Siemens SIMATIC NET SCALANCE S615 User manual
___________________
___________________
___________________
___________________
___________________
___________________
___________________
___________________
SIMATIC NET
Industrial Ethernet Security
SCALANCE S615
Operating Instructions
08/2018
C79000
-G8976-C389-04
Preface
Security recommendations
1
Description of the device
2
Installation
3
Connecting up
4
Dimension drawings
5
Technical specifications
6
Approvals
A
Siemens AG
Division Process Industries and Drives
Postfach 48 48
90026 NÜRNBERG
GERMANY
Document order number: C79000-G8976-C389
Ⓟ
07/2018 Subject to change
Copyright © Siemens AG 2015 - 2018.
All rights reserved
Legal information
Warning notice system
This manual contains notices you have to observe in order to ensure your personal safety, as well as to prevent
damage to property. The notices referring to your personal safety are highlighted in the manual by a safety alert
symbol, notices referring only to property damage have no safety alert symbol. These notices shown below are
graded according to the degree of danger.
DANGER
indicates that death or severe personal injury will result if proper precautions are not taken.
WARNING
indicates that death or severe personal injury may result if proper precautions are not taken.
CAUTION
indicates that minor personal injury can result if proper precautions are not taken.
NOTICE
indicates that property damage can result if proper precautions are not taken.
If more than one degree of danger is present, the warning notice representing the highest degree of danger will
be used. A notice warning of injury to persons with a safety alert symbol may also include a warning relating to
property damage.
Qualified Personnel
The product/system described in this documentation may be operated only by
personnel qualified
for the specific
task in accordance with the relevant documentation, in particular its warning notices and safety instructions.
Qualified personnel are those who, based on their training and experience, are capable of identifying risks and
avoiding potential hazards when working with these products/systems.
Proper use of Siemens products
Note the following:
WARNING
Siemens products may only be used for the applications described in the catalog and in the relevant technical
documentation. If products and components from other manufacturers are used, these must be recommended
or approved by Siemens. Proper transport, storage, installation, assembly, commissioning, operation and
maintenance are required to ensure that the products operate safely and without any problems. The permissible
ambient conditions must be complied with. The information in the relevant documentation must be observed.
Trademarks
All names identified by ® are registered trademarks of Siemens AG. The remaining trademarks in this publication
may be trademarks whose use by third parties for their own purposes could violate the rights of the owner.
Disclaimer of Liability
We have reviewed the contents of this publication to ensure consistency with the hardware and software
described. Since variance cannot be precluded entirely, we cannot guarantee full consistency. However, the
information in this publication is reviewed regularly and any necessary corrections are included in subsequent
editions.
SCALANCE S615
Operating Instructions, 08/2018, C79000-G8976-C389-04 3
Preface
Purpose of the Operating Instructions
These operating instructions contain information with which you will be able to install and
connect up a device of the SCALANCE S product line. The configuration and the integration
of the device in a network are not described in these instructions.
Validity of the manual
These operating instructions apply to the following device:
●SCALANCE S615
Further documentation
●System manual "Industrial Ethernet"
The system manual contains information on other SIMATIC NET products that you can
operate along with the devices of this product line in an Industrial Ethernet network.
There, you will find among other things optical performance data of the communications
partner that you require for the installation.
The "SIMATIC NET Industrial Ethernet" system manual can be found on the Internet
pages of Siemens Industry Online Support under the following entry ID: 27069465
(https://support.industry.siemens.com/cs/ww/en/view/27069465)
●"Passive network components" system manual
This system manual contains installation instructions for several of the most common
components and guidelines for setting up networked automation plants in buildings.
The "Passive network components" system manual can be found on the Internet pages of
Siemens Industry Online Support under the following entry ID: 84922825
(https://support.industry.siemens.com/cs/ww/en/view/84922825)
Preface
SCALANCE S615
4Operating Instructions, 08/2018, C79000-G8976-C389-04
SIMATIC NET manuals
You will find SIMATIC NET manuals on the Internet pages of Siemens Industry Online
Support:
●using the search function:
Link to Siemens Industry Online Support
(https://support.industry.siemens.com/cs/ww/en/)
Enter the entry ID of the relevant manual as the search item.
