Secure by default: Configuring extended firewall settings 

 See also the  Configuring basic firewall settings topic. For basic firewall configuration information, refer to the Firewall WBM topic in the main PLCnext Technology ‑ Info Center.

Below are examples of how to make the firewall settings on your device. 

Adapting the basic rules to your own rules

To configure accesses according to the security context, proceed as follows:

  • Log in to the WBM.

    Return to topicHow do I get to the WBM again? Click here for more information... 

    Establishing a connection to the Web-based Management (WBM2):

    • Open a web browser on your computer.
    • In the address field, enter the URL https://<IP-address-of-the-controller>/wbm,
      for example: https://192.168.1.10/wbm.

    For further information, see WBM2.

     
  • Open the Firewall page (SecurityFirewall) in the WBM. 
  • Open the BASIC CONFIGURATION tab. 
  • In the Basic Rules section, select Continue from the drop-down list for the Remoting in the Action column. 
  • Click the SAVE & APPLY PAGE button. 
  • Open the IP INPUT RULES tab. 
  • Add a new rule via the .
  • Provide the following information:
    • Select the interface via which the controller is connected to the engineering station in the manufacturing zone. Please refer to the controller-specific documentation.
    • Enter the corresponding IP address (the IP address of the Engineering Station in the superordinate network, refer to the topic Deriving IP addresses). 
    • Enter the target port (refer to the topic Configuring basic firewall settings ). 
  • Click the SAVE & APPLY PAGE button. 
  • Reboot your device. 
    ↪ Now you have access from the superordinate network (e.g. PLCnext Engineer).

Inserting your own firewall rules

  • Log in to the WBM.

    Return to topicHow do I get to the WBM again? Click here for more information... 

     
  • Open the Firewall page (SecurityFirewall) in the WBM. 
  • Open the IP INPUT RULES tab. 
  • Add a new rule via the .
  • Provide all necessary information depending on your individual security context:
    • Select the interface (refer to the topic of the respective controller).
    • Enter the target ports. 
    • Select Accept  in the Action column.
  • Click the SAVE & APPLY PAGE button. 
  • Open the IP OUTPUT RULES tab. 
  • Add a new rule via the .
  • Provide all necessary information depending on your individual security context:
    • Select the interface (refer to the topic of the respective controller).
    • Enter the target ports. 
    • Select Accept  in the Action column.
  • Click the SAVE & APPLY PAGE button. 

 

Plant documentation

If you want to use the list of active firewall rules in your plant documentation, you can export the list from the WBM. Proceed as follows:

Firewall status section

If the firewall is activated, you can generate an overview of all active firewall rules in a *.txt file. 

  • Open the Firewall page (SecurityFirewall) in the WBM. 
  • Open the GENERAL tab. 
  • In the Firewall status section, click the SHOW RULES button.
    ↪ The *.txt file with the active firewall rules is being generated and opens in a dialog box.
  • To save the active rules to a *.txt file, click the  SAVE TO FILE button in the dialog box.
    ↪ The *.txt file is saved to the directory selected in the next step.


  For further information, refer to the Firewall WBM topic in the main PLCnext Technology ‑ Info Center.

 

 

• Published/reviewed: 2026-01-30 • Revision 020 •