Siemens NK8237 MP4.70 Parts list manual

A6V10403182_a_en Building Technologies
30.09.2014 Fire Safety & Security Products
NK8237 MP4.70
Firewall Application for Sinteso
STT20 and Cerberus PRO Fire
Detection Systems
Installation
Function & Configuration
Commissioning
Safety Regulations


3
Building Technologies A6V10403182_a_en
Fire Safety & Security Products 30.09.2014
Table of contents
About this document.........................................................................................................5
1Safety regulations..............................................................................................8
1.1Country-specific standards...................................................................................8
1.2Assembly and installation.....................................................................................8
1.3Disposal and recycling .........................................................................................8
1.4Modifications to the system design and the products..........................................9
1.5Data privacy and protection .................................................................................9
2Introduction ......................................................................................................10
2.1Firewall application examples ............................................................................10
2.2What's new.........................................................................................................13
3Structure and functions...................................................................................14
3.1NK8237 hardware ..............................................................................................14
3.1.1Front panel..........................................................................................14
3.1.2Internal DIP switches..........................................................................15
3.1.3Internal jumpers..................................................................................16
3.1.4Ethernet interfaces..............................................................................16
3.1.5USB interface......................................................................................17
3.1.6SD card...............................................................................................17
4Hardware installation.......................................................................................19
4.1NK8237 hardware installation ............................................................................19
5Software installation........................................................................................23
5.1Installation checklist ...........................................................................................23
5.2Composer tool....................................................................................................23
5.3Launching Composer.........................................................................................23
5.4NK823x Web Server...........................................................................................25
5.5NW8202 IP configuration download tool............................................................26
5.5.1NW8202 hardware requirements........................................................26
5.5.2NW8202 software requirements.........................................................27
5.5.3NW8202 installation............................................................................27
5.6NW8204 maintenance and diagnostic tool.........................................................27
5.6.1NW8204 hardware requirements........................................................27
5.6.2NW8204 software requirements.........................................................27
5.6.3NW8204 installation............................................................................27
5.7Secure communication for web services............................................................28
6Configuration....................................................................................................30
6.1Configuration checklist.......................................................................................30
6.2Configuring IP settings via the NK823x Web Server .........................................30
6.3Configuring IP settings via NW8202 ..................................................................31
6.4Creating the NK8237 firewall project..................................................................33
6.5Configuring the Ethernet connections................................................................35
6.6Configuring the firewall.......................................................................................35

4
Building Technologies A6V10403182_a_en
Fire Safety & Security Products 30.09.2014
6.7Configuring the routing table..............................................................................38
6.8Configuring the relay output...............................................................................41
6.9Downloading the NK8237...................................................................................42
6.9.1Verifying the connection to the NK8237 unit.......................................42
6.9.2NK8237 configuration download.........................................................42
6.9.3NK8237 firmware download procedure...............................................43
7Maintenance and diagnostics.........................................................................45
7.1Kernel update.....................................................................................................45
7.2SNMP monitoring ...............................................................................................46
7.3The NW8204 maintenance and diagnostic tool .................................................46
7.3.1Launching NW8204 from DMS host ...................................................46
7.3.2File commands....................................................................................49
7.3.3Diagnostic functions............................................................................49
7.3.4Uploading diagnostic files...................................................................52
7.3.5Using log files......................................................................................54
7.3.6Menu "Send Default Configuration File" .............................................57
7.4The NK823x Web Server ...................................................................................58
7.5Correcting communication failures.....................................................................58
7.5.1Firewall communication problems.......................................................58
8Secure operation requirements......................................................................60

