Issue
The defense-in-depth cybersecurity approach are being more and more used by the customers and they want to know the best practices of firewall rules for Control and Device Network (e.g., OFS on the Control network side and M580 on the Device network side).
Product Line
Ecostruxure Control Expert, OPC Factory Server, M580, ConneXium Tofino firewall
Environment
Control Expert v14.1, Windows 10 version 1902 (OS Build 18362.30), OPC Factory Server v3.62, BMEP586040 v3.10, ConneXium Tofino firewall
Resolution
The OPC Factory Server (OFS) uses UMAS protocol to communicate with M580 controllers and the UMAS is a Schneider Electric's protocol based on Modbus TCP/IP packet with function code 90. As a Modbus TCP/IP protocol, it uses the port 502 for communication that should be configured as a bi-directional rule in the firewall.
The link below is from a System Technical Note about "How to reduce vulnerability to Cyber Attacks" and you can find a detailed description of the EcoStruxure Plant with Security Zones (as the picture).
How can I reduce vulnerability to Cyberattacks?
The defense-in-depth cybersecurity approach are being more and more used by the customers and they want to know the best practices of firewall rules for Control and Device Network (e.g., OFS on the Control network side and M580 on the Device network side).
Product Line
Ecostruxure Control Expert, OPC Factory Server, M580, ConneXium Tofino firewall
Environment
Control Expert v14.1, Windows 10 version 1902 (OS Build 18362.30), OPC Factory Server v3.62, BMEP586040 v3.10, ConneXium Tofino firewall
Resolution
The OPC Factory Server (OFS) uses UMAS protocol to communicate with M580 controllers and the UMAS is a Schneider Electric's protocol based on Modbus TCP/IP packet with function code 90. As a Modbus TCP/IP protocol, it uses the port 502 for communication that should be configured as a bi-directional rule in the firewall.
The link below is from a System Technical Note about "How to reduce vulnerability to Cyber Attacks" and you can find a detailed description of the EcoStruxure Plant with Security Zones (as the picture).
How can I reduce vulnerability to Cyberattacks?