Activating PROFINET 

A large port range is required for the use of PROFINET as the system automatically selects the required ports depending on the network configuration.
To restrict access to the PROFINET interfaces, the IP addresses of the PROFINET devices must be configured so that only the controller and the device, and possibly also the engineering (supervisor), can communicate with each other.
From the controller perspective, the PROFINET buscoupler must be configured in the firewall as an input rule (Interface and From IP).
The output rule generally defines the ports from which data is sent and the PROFINET buscoupler (To IP) is defined as the recipient of the data.

In the security context in the "Machine" subnetwork, the PROFINET buscoupler has the IP address 172.16.30.30, which must be configured.
Firewall rules for the device, if available (e.g. AXC F2152 as PROFINET device), must be set in the same way.

(See topic Security context for embedding in the wider context and topic Deriving IP addresses for the assignment of IP addresses.)

After you have performed a threat analysis and implemented appropriate protective measures from the security context, you can activate PROFINET.

  • Log in to the WBM. 

Return to topicHow do I get to the WBM again? Click here for more information... 

Establishing a connection to the Web-based Management (WBM):

  • Open a web browser on your computer.
  • In the address field, enter the URL https://<IP-address-of-the-controller>/wbm,
    for example: https://192.168.1.10/wbm.

For further information, see WBM.

  • Open the System Services page (ConfigurationSystem Services) in the WBM. 
  • Activate the checkboxes of the PROFINET Controller and the PROFINET Device (depending on what is needed). 
  • Click the Apply and reboot button. 

After the PLCnext Control has rebooted, you must configure the firewall input and output rules. To do this, proceed as follows:

Input rules

Note: To select the correct interfaces, please refer to the corresponding PLCnext Control topic in the appendix (e. g. AXC F 2152).
  • Open the Firewall page (SecurityFirewall) in the WBM. 
  • Open the User Configuration tab. 
  • On the Input Rules tab,  add a new rule via the .
  • Provide the following information:
    • Select the interface.
    • Select the protocol.
    • Enter the IP address range. 
    • Enter a target port.
    • Select the action Accept
  • Click the Apply button.

  • On the Input Rules tab,  add another new rule via the .
  • Provide the following information:
    • Select the interface.
    • Select the protocol.
    • Enter the IP address range. 
    • Enter a target port.
    • Select the action Accept
  • Click the Apply button.

Output rules

  • Open the Firewall page (SecurityFirewall) in the WBM. 
  • Open the User Configuration tab. 
  • On the Output Rules tab,  add a new rule via the .
  • Provide the following information:
    • Select the interface.
    • Select the protocol.
    • Enter the IP address range. 
    • Enter a target port.
    • Select the action Accept
  • Click the Apply button.

Note: To make sure that all newly applied input and output rules are actively used (even for connections that have already been established), restart the PLCnext Control.

 

 

• Published/reviewed: 2024-12-16 • Revision 016 •