About this document
5
Building Technologies A6V10403182_a_en
Fire Safety & Security Products 30.09.2014
About this document
Purpose
This document is a guide to the installation, configuration and commissioning of the
NK8237 Modbus gateway for firewall application. It includes an overview of the
system, hardware requirements and limitations, and detailed installation and
configuration instructions.
This guide is to be used in conjunction with the
Composer Technical Manual
(document no. A6V10062401).
Scope
This document applies to the NK8237 MP4.70.
Target audience
This documentation is intended for the following users:
Project Managers
Project Engineers
Commissioning Personnel
It is assumed that individuals performing the operations described in this manual
have prior expertise and training in the field of safety and security, at least a
moderate level of familiarity with the Siemens Building Technologies product line,
and experience with the installation, configuration, and commissioning of security
management systems.
Documentation resource information
The
DMS8000 Documentation Resource Information and Glossary Guide
assembles important information regarding documentation resources. This
document contains the following:
Comprehensive definitions of the target audiences for Siemens FS DMS
documents
Training program information including the Siemens intranet link
A complete list of all available DMS8000 documents
Instructions for how to obtain a document via the Siemens intranet using the
Siemens Asset Portal
A map of relevant documents for each target audience group
Customer Support links & resources
A glossary containing definitions of all terms and acronyms used in DMS8000
documentation
To access the
DMS8000 Documentation Resource Information and Glossary
Guide
(document no. A6V10089056), go to the link and follow the document
search instructions below:
http://assetportal.bt.siemens.com/portal/index.html
1. In the Search column on the left, set:
- Segment: 04 Fire -3F
- Document Type: All
- Image Type: All
- Advanced search criterias: Select Brochure No. and enter the document
number to search for (
A6V10089056
). Alternatively, select Title and enter
the product name (
DMS8000
).
2. Click Search to start.

About this document
6
Building Technologies A6V10403182_a_en
Fire Safety & Security Products 30.09.2014
3. In the resulting area on the right, click on Contents link to show the list of
search results.
For more information such as Siemens news and announcements, visit the STEP
Web portal at:
https://workspace.sbt.siemens.com/content/00001123/default.aspx
Note: Before beginning work on the system you must have read and understood
the
Safety Regulations
section in this manual.
Liability disclaimer for damage or injuries
Before products are delivered, they are tested to ensure they function correctly
when used properly. Siemens disclaims all liability for damage or injuries caused
by the incorrect application of the instructions, or the disregard of danger
advisories. This disclaimer applies in particular to personal injuries or damage
caused by:
Improper and/or incorrect use.
Disregard of safety instructions in the documentation or on the product.
Poor maintenance or a lack of maintenance.
We have checked the contents of this manual for agreement with the hardware and
software described. Since deviations cannot be precluded entirely, we cannot
guarantee full agreement. However, the data in this manual are reviewed regularly
and any necessary corrections are included in subsequent editions. Suggestions
for improvement are welcome.
Copyrights and registered trademarks
Brand or product names mentioned in this document may be names protected by
copyright law or registered trademarks of other companies. These are mentioned
only for identification purposes and have no recommendatory character in regard to
the product or manufacturer, unless otherwise stated.
Documentation Conventions
The following table lists conventions to help you use this document in a quick and
efficient manner.
Convention Examples
Numbered Lists (1, 2, 3…) indicate a
procedure with sequential steps.
1. Turn OFF power to the field panel.
2. Disconnect the power cord.
3. Open the cabinet.
One-step procedures are indicated by a
bullet point.
Expand the Event List.
Conditions that you must complete or must
be met before beginning a procedure are
designated with a ⊳.
Results, after completing a step or at the
end of the entire procedure, are designated
with a ⇨.
⊳ The report you want to print is open.
1. Click the Print icon .
⇨ The Print dialog box appears.
2. Select the printer and click Print.
⇨ The print confirmation appears.
Bold font in a procedure indicates something
you should select or type.
Type F for Field panels.
Click OK to save changes and close the
dialog box.
Menu paths are indicated in bold. Select File > Text, Copy > Group, which
means from the File menu, then select Text,
Copy and finally Group.

