tls Client) - Siemens SIMATIC S7-1500 Function Manual

6.11.2

Secure OUC of an S7-1500 CPU as TLS server to an external PLC (TLS client)

The following section describes how you can set up Open User Communication via TCP
from an S7-1500 CPU as TLS server to a TLS client.
Setting up a secure TCP connection via the domain name of the communication partner
S7-1500 CPUs as of firmware version V2.0 support secure communication with addressing
via a Domain Name System (DNS).
For secure TCP communication over the domain name you need to create a data block with
the TCON_QDN_SEC system data type yourself, assign parameters and call it directly at
one of the instructions TSEND_C, TRCV_C or TCON.
Requirements:
● Current date and time are set in the CPU.
● Your network includes at least one DNS server.
● You have configured at least one DNS server for the S7-1500 CPU.
● TLS client and TLS server have all the required certificates.
To set up a secure TCP connection to a TLS client, follow these steps:
1. Create a global data block in the project tree.
2. Define a tag of the data type TCON_QDN_SEC in the global data block.
The example below shows the global data block "Data_block_1" in which the tag
"DNS ConnectionSEC" of the data type TCON_FDL_SEC is defined.
Figure 6-15 TCON_QDN_SEC_Server
3. Set the connection parameters of the TCP connection in the "Start value" column. Enter,
for example, the local ID of the TCP connection for "ID".
Communication
Function Manual, 11/2019, A5E03735815-AH
Open User Communication
6.11 Secure Open User Communication
95