How to Configure an IPsec CyberSecure Communication with M580 | Schneider Electric Support

This video shows how to create a cyber secure Ethernet communication between the BMENOC0301/0311 and other devices, like applications running on a virtualized environment (OPC Server, SCADA, Historian, etc.). ►Learn More: http://spr.ly/SchneiderElectric/produ...

►How can I Reduce Vulnerability to Cyber Attacks: https://download.schneider-electric.c...

EcoStruxure Control Expert version 14.1
Modicon M580 version 3.10
BMENOC0301 version 2.18

►Windows Firewall Configuration
Step 2: netsh advfirewall set global mainmode mmkeylifetime 2879min,0sess
Step 3: netsh advfirewall set global mainmode mmsecmethods dh2048_variable
Edit dh2048_variable in the command according to your Enable DH 2048 selection:
unchecked: dhgroup2:aes128-sha256
checked: dhgroup14:aes128-sha256
Step 4: netsh advfirewall consec add rule name="BMENOC0301_rule_xyz"
endpoint1=xxx.xxx.xxx.xxx/xx endpoint2=yyy.yyy.yyy.yyy/yy
action=requireinrequireout description="DH2048&confidentiality_state"
mode=transport enable=yes profile=public type=static protocol=any
auth1=computerpsk auth1psk=YourPskGoesHere qmpfs=none
qmsecmethods=confidentiality_variable
Edit the command:
BMENOC0301_rule_xyz: Modify to meet your application needs.
xxx.xxx.xxx.xxx/xx: Use the IP address of the Control Expert host (PC or device).
yyy.yyy.yyy.yyy/yy: Use the IP address of the BMENOC301/311 module
DH2048&confidentiality_state: Modify this description to reflect the state of the
check boxes (Enable DH 2048, Enable Confidentiality).
YourPskGoesHere: Use the pre-shared key that is configured in the DTM.
Edit confidentiality_variable according to your Enable Confidentiality selection:
unchecked: ah:sha256+1440min
checked: esp:sha256-aes128+1440min

►Click here to subscribe to Schneider Electric: https://www.youtube.com/c/schneiderel...

Connect with Schneider Electric:
►Global Website: http://spr.ly/SchneiderElectric
►Discover our Services: http://spr.ly/SE-Services
►Visit our Blog: http://spr.ly/SE-Blog
►Job Opportunities: http://spr.ly/SE-Careers
►LinkedIn:   / schneider-electric  
►Facebook:   / schneiderelectric  
►Twitter:   / schneiderelec