About this document
7
Building Technologies A6V10403182_a_en
Fire Safety & Security Products 30.09.2014
Error and system messages are displayed in
Courier New font.
The message Definition
successfully renamed displays in the
status bar.
Italics
are used to emphasize a term. The Open Processor continuously executes
a user-defined set of instructions called the
control program
.
This symbol signifies a Note. Notes provide
additional information or helpful hints.
Caution
This is a Caution message and indicates
that minor or moderate injury or property
damage may occur if a procedure is not
followed.
Warning
This is a Warning message and indicates
that a serious injury or a severe equipment
and property damage may occur if a
procedure is not followed.
Cross references to other information in
printed material are indicated with an arrow
and the page number, enclosed in brackets:
[→92]
For more information on creating flowcharts,
see Flowcharts [→92].
Modification index
Note: For versions more than four years old, please visit the Siemens Asset Portal.
Version Date Notes
A6V10403182_a_en 09.2014 NK8237 MP4.70
For details regarding updates/modifications, see
What's new [➙ 13].
A6V10403182_a_en 06.2013 NK8237 MP4.60
First edition.

Safety regulations
1 Country-specific standards
8
Building Technologies A6V10403182_a_en
Fire Safety & Security Products 30.09.2014
1Safety regulations
This section describes the danger levels and the relevant safety regulations
applicable to the use of the products described in this manual. Please read the
following work instructions as well as the preceding section
About this document
thoroughly before beginning any work.
Danger potential to individuals
NK8237 units are powered with low voltage DC. While there are no specific safety
regulations that apply to these devices, modifications made to safety/security
systems in general may present a risk to the safety of the individual performing
those modifications, as well as to the equipment itself.
If used, the NE8001 cabinet is powered with AC voltage and the required power
cable should be installed following scrupulously the instructions given in this
manual.
1.1 Country-specific standards
Siemens Building Technologies products are developed and produced in
compliance with the relevant international and European safety standards. This
document provides warnings and recommendations specific to NK8000 products.
Any additional country-specific or local safety standards and/or regulations that
apply concerning project planning, installation, operation, and device disposal must
also be taken into account.
Note: As for any electrical equipment, proper grounding is critical to the safe
operation as it provides a protection against electrical shocks. Before starting any
activity, be sure that the electrical installation complies with relevant regulations
and conforms to local safety standards.
1.2 Assembly and installation
The NK8237 units and NE800x cabinets should always be installed in a clean and
stable environment; see the specific requirements given in the Technical Data
section of the specific datasheets.
In particular, keep units and cabinets away from the following:
High levels of dust
High temperature and humidity
Locations where it might became wet
Vibration and impact
Also, abide by the safety regulations of the connected devices.
1.3 Disposal and recycling
These devices include electrical and electronic components and must
not be disposed of as domestic waste.
Current local legislation must be observed.
The NK8237 units have been manufactured as much as possible from materials
that can be recycled or disposed of in a manner that is not environmentally
damaging. However, they contain parts (batteries) that require disposal in a
controlled waste stream according to local environmental standards and/or
regulations.

Safety regulations
Modifications to the system design and the products 1
9
Building Technologies A6V10403182_a_en
Fire Safety & Security Products 30.09.2014
1.4 Modifications to the system design and the
products
Note: Modifications to a system or to individual products may cause faults or
malfunctioning.
Please request written approval from Siemens Building Technologies and from any
relevant authorities concerning intended system modifications and system
extensions.
1.5 Data privacy and protection
Make sure that the configuration of the system complies with local data privacy and
protection regulations.