●In the navigation panel on the left hand side in the area "Industrial Communication":
Link to the area "Industrial Communication"
(https://support.industry.siemens.com/cs/ww/en/ps/15247/pm)
Go to the required product group and make the following settings:
tab "Entry list", Entry type "Manuals"
You will find the documentation for the SIMATIC NET products relevant here on the data
medium that ships with some products:
●Product CD / product DVD
●SIMATIC NET Manual Collection
You will find the article numbers for the Siemens products of relevance here in the following
catalogs:
●SIMATIC NET Industrial Communication / Industrial Identification, catalog IK PI
●SIMATIC Products for Totally Integrated Automation and Micro Automation, catalog
ST 70
●Industry Mall - catalog and ordering system for automation and drive technology, Online
catalog (https://mall.industry.siemens.com)
You can request the catalogs and additional information from your Siemens representative.
You will find the article numbers for the Siemens products of relevance here in the following
catalogs:
●SIMATIC NET Industrial Communication / Industrial Identification, catalog IK PI
●SIMATIC Products for Totally Integrated Automation and Micro Automation, catalog
ST 70
●Industry Mall - catalog and ordering system for automation and drive technology, Online
catalog (https://mall.industry.siemens.com)
You can request the catalogs and additional information from your Siemens representative.
Preface
SCALANCE S615
Operating Instructions, 08/2018, C79000-G8976-C389-04 5
Security information
Siemens provides products and solutions with industrial security functions that support the
secure operation of plants, systems, machines and networks.
In order to protect plants, systems, machines and networks against cyber threats, it is
necessary to implement – and continuously maintain – a holistic, state-of-the-art industrial
security concept. Siemens’ products and solutions constitute one element of such a concept.
Customers are responsible for preventing unauthorized access to their plants, systems,
machines and networks. Such systems, machines and components should only be
connected to an enterprise network or the internet if and to the extent such a connection is
necessary and only when appropriate security measures (e.g. firewalls and/or network
segmentation) are in place.
For additional information on industrial security measures that may be implemented, please
visit
Link: (https://www.siemens.com/industrialsecurity)
Siemens’ products and solutions undergo continuous development to make them more
secure. Siemens strongly recommends that product updates are applied as soon as they are
available and that the latest product versions are used. Use of product versions that are no
longer supported, and failure to apply the latest updates may increase customers’ exposure
to cyber threats.
To stay informed about product updates, subscribe to the Siemens Industrial Security RSS
Feed under
Link: (https://www.siemens.com/industrialsecurity)
Recycling and disposal
The products are low in pollutants, can be recycled and meet the requirements of the WEEE
directive 2012/19/EU for the disposal of electrical and electronic equipment.
Do not dispose of the products at public disposal sites.
For environmentally friendly recycling and the disposal of your old device contact a certified
disposal company for electronic scrap or your Siemens contact (Product return
(https://support.industry.siemens.com/cs/ww/en/view/109479891)).
Note the different national regulations.
Trademarks
The following and possibly other names not identified by the registered trademark sign ®are
registered trademarks of Siemens AG:
SCALANCE, SINEMA, KEY-PLUG, C-PLUG
Preface
SCALANCE S615
6Operating Instructions, 08/2018, C79000-G8976-C389-04
License conditions
Note
Open source software
Read the license conditions for open source software carefully before using the product.
You will find license conditions in the following documents on the supplied data medium:
●M87x, M81x, M826: OSS_Scalance-M-800-S615_86.pdf
●M804PB: OSS_Scalance-M-804_86.pdf
SIMATIC NET glossary
Explanations of many of the specialist terms used in this documentation can be found in the
SIMATIC NET glossary.
