Firewalling a communication PLC between two separate process networks

remullis

Member
R
Join Date
Oct 2012
Location
Georgia
Posts
179
I have a unique situation where we have two separate process networks ( plc, HMI, etc only).

The two process networks are are owned by two separate companies which share the same real estate and have conveying control equipment that would need to be split. These two companies were split in a acquisition.

Company A does not want Company B to have access to there network and the other way around. This scenario is only for one year. We are are working on a long term plan to split shared plc I/O into company A's own process network.

Temporarily
Has anyone ever ran into this type of situation. I am not sure if a bridge plc could be put in place between company A and B's plcs to handle the necessary messaging and switches between here to block the access of company A and B data access. I know this probably makes no sense, but here we are. lol Thanks in advance.
 
Well, you already know it's a thorny problem and without spending days learning all the details and expectations I only have some general advice.

- Start with what has to be communicated between them. That should help narrow the focus.

- having "routable" protocol which means anything ethernet related can be problematic. Consider having a Ethernet/IP to Modbus RTU gateway on each side. then, the only connect between A/B is a serial cable.

- Firewall is easy to get, hard to configure and quite useless unless it's configured properly.
 
Use a firewall to split the network for a temporary solution but if company A has physical access to the equipment of B and if B has physical access to the equipment of A then you have to split the physical network to be really secure and on the network, you would need to employ NAC network access control so that new devices connected to the network are rejected without pre-approval and any attempts of connection of foreign equipment are logged and alarmed.
 
remullis said:
I think we may have 10 points of I/O to manage between. Thanks for the input. I will look into this.
Click to expand...
Since there's only a few I/O, have you considered hardwiring it from one side's outputs to the other's inputs?
 
Perhaps a modbus gateway that can support 2 separate networks. All the interaction between network is done inside the gateway. Prosoft makes such a thing, I have used it for a similar purpose.
 
If you configure the A devices to a different subnet than the B devices, the communication between them will be cut, even if they share the same physical network (cables and switches) and without having to use a firewall

Example:
Subnet A 192.168.1.* Mask 255.255.255.0
Subnet B 192.168.2.* Mask 255.255.255.0
 

Similar Topics

S
Communication not done between Woodward controller and PhoenixIO
I have Woodward Controller EASYGEN-3500XT and Phoenixcontact make IO CAN-CUPLER part no: 2702230, Analog Input card: 2861412, Analog Output Card ...
Replies
0
Views
39
Sandeep Patel
S
P
Communication Between Compact Logix and Guard Logix Error
Hello Everyone, I have a issue with communication between two different PLCs. So here is the facts, The Master PLC is Guard Logix 5069 with IP...
Replies
4
Views
98
Ken Roach
Ken Roach
A
communication between two siemens plc's with different ip address
i have two plc 1. s7-1212dc/dc/dc ip; 192.168.0.1 2. s7-1500 1513-1pn ip; 192.168.3.2 i need to get data from plc1 to plc2. any idea how to do...
Replies
5
Views
125
mk42
M
A
WinCC Unified and PLC weird communication issue
I have created a project in TIA Portal v16 Upd6 with S7-1200 (6ES7214-1AG40-0XB0) and WinCC Unified (PC station). The communication between the...
Replies
4
Views
147
mk42
M
H
No communication with PLC 90-70
Hello We have installed several G.E. Fanuc 90 70 PLC Everything was ok but suddenly we can not communicate anymore with any PLC with the software...
Replies
0
Views
81
Hazatov
H
Back
Top Bottom