Introduction
2 Firewall application examples
10
Building Technologies A6V10403182_a_en
Fire Safety & Security Products 30.09.2014
2Introduction
The NK8000 family provides LAN/WAN adapter products for a safety and security
network:
The NK822x series (phased out).
The NK823x series.
The NK8237 Modbus Gateway.
The
NK8237 Modbus Gateway
for Sinteso FS20, STT20 and Cerberus PRO
FS720 fire detection systems provides a connection (TCP/IP or Serial RTU) to a
3rd party Modbus station/unit for supervision and control of fire systems.
The products of the NK823x series and the NK8237 Modbus Gateway have a built
in firewall. This manual describes how the
NK8237
can be used as pure firewall,
without using the Modbus Gateway functionality, for protecting Sinteso FS20,
STT20 and Cerberus PRO FS720 fire detection systems.
2.1 Firewall application examples
In Sinteso FS20, STT20 and Cerberus PRO FS720 fire detection systems the
connection to external networks or external access must be configured via a
firewall for security reasons. The NK823x firewall application can protect individual
stations or the entire network from the following events:
protection against attacks which impair the functionality of the FS20 system
unauthorized access
spying on data
data manipulation
The following pictures show typical use cases for the NK8237 as firewall in different
Sinteso configurations.
COM1
COM2
COM3
COM4
Power
Tamper
Download
Diagnostics
NK8237
firewall
GAP
Station
External network
Internal network
Management station
(e.g. MM8000 or 3rd party) Engineering tool
(e.g. SintesoWork, SintesoView)
Standalone station

Introduction
Firewall application examples 2
11
Building Technologies A6V10403182_a_en
Fire Safety & Security Products 30.09.2014
COM1
COM2
COM3
COM4
Power
Tamper
Download
Diagnostics
NK8237
firewall
GAP
Station
External network
Internal network
Management station
(e.g. MM8000 or 3rd party) Engineering tool
(e.g. SintesoWork, SintesoView)
Networking via Ethernet
COM1
COM2
COM3
COM4
Power
Tamper
Download
Diagnostics
NK8237
firewall
External network
Internal network
SAFEDLINK
GAP
Station
Management station
(e.g. MM8000 or 3rd party) Engineering tool
(e.g. SintesoWork, SintesoView)
Networking via SAFEDLINK

Introduction
2 Firewall application examples
12
Building Technologies A6V10403182_a_en
Fire Safety & Security Products 30.09.2014
COM1
COM2
COM3
COM4
Power
Tamper
Download
Diagnostics
NK8237
firewall
External network
Internal network
GAP
Station
SAFEDLINK
Management station
(e.g. MM8000 or 3rd party) Engineering tool
(e.g. SintesoWork, SintesoView)
Networking via SAFEDLINK and Ethernet
External network
Internal network 1
GAP
Station
SAFEDLINK
Management station
(e.g. MM8000 or 3rd party)
COM1
COM2
COM3
COM4
Power
Tamper
Download
Diagnostics
NK8237
firewall
Internal network 2 Internal network 3
GAP
Station
SAFEDLINK
COM1
COM2
COM3
COM4
Power
Tamper
Download
Diagnostics
NK8237
firewall
COM1
COM2
COM3
COM4
Power
Tamper
Download
Diagnostics
NK8237
firewall
Engineering tool
(e.g. SintesoWork, SintesoView)
Multiple sites

Introduction
What's new 2
13
Building Technologies A6V10403182_a_en
Fire Safety & Security Products 30.09.2014
COM1
COM2
COM3
COM4
Power
Tamper
Download
Diagnostics NK8237
firewall
External network
Internal network
SAFEDLINK
SAFEDLINK
GAP
Station
FIBER NETWORK (LAN)
Management station
(e.g. MM8000 or 3rd party) Engineering tool
(e.g. SintesoWork, SintesoView)
Extended SAFEDLINK network
2.2 What's new
Here is the list of modifications for new functions and software improvements.
Section Modifications
NK823x Web Server [➙ 25]
Configuring IP settings via the NK823x Web
Server [➙ 30]
The NK823x Web Server [➙ 58]
New NK823x Web Server to configure IP
addresses and get diagnostic information.
NW8204 installation [➙ 27] Added command line for silent installation.
Secure communication for web services [➙ 28] Added section to manage the security certificate
for web services.
Configuring IP settings via NW8202 [➙ 31]
Downloading the NK8237 [➙ 42]
Kernel update [➙ 45]
The NW8204 maintenance and diagnostic tool
[➙ 46]
New support of FTP passive mode.
Configuring the routing table [➙ 38] New support of Open Shortest Path First (OSPF)
protocol for dynamic routing.
Configuring the relay output [➙ 41] New network diagnostic information via the relay
output.

