Security communications processors

SIMATIC security communication processors with integrated firewall and vpn

Protect your SIMATIC automation devices

With their integrated firewall – to monitor the data flow – and VPN, security communications processors protect against data manipulation and espionage. A special benefit of the security communications processors for SIMATIC controllers is the automatic generation of firewall rules when configured using the TIA Portal. The firewall automatically approves configured communications connections, which substantially reduces the time needed for configuration and also the risk of error.

Select your security communications processors with the TIA Selection Tool

TIA Selection Tool

Select and order directly from the Industry Mall

CPs for SIMATIC Basic Controllers

Communications processors for SIMATIC S7-1200

Securely connect your SIMATIC Basic Controller to Industrial Ethernet networks or remote networks.

CP 1243-1

CP 1243-7 LTE

CP 1243-8 IRC

CPs for SIMATIC Advanced Controllers

Communications processors for SIMATIC Advanced Controllers

Securely connect your SIMATIC Advanced Controller to Industrial Ethernet networks.

CP 1543-1

CP 443-1 Advanced

CP 343-1 Advanced

CPs for Distributed Controllers

Communications processors for ET 200SP Distributed Controllers

Flexibly expand your SIMATIC ET 200SP Distributed Controller for secure network connections to include an Industrial Ethernet interface.

CP 1543SP-1

CPs for SIMATIC PG/PC systems

Communications processors for systems with a PCI Express slot

The CP 1628 lets you securely connect PGs or PCs with a PCI Express slot to an Industrial Ethernet network.

CP 1628
Overview

Security communications processors at a glance

A special benefit of the security communications processors for SIMATIC controllers is the automatic generation of firewall rules when configured using the TIA Portal.

CP 1243-1, CP 1243-7 LTE, and CP 1243-8 IRC

Thanks to the integrated security functions (firewall and VPN), the communications processors protect SIMATIC S7-1200 stations and downstream networks against unauthorized access, and also encrypt data transfers to protect against manipulation and espionage.

 
CP 1243-1
CP 1243-7 LTE
CP 1243-8 IRC
Interfaces
1x RJ45 port, 10/100 Mbit/s
1x LTE (4G)
1x RJ45 port, 10/100 Mbit/s
Telecontrol protocols (WAN)
TeleControl Basic, DNP3, IEC 60870-5-104
TeleControl Basic
SINAUT ST7, DPN3, IEC 60870-5-104
Firewall version
Stateful Inspection
Stateful Inspection
Stateful Inspection
Webserver access
Yes
Yes
Yes
IP routing in downstream network
No
No
No
No. of VPN connections
8
1
8
SINEMA RC support
Yes
Yes
Yes
Industry Mall
More information
More information
More information

CP 1543-1, CP 1545-1, CP 443-1 Advanced, and CP 343-1 Advanced

Thanks to their integrated security functions (firewall, VPN), and data encryption protocols like FTPS and SNMPv3, the communications processors protect stations with SIMATIC S7-1500, S7-400, and S7-300 controllers and downstream networks against unauthorized access.

 
CP 1543-1
CP 1545-1
CP 443-1 Advanced
CP 343-1 Advanced
Industrial Ethernet 1
1x RJ45 port, 10/100/1,000  Mbit/s
1x RJ45 port, 10/100/1,000  Mbit/s
1x RJ45 port, 10/100/1,000  Mbit/s
1x RJ45 port, 10/100/1,000  Mbit/s
Industrial Ethernet 2
4 x RJ45 port, 10/100 Mbit/s
2 x RJ45 port, 10/100 Mbit/s
IP routing in downstream network
Static IP routing via IPv4 to other CM/CP units in an S7-1500 system, e.g., for web server accesses without real-time capability.
Static IP routing via IPv4 to other CM/CP units in an S7-1500 system, e.g., for web server accesses without real-time capability.
Yes (static)
Yes (static)
VPN version
IPsec
IPsec
IPsec
No. of VPN connections
16
32
32
Firewall
Stateful Inspection
Stateful Inspection
Stateful Inspection
Stateful Inspection
IP access list
No
No
Yes
Yes
Industry Mall
More information
 
More information
More information

CP 1543SP-1

The CP 1543SP-1 communications processor lets you flexibly expand the ET 200SP Distributed Controller to include an Industrial Ethernet interface.

 
CP 1543SP-1
Industrial Ethernet interface
2 ports via ET 200SP bus adapter
Firewall version
Stateful Inspection
Webserver access
Yes
IP routing in downstream network
No
No. of VPN connections
4
SINEMA RC support
Yes
Industry Mall
More information

CP 1628

The CP 1628 Industrial Ethernet communications processor protects industrial PCs using a firewall and VPN – providing secure communications with no need for special settings on the operating system.

 
CP 1628
Module format
PCI Express x1 (half-length)
Industrial Ethernet interface
2x RJ45 port, 10/100/1,000 Mbit/s
Firewall version
Stateful Inspection
VPN version
IPsec
No. of VPN connections
64
Support of SINEMA RC
No
Industry Mall
More information
Use cases

Solutions for many different challenges

Use security communications processors to solve many potential challenges. Issuing access authorizations and network accesses from secured and unsecured networks are two possible scenarios.
Network segmentation and protection for SIMATIC S7-1500
Network segmentation and protection for SIMATIC S7-1500 with CP 1543-1 or SIMATIC S7-1200 with CP 1243-1
Industrial Ethernet interface for ET 200SP
The CP 1543SP-1 communications processor lets you flexibly expand the SIMATIC ET 200SP Distributed Controller to include an Industrial Ethernet interface.
Network segmentation and protection for SIMATIC S7-300
Network segmentation and protection for SIMATIC S7-300 controllers or SIMATIC S7-400 controllers with CP 343-1 Advanced or CP 443-1 Advanced
Secure redundant coupling
Secure redundant coupling with CP 1628 und CP 443-1 Advanced
Additional information

Information and downloads

Want to know more about our products for improved network security? Download our information or find out about our portfolio – covering every stage from efficient planning to implementation.
Do you have any questions? Our experts will be glad to help!

Contact us

Brochures & Flyers

Ordering Tools and Catalogs

Customer Support

The fastest way to the experts

Proposed solutions for your queries and direct access to our experts in Technical Support

Support Request

Service offers

To remain competitive over the long term, companies in industry must ensure – and ideally increase – the availability and productivity of  machines and plants. As your partner, we offer a unique range of services and support based on our extensive technology and industry expertise.

Service offers

Well trained for excellent handling

Receive standardized or individual expertise directly from the manufacturer – with training centers in more than 60 countries.

Training Services

Follow us on Twitter:

 

Professional support

Professional support for future-proof communications networks

First-class network components will not create a first-class industrial communications network on their own. A thorough understanding of network designs is at least as important. You get both when you deal with us and our certified Solution Partners. That’s where you benefit: our Professional Services for Industrial Networks give you professional help in developing your network solution – tailored to suit your specific requirements.

Benefit from our expertise in industrial networks

Professional Services

Related topics

Industrial Security Services

Industrial Security Services

Protecting production processes and ICS control system optimally with Plant Security Services.

Cybersecurity Rugged Communication

Cybersecurity Rugged Communication

SIMATIC PCS 7

SIMATIC PCS 7

SCALANCE X – Industrial Ethernet Switches

SCALANCE X – Industrial Ethernet Switches

The basis for high-performance data networks