Issue
The defense-in-depth cybersecurity approach are being more and more used by the customers and they want to know the best practices of firewall rules for Control and Device Network (e.g., OFS on the Control network side and M580 on the Device network side).
Product Line
Ecostruxure Control Expert, OPC Factory Server, M580, ConneXium Tofino firewall
Environment
Control Expert v14.1, Windows 10 version 1902 (OS Build 18362.30), OPC Factory Server v3.62, BMEP586040 v3.10, ConneXium Tofino firewall
Resolution
The OPC Factory Server (OFS) uses UMAS protocol to communicate with M580 controllers and the UMAS is a Schneider Electric's protocol based on Modbus TCP/IP packet with function code 90. As a Modbus TCP/IP protocol, it uses the port 502 for communication that should be configured as a bi-directional rule in the firewall.
The link below is from a System Technical Note about "How to reduce vulnerability to Cyber Attacks" and you can find a detailed description of the EcoStruxure Plant with Security Zones (as the picture).
How can I reduce vulnerability to Cyberattacks?
The defense-in-depth cybersecurity approach are being more and more used by the customers and they want to know the best practices of firewall rules for Control and Device Network (e.g., OFS on the Control network side and M580 on the Device network side).
Product Line
Ecostruxure Control Expert, OPC Factory Server, M580, ConneXium Tofino firewall
Environment
Control Expert v14.1, Windows 10 version 1902 (OS Build 18362.30), OPC Factory Server v3.62, BMEP586040 v3.10, ConneXium Tofino firewall
Resolution
The OPC Factory Server (OFS) uses UMAS protocol to communicate with M580 controllers and the UMAS is a Schneider Electric's protocol based on Modbus TCP/IP packet with function code 90. As a Modbus TCP/IP protocol, it uses the port 502 for communication that should be configured as a bi-directional rule in the firewall.
The link below is from a System Technical Note about "How to reduce vulnerability to Cyber Attacks" and you can find a detailed description of the EcoStruxure Plant with Security Zones (as the picture).
How can I reduce vulnerability to Cyberattacks?
Đã phát hành cho: Schneider Electric Việt Nam
Bạn cần trợ giúp?
Công cụ chọn sản phẩm
Nhanh chóng và dễ dàng tìm được sản phẩm và phụ kiện phù hợp cho các ứng dụng của bạn.
Nhận báo giá
Bắt đầu gửi yêu cầu bán hàng trực tuyến và chuyên gia sẽ liên hệ với bạn.
Nơi mua hàng?
Dễ dàng tìm nhà phân phối Schneider Electric gần bạn nhất.
Trung tâm Hỗ trợ
Tìm sự hỗ trợ cho mọi nhu cầu của bạn tại một nơi.