You will find the SIMATIC NET glossary on the Internet at the following address:
50305045 (https://support.industry.siemens.com/cs/ww/en/view/50305045)
SCALANCE S615
Operating Instructions, 08/2018, C79000-G8976-C389-04 7
Table of contents
Preface ................................................................................................................................................... 3
1 Security recommendations...................................................................................................................... 9
2 Description of the device....................................................................................................................... 15
2.1 Product characteristics............................................................................................................15
2.2 Unpacking and checking.........................................................................................................16
2.3 Accessories.............................................................................................................................17
2.4 Terminals ................................................................................................................................18
2.5 LED display.............................................................................................................................20
2.6 SET button ..............................................................................................................................22
2.7 C-PLUG and KEY-PLUG ........................................................................................................24
3 Installation ............................................................................................................................................ 25
3.1 Safety notices for installation ..................................................................................................25
3.2 Securing the housing ..............................................................................................................27
3.3 Wall mounting .........................................................................................................................28
3.4 Installing on the DIN rail..........................................................................................................29
3.5 Installing on the S7-300 standard rail .....................................................................................30
3.6 Installing on the S7-1500 standard rail ...................................................................................31
3.7 Installation in a 19" mounting frame .......................................................................................32
3.8 Mounting on a pedestal...........................................................................................................34
4 Connecting up....................................................................................................................................... 37
4.1 Safety when connecting up.....................................................................................................37
4.2 Power supply ..........................................................................................................................39
4.3 Grounding ...............................................................................................................................41
4.4 Digital input/output ..................................................................................................................42
4.5 Ethernet port ...........................................................................................................................45
4.6 Replacing the PLUG ...............................................................................................................46
5 Dimension drawings.............................................................................................................................. 49
5.1 SCALANCE S615 ...................................................................................................................49
5.2 19" installation frame ..............................................................................................................51
6 Technical specifications ........................................................................................................................ 53
A Approvals.............................................................................................................................................. 57
Table of contents
SCALANCE S615
8Operating Instructions, 08/2018, C79000-G8976-C389-04
A.1 INSTALLATION...................................................................................................................... 58
A.2 EU declaration of conformity (*** TRANSLATION IN PROCESS! ***) .................................. 59
A.2.1 ATEX...................................................................................................................................... 60
A.2.2 EMC directive (*** TRANSLATION IN PROCESS! ***) ......................................................... 60
A.2.3 RoHS...................................................................................................................................... 61
A.3 (*** TRANSLATION IN PROCESS! ***)................................................................................. 62
A.3.1 ATEX...................................................................................................................................... 62
A.3.2 IECEx ..................................................................................................................................... 64
A.3.3 RCM / C-TICK........................................................................................................................ 64
A.3.4 FM certification....................................................................................................................... 65
A.3.5 UL certification (product safety) ............................................................................................. 65
A.3.6 UL HAZ. LOC certification (explosion protection) .................................................................. 66
A.3.7 EAC........................................................................................................................................ 66
Index .................................................................................................................................................... 67
SCALANCE S615
Operating Instructions, 08/2018, C79000-G8976-C389-04 9
Security recommendations
1
To prevent unauthorized access, note the following security recommendations.
General
●You should make regular checks to make sure that the device meets these
recommendations and/or other security guidelines.
●Evaluate your plant as a whole in terms of security. Use a cell protection concept with
suitable products.
Link: (https://www.industry.siemens.com/topics/global/en/industrial-
security/pages/default.aspx)
●Separate connections correctly (WBM. Telnet, SSH etc.).
Physical access
●Limit physical access to the device to qualified personnel.
The memory card or the PLUG (C-PLUG, KEY-PLUG) contains sensitive data such as
certificates, keys etc. that can be read out and modified.
●Lock unused physical ports on the device. Unused ports can be used to gain forbidden
access to the plant.
Software (security functions)
●Keep the software up to date. Check regularly for security updates of the product.
You will find information on this on the Internet pages "Industrial Security
(https://www.siemens.com/industrialsecurity)".
●Inform yourself regularly about security advisories and bulletins published by Siemens
ProductCERT (https://www.siemens.com/cert/en/cert-security-advisories.htm).
●Only activate protocols that you really require to use the device.
●Restrict access to the management of the device with firewall rules.
●The option of VLAN structuring provides good protection against DoS attacks and
unauthorized access. Check whether this is practical or useful in your environment.
●Use a central logging server to log changes and accesses. Operate your logging server
within the protected network area and check the logging information regularly.
●We recommend formatting a PLUG that is not being used.
Passwords
●Define rules for the use of devices and assignment of passwords.
●Regularly update passwords and keys to increase security.
Security recommendations
SCALANCE S615
10 Operating Instructions, 08/2018, C79000-G8976-C389-04
●Change all default passwords for users before you operate the device.
●Only use passwords with a high password strength. Avoid weak passwords for example
password1, 123456789, abcdefgh.
●Make sure that all passwords are protected and inaccessible to unauthorized personnel.
●Do not use the same password for different users and systems or after it has expired.
Keys and certificates
This section deals with the security keys and certificates you require to set up TLS, VPN
(IPsec, OpenVPN) and SINEMA RC.
●The device contains a pre-installed X.509 certificate with key. Replace this certificate with
a self-made certificate with key. We recommend that you use a certificate signed by a
reliable external or internal certification authority.
●Use the certification authority including key revocation and management to sign the
certificates.
●Make sure that user-defined private keys are protected and inaccessible to unauthorized
persons.
●Verify certificates and fingerprints on the server and client to prevent "man in the middle"
attacks.
●It is recommended that you use password-protected certificates in the PKCS #12 format
●It is recommended that you use certificates with a key length of at least 2048 bits.
