Open topic with navigation

SCADAPack x70

Add and Configure the Entries in an IP Whitelist Table

This topic only applies to SCADAPack x70 devices on which the Enable IP Whitelist check box is selected (see Enable or Disable the IP Whitelist).

Ensure that the check box is clear if you do not intend using the IP Whitelist. By design, the Download Configuration pick action is not available on outstations on which the IP Whitelist is enabled, but the IP Whitelist Table is empty. This is to help prevent loss of communications between Geo SCADA Expert and the SCADAPack x70 device.

You use a SCADAPack x70 IP Whitelist Table to specify the addresses and services from which a particular SCADAPack x70 device is to accept inward network traffic. When the IP Whitelist is enabled (see above), only network traffic that is transmitted from addresses and services that are included in the IP Whitelist Table is accepted; network traffic that is transmitted from addresses and services that are not included in the IP Whitelist Table is ignored.

You use the table to specify the IP addresses and other parameters of permitted IP network traffic. You need to add an entry for each non-local IP address from which the SCADAPack x70 device is permitted to accept data.

WARNING

communication loss

Omission of IP addresses that are used by Geo SCADA Expert can lead to loss of communication between Geo SCADA Expert and your SCADAPack x70 device. Similarly, omission of IP addresses that are used by other devices with which the SCADAPack x70 device is expected to communicate can lead to loss of communication between the SCADAPack x70 device and those devices.
Verify that the required IP addresses are included in the IP Whitelist Table and that the specified settings are valid for the device and your network.
Failure to follow these instructions can result in death or serious injury.

The entries that you specify in an IP Whitelist Table are persistent (that is, they are retained when the SCADAPack x70 device restarts).

In the Geo SCADA Expert database, the table is built into the SCADAPack x70 Device Configuration item to which it relates. Changes made to the whitelist configuration are downloaded to the SCADAPack x70 device when that device's Download Configuration pick action is next executed.

 

You specify these properties for each entry in a SCADAPack x70 IP Whitelist Table:

IP Address

The IP address of the source of permitted network traffic. This could be the IP address of a device, a monitor PC, or another address. Use the IP Address in conjunction with the Subnet Mask to identify either a single source address, or a range of source IP addresses.

The valid format is nnn.nnn.nnn.nnn. Omit any leading zeros from the address.

 

192.168.0.1

Subnet Mask

Used in conjunction with the IP Address to identify either a single source address, or one of a range of source addresses (a subnet) to which the SCADAPack x70 device is permitted to receive TCP/IP packets.

The valid format is nnn.nnn.nnn.nnn. Omit any leading zeros from the address.

 

255.255.255.255

Description

Short descriptive text used to identify the entry. The maximum length is 64 characters.

Traffic Direction

The direction(s) in which traffic is permitted for this IP address.

When adding or editing an entry in the table, you use a combo box to select the required direction. The options are Inbound and Outbound, Inbound, and Outbound. The default is Inbound and Outbound.

Port Number

This property only applies when the Permitted Services (see below) is set to 'Custom Service'. The property is used to specify a custom Port Number via which IP traffic is permitted. The Port Number has to be in the range 0 to 65535 inclusive.

Protocol

This property only applies when the Permitted Services (see below) is set to 'Custom Service'. The property is used to specify the data transmission protocol via which network traffic is permitted.

When adding or editing an entry in the table, you use a combo box to select the required protocol. The options are TCP, UDP, and TCP and UDP. The default is TCP.

Permitted Services

Used to specify the service(s) for which traffic is permitted for this particular IP address. At least one option has to be selected. The options are:

  • DNP3 over TCP
  • DNP3 over UDP
  • Modbus/TCP
  • Modbus RTU over TCP
  • Modbus RTU over UDP
  • Logic Debug Service
  • Telnet
  • FTP
  • HART Pass Through
  • Terminal Server for Serial Port 1
  • Terminal Server for Serial Port 2
  • Terminal Server for Serial Port 3
  • Terminal Server for Serial Port 4
  • ICMP Ping Traffic
  • All ICMP Traffic
  • Custom Service.

The options that are available for selection vary, depending on the model of SCADAPack x70 device and the configuration of its ports (see Device Configuration Serial Port Tabs and see Device Configuration IP Communications Tab). Options that are not applicable are 'grayed out' and unavailable for use.

With the ICMP options, 'ICMP Ping Traffic' only permits ping traffic via the specified IP address, whereas 'All ICMP Traffic' permits all ICMP traffic via that IP address, including ping traffic.

Use the 'Custom Service' option if you want to specify a custom Port Number and transmission Protocol for which network traffic is to be permitted from a particular IP address.

ClosedTo add an entry to an IP Whitelist Table:
  1. Display the Table for the relevant SCADAPack x70 Device Configuration item.
  2. Select the IP Whitelist Table tab to display the IP Whitelist Table.
  3. Select the Add IP Address button.
    The Add IP Whitelist Entry dialog box is displayed.

  4. Populate the fields as required (see above).

    A diagnostic message indicates the fields that need populating with values that have to take a specific format, or for which at least one option needs selecting. The diagnostic message is removed once the fields are populated with values that have the required format, and when at least one Permitted Services option is selected.

  5. Select the OK button to close the dialog box and add the entry to the table.
ClosedTo edit an entry in an IP Whitelist Table:
  1. Display the Table for the relevant SCADAPack x70 Device Configuration item.
  2. Select the IP Whitelist Table tab to display the IP Whitelist Table.
  3. Either:
    • Double-click on the entry that you want to edit.

    Or:

    1. Click on the address that you want to edit.
    2. Select the Edit IP Address button.

    The Edit IP Whitelist Entry dialog box is displayed.

     

  4. Change the address's configuration as required.
  5. Select the OK button to confirm the changes, close the dialog box, and update the Table.
ClosedTo delete an obsolete entry from an IP Whitelist Table:
  1. Display the Table for the relevant SCADAPack x70 Device Configuration item.
  2. Select the IP Whitelist Table tab to display the IP Whitelist Table.
  3. Select the entry for the address that is no longer required.
  4. Select the Remove IP Address button. (The button is only available for use when an entry is selected in the table.)
    The address that was highlighted is removed from the table.
ClosedTo sort the entries that are displayed in an IP Whitelist Table:
  • Click on the column heading by which you want to sort the entries in the table. (To reverse the sorting order, click on the same column heading again.) The order in which the entries are sorted does not impact on the whitelist's functionality.

    When you redisplay the table, the entries are listed in the order in which they were added to the table.

Disclaimer

Geo SCADA Expert 2020

© 2020 AVEVA Group Plc.  All Rights Reserved.

The Schneider Electric industrial software business and AVEVA have merged to trade as AVEVA Group plc, a UK listed company. Schneider Electric, Life is On Schneider Electric and EcoStruxure are trademarks and the property of Schneider Electric SE and are being licensed to AVEVA by Schneider Electric.