Structure and functions
3 NK8237 hardware
14
Building Technologies A6V10403182_a_en
Fire Safety & Security Products 30.09.2014
3Structure and functions
3.1 NK8237 hardware
The NK8237 is composed of an electronic board installed in a compact and robust
plastic box.
NK8237 gateway unit
3.1.1 Front panel
The front panel houses 9 LED’s.
Left Side LED’s
The five LED’s on the left side are, from top to bottom:
Power (LED green)
Power (hardware – controlled).
Vital functions (LED green)
Software vitality:
Blinking (1 flash)
: core software running.
Blinking (2 flash)
: core software running and logging function active.
Tamper (LED bicolor)
Unit tamper:
Red
means tamper alarm (hardware controlled).
Green
means tamper disabled (from management station).
Download (LED red)
Network diagnostics:
Off
: status OK.
Blinking (1 flash)
: missing identification from NS8xxx.
Blinking (2 flashes)
: not used.
Blinking (3 flashes)
: FTP channel open (default mode; for switch settings see
Internal DIP Switches
.
On
: critical/hardware fault.
Diagnostics (LED yellow)
Internal interface diagnostics:
Off
: status OK.
Blinking (fast)
: booting operating system after restart.

Structure and functions
NK8237 hardware 3
15
Building Technologies A6V10403182_a_en
Fire Safety & Security Products 30.09.2014
Blinking (1 flash)
: missing or insufficient license.
Blinking (2 flashes)
: trouble with the I2C bus to I/O modules.
Blinking (3 flashes)
: not used
Blinking (4 flashes)
: trouble with the serial/network interface.
Blinking (5 flashes)
: trouble with DLL or RCLOCK file(s).
Blinking (6 flashes)
: Modbus GW trouble.
– SW trouble.
– No communication to FS20/FS720 or to the Modbus Master/Client.
– No NK8237 or FS20/FS720 registers reading (Modbus Master watchdog
expired).
On
: critical/hardware fault.
Right Side LED’s
The four LED's on the right side are, from top to bottom:
Name Function
Com1 Status Com1
Com2 Status Com2
Com3 (not used) Status Com3
Com4 (not used) Status Com4
Red: RX
Green: TX
3.1.2 Internal DIP switches
The internal DIP switches (S101) enable a download session via FTP using a
default IP address and the NK823x Web Server.
Internal switch Functions
DIP switch 1 Default mode/network access: If DIP switch 1 is ON, an FTP connection
occurs by default on the Ethernet 1 at the default IP address 192.168.9.41
and the NK823x Web Server is enabled.
DIP switch 2 Default mode/network access: If DIP switch 2 is ON, an FTP connection
occurs by default on the Ethernet 2 at the default IP address 192.168.10.41
and the NK823x Web Server is enabled.
DIP switch 1 and 2 Default mode/network access: If DIP switch 1 and 2 are ON, an FTP
connection occurs by default on the Ethernet 1 at the default IP address
192.168.9.41 and on the Ethernet 2 at the default IP address 192.168.10.41
and the passwords of the NK823x Web Server are set back to the default
values.

Structure and functions
3 NK8237 hardware
16
Building Technologies A6V10403182_a_en
Fire Safety & Security Products 30.09.2014
3.1.3 Internal jumpers
1 2 3
X1 X2 X3 X101 X102 X103 X104 X105
X111
4
Internal DIP switch and jumpers (NKM8001-A2 mainboard)
Item Name Description
1 S101 DIP-Switches
2 S1 Reset button
3 S2 Tamper switch
4 X115 When closed, it disables the box tamper alarm.
3.1.4 Ethernet interfaces
The NK8237 main board is equipped with two Ethernet interfaces. The two RJ-45
connectors also include 2 LEDs (yellow and green) reporting the LAN status as
follows:
Yellow LED: if on, a 100 Mbps link is active.
Green LED: flashing when data is received or transmitted.

