Configuration
4.9 Security
CP 1243-1
Operating Instructions, 04/2017, C79000-G8976-C365-03
77
Select the "Activate security features" check box
After logging on, you need to select the "Activate security features" check box in the
configuration of both CPs.
You now have the security functions available for both CPs.
Creating the VPN group and assigning security modules
1.
In the global security settings, select the entry "Firewall" > "VPN groups" > "Add new VPN
group".
2.
Double-click on the entry "Add new VPN group", to create a VPN group.
Result: A new VPN group is displayed below the selected entry.
3.
In the global security settings, double-click on the entry "VPN groups" > "Assign module
to a VPN group".
4.
Assign the security modules between which VPN tunnels will be established to the VPN
group.
Note
Current date and current time on the CP for VPN connections
Normally, to establish a VPN connection and the associated recognition of the certificates to
be exchanged, the current date and the current time are required on both stations.
The establishment of a VPN connection to an engineering station that is also the telecontrol
server at the same time (TCSB installed), runs as follows along with the time of day
synchronization of the CP:
On the engineering station (with TCSB), you want the CP to establish a VPN connection.
The VPN connection is established even if the CP does not yet have the current time.
Otherwise the certificates used are evaluated as valid and the secure communication will
work.
Following connection establishment, the CP synchronizes its time of day with the PC
because the telecontrol server is the time master if telecontrol communication is enabled.
Configure the properties of the VPN group
1.
Double-click on the newly created VPN group.
Result: The properties of the VPN group are displayed under "Authentication".
2.
Enter a name for the VPN group. Configure the settings of the VPN group in the
properties.
These properties define the default settings of the VPN group that you can change at any
time.