Security communications processors

SIMATIC security communication processors with integrated firewall and vpn

Protect your SIMATIC automation devices

With their integrated firewall – to monitor the data flow – and VPN, security communications processors protect against data manipulation and espionage. A special benefit of the security communications processors for SIMATIC controllers is the automatic generation of firewall rules when configured using the TIA Portal. The firewall automatically approves configured communications connections, which substantially reduces the time needed for configuration and also the risk of error.

Select your security communications processors with the TIA Selection Tool

TIA Selection Tool

Directly select and order the right communications processor (via the Mall)

Basic Controllers

Communications processors for SIMATIC S7-1200

The CP 1243-1 communications processor securely connects the SIMATIC S7-1200 controller with Industrial Ethernet networks.

Advanced Controllers

Communications processors for SIMATIC Advanced Controllers

Securely connect your SIMATIC Advanced Controller to Industrial Ethernet networks.

Distributed Systems

Communications processors for ET 200SP Distributed Controllers

Flexibly expand your SIMATIC ET 200SP Distributed Controller for secure network connections to include an Industrial Ethernet interface.

PG/PC systems

Communications processors for systems with a PCI Express slot

The CP 1628 lets you securely connect PGs or PCs with a PCI Express slot to an Industrial Ethernet network.

Overview

Security communications processors at a glance

A special benefit of the security communications processors for SIMATIC controllers is the automatic generation of firewall rules when configured using the TIA Portal.

CP 1243-1, CP 1243-7 LTE, and CP 1243-8 IRC

Thanks to the integrated security functions (firewall and VPN), the communications processors protect SIMATIC S7-1200 stations and downstream networks against unauthorized access, and also encrypt data transfers to protect against manipulation and espionage.

 
CP 1243-1
CP 1243-7 LTE
CP 1243-8 IRC
Interfaces/Protocols (LAN)
1x RJ45 port, 10/100 Mbit/s /PG/OP, S7
1x LTE (4G) / –
1x RJ45 port, 10/100 Mbit/s /PG/OP, S7
Telecontrol protocols (WAN)
Telecontrol Basic, DNP3, IEC 60870-5-104
Telecontrol Basic
SINAUT ST7, DPN3, IEC 60870-5-104
Firewall version
Stateful Inspection
Stateful Inspection
Stateful Inspection
Webserver access
Yes
Yes
Yes
IP routing in downstream network
No
No
No
No. of VPN connections/SINEMA RC support
8/Yes 
1/Yes 
8/Yes 
 

CP 1543-1, CP 1545-1, CP 343-1 Advanced, and CP 443-1 Advanced

Thanks to their integrated security functions (firewall, VPN), and data encryption protocols like FTPS and SNMPv3, the communications processors protect stations with SIMATIC S7-1500, S7-400, and S7-300 controllers and downstream networks against unauthorized access.

 
CP 1543-1
CP 1545-1
CP 443-1 Advanced
CP 343-1 Advanced
Interfaces 1/2
1x RJ45 port, 10/100/1,000 Mbit/s / –
1x RJ45 port, 10/100/1,000 Mbit/s / –
1x RJ45 port, 10/100/1,000 Mbit/s / 4x RJ45 port, 10/100 Mbit/s
1x RJ45 port, 10/100/1,000 Mbit/s / 2x RJ45 port, 10/100 Mbit/s
PROFINET / PG/OP communication
No/multi-network
No/multi-network
PROFINET IO controller/multi-network
PROFINET IO Controller or IO device/multi-network
Open communication
TCP/IP, UDP, ISO-on-TCP: Multicast with UDP 
TCP/IP, UDP, ISO-on-TCP: Multicast with UDP 
TCP/IP, UDP, ISO: Multicast with UDP 
TCP/IP, UDP, ISO: Multicast with UDP 
IP routing in downstream network
No, deactivated when security function activated
No, deactivated when security function activated
Yes (static)
Yes (static)
VPN version / no. of VPN connections
IPsec/16
- / -
IPsec/32
IPsec/32
Firewall/IP access list
Stateful Inspection/no
Stateful Inspection/no
Stateful Inspection/yes
Stateful Inspection/yes
 
Configure and order ??????

CP 1543SP-1

The CP 1543SP-1 communications processor lets you flexibly expand the ET 200SP Distributed Controller to include an Industrial Ethernet interface.

 
CP 1543SP-1
Interfaces
2 ports via ET 200SP bus adapter
Protocols (LAN)
PG/OP, S7, TCP, UDP
Telecontrol protocols (WAN)
No
Webserver access/IP routing in downstream network
Yes/No
VPN version / no. of VPN connections
IPSec/4
Support for SINEMA RC/Firewall/IP access list
Yes/Stateful Inspection/No
 

CP 1628

The CP 1628 Industrial Ethernet communications processor protects industrial PCs using a firewall and VPN – providing secure communications with no need for special settings on the operating system.

 
CP 1628
Module format
PCI Express x1 (half-length)
Type of interface
2x RJ45 port, 10/100/1,000 Mbit/s
PG/OP communication
Yes, with HARDNET-IE S7
S7 communication
Multi-network, with HARDNET-IE S7
Open communication
TCP/IP, UDP, ISO, ISO-on-TCP: Multicast with UDP with HARDNET-IE S7
VPN version / no. of VPN connections
IPsec/64
Support of SINEMA RC
No
Firewall version
Stateful Inspection
 
Use cases

Solutions for many different challenges

Use security communications processors to solve many potential challenges. Issuing access authorizations and network accesses from secured and unsecured networks are two possible scenarios.
Additional information

Information and downloads

Want to know more about our products for improved network security? Download our information or find out about our portfolio – covering every stage from efficient planning to implementation.

Professional support

Professional support for future-proof communications networks

First-class network components will not create a first-class industrial communications network on their own. A thorough understanding of network designs is at least as important. You get both when you deal with us and our certified Solution Partners. That’s where you benefit: our Professional Services for Industrial Networks give you professional help in developing your network solution – tailored to suit your specific requirements.

Benefit from our expertise in industrial networks

Professional Services