Structure and functions
NK8237 hardware 3
17
Building Technologies A6V10403182_a_en
Fire Safety & Security Products 30.09.2014
2
Back
1
Ethernet connectors
Item Description
1 Ethernet 1
2 Ethernet 2
3.1.5 USB interface
The NK8237 main board is equipped with a USB interface you can use to log data
about network communications on a USB mass storage device (see
Network
Connectivity Guide
, document no.A6V10359485).
3.1.6 SD card
The NK8237 mainboard is equipped with a 16 GB SD card. The SD card slot is
located below the CPU module and can be accessed only by removing the plastic
housing. The SD card can be used to log data about network communications (see
Network Connectivity Guide
, document no.A6V10359485).

Structure and functions
3 NK8237 hardware
18
Building Technologies A6V10403182_a_en
Fire Safety & Security Products 30.09.2014
1
SD card slot location on the mainboard
Item Description
1 SD card slot

Hardware installation
NK8237 hardware installation 4
19
Building Technologies A6V10403182_a_en
Fire Safety & Security Products 30.09.2014
4Hardware installation
The NK8237 unit can be installed in the existing cabinets by mounting the plastic
housing on a DIN rail.
Environmental requirements
The NK82xx units should always be installed in a protective housing, away from
dust, high temperature and humidity, vibrations and impacts.
Conditions and power supply should match the specific requirements given in the
Technical Data section on the specific NK82xx model datasheet.
Network requirements
Ethernet IEEE 802.3, 10Base-T (100Base-T also possible for NK823x), RJ-45
connection
Fixed IP address (DHCP not supported)
Stable network with guaranteed transmission characteristics (no down-times for
maintenance, predictable network load).
For the special mounting kits, refer to the NK8000 datasheets.
WARNING
The installation must be carried out by technically qualified personnel.
4.1 NK8237 hardware installation
Installation
1. Install the NK8237 unit on the DIN rail.
2. Connect fire subsystems on the Ethernet line.
3. Connect the Modbus serial device line or the Modbus station Ethernet line.
4. If used, connect the power supply supervision module DF8090.
5. Connect power supply.
See Figure
NK8237 power supply
if using a DF8090 supervision module.
WARNING
Do not connect or disconnect any device when the device is powered on!

Hardware installation
4 NK8237 hardware installation
20
Building Technologies A6V10403182_a_en
Fire Safety & Security Products 30.09.2014
Top view
Back
6 7 851 234
NK8237 electrical interfaces (top view)
Item Name Description
1 X1 USB
2 X2 Ethernet 2
3 X3 Ethernet 1
4 X101 1 output
5 X102 3 inputs
6 X103 Power supply
7 X104 RS485 (in place of COM1)
8 X105 RS485 (in place of COM2)
Bottom view
1 2
Serial RS232-interfaces (bottom view)
Item Name Description
1 COM 1 In place of X104.
2 COM 2 In place of X105.
Power connections
Note the dual power supply input for redundant solutions.
Table of contents
Other Siemens Firewall manuals
Popular Firewall manuals by other brands

PaloAlto Networks
PaloAlto Networks PA-5200 Series Hardware reference

Hillstone
Hillstone SG-6000 X Series reference guide

IBM
IBM GX7 Series Replacement instructions

Juniper
Juniper SRX5600 quick start guide

NETGEAR
NETGEAR FVS338 - ProSafe VPN Firewall 50 Router reference guide

Fortinet
Fortinet FortiWiFi 60CX-ADSL-A quick start guide

Cisco
Cisco PIX-525-UR-BUN - PIX 525 Unrestricted Bundle user guide

vpneveryone
vpneveryone HTTPS VPN Secure WiFi USB Dongle user guide

Dell
Dell NSA E8500 Getting started guide

Fortinet
Fortinet FortiGate FortiGate-100A install guide

Cisco
Cisco Cisco ASA 5510 quick start guide

Fortinet
Fortinet FortiGate-60 series quick start guide