●Change keys and certificates immediately, if there is a suspicion of compromise.
Secure/non-secure protocols
●Avoid or disable non-secure protocols, for example Telnet and TFTP. For historical
reasons, these protocols are still available, however not intended for secure applications.
Use non-secure protocols on the device with caution.
●Avoid or disable non-secure protocols. Check whether use of the following protocols is
necessary:
–Broadcast pings
–Non authenticated and unencrypted interfaces
–ICMP (redirect)
–LLDP
–Syslog
–DHCP Options 66/67
–TFTP
Security recommendations
SCALANCE S615
Operating Instructions, 08/2018, C79000-G8976-C389-04 11
●The following protocols provide secure alternatives:
–SNMPv1/v2 → SNMPv3
Check whether use of SNMPv1 is necessary. SNMPv1 is classified as non-secure.
Use the option of preventing write access. The product provides you with suitable
setting options.
If SNMP is enabled, change the community names. If no unrestricted access is
necessary, restrict access with SNMP.
–HTTP → HTTPS
–Telnet → SSH
–TFTP → SFTP
●Use secure protocols when access to the device is not prevented by physical protection
measures.
●To prevent unauthorized access to the device or network, take suitable protective
measures against non-secure protocols.
●If you require non-secure protocols and services, activate these at interfaces that are
located within a protected network area.
●Using a firewall, restrict the services and protocols available to the outside to a minimum.
●For the DCP function, enable the "DCP read-only" mode after commissioning.
Available protocols per port
The following list provides you with an overview of the open ports on this device. Keep this in
mind when configuring a firewall.
The table includes the following columns:
●
Protocol
All protocols that the device supports
●
Port number
Port number assigned to the protocol
●
Port status
–Open
The port is always open and cannot be closed.
–Open (when configured)
The port is open if it has been configured.
Security recommendations
SCALANCE S615
12 Operating Instructions, 08/2018, C79000-G8976-C389-04
●
Default port status
–Local access
Default port status of the port when the port is accessed via a local connection, e.g.
via LAN.
–External access
Default port status of the port when the port is accessed via an external connection,
e.g. WAN, WLAN, VPN.
●
Authentication
Specifies whether or not the protocol is authenticated during access.
●
Encryption
Specifies whether the transfer is encrypted.
Protocol
Protocol/port
number
Port status
Default port status
Authentication
Encryption
Local access
External
access
SSH
SFTP
TCP/22 Open
(when configured)
Open Closed Yes Yes
HTTP
TCP/80 Open
(when configured)
Open Closed Yes No
HTTPS
TCP/443 Open Open Closed Yes Yes
SNTP
UDP/123 Open
(only outgoing)
Closed Closed No No
SNMP v1/v3
UDP/161 Open
(when configured)
Open Closed Yes Yes (when confi-
gured)
DNS Server
TCP/53 Open
(when configured)
Open Closed No No
DNS Client
UDP/53 Open
(when configured)
Open Closed No No
Syslog
UDP/514 Open
(only outgoing)
Closed Closed No No
IPsec/IKE
UDP/500
UDP/4500
Open
(when configured)
Closed Open Yes Yes
DHCP server
UDP/67
Open
(when configured)
Open Closed No No
DHCP server
UDP/67
Open
(when configured)
Open Closed No No
NTP client
UDP/123 Open
(only outgoing)
Closed Closed No No
NTP server
UDP/123
Open
Closed
Closed
No
No
Siemens Remote
Service
(cRSP/SRS)
TCP/443 Open
(only outgoing)
Closed Closed Yes Yes
PROFINET
UDP/34964
Open
Open
Open
No
No
Security recommendations
SCALANCE S615
Operating Instructions, 08/2018, C79000-G8976-C389-04 13
Protocol
Protocol/port
number
Port status
Default port status
Authentication
Encryption
Local access
External
access
OpenVPN to
SINEMA RC
TCP, UDP
depending
on server
config [only
with Key-
Plug]
Open
(only outgoing)
Closed Closed Yes Yes
TFTP
UDP/69 Open
(only outgoing)
Closed Closed No No
DynDNS
TCP/80 Open
(only outgoing)
Closed Closed No No
Telnet
TCP/23 Open
(when configured)
Open Closed Yes No
Ping
ICMP
Open
Open
Closed
No
No
RADIUS client
UDP/1812
UDP/1813
Open
(when configured)
Closed Closed No No
TIA Portal Cloud
Connector
1)
TCP/9023
(variable)
Open
(when configured)
Open Closed No No
SMTP
TCP/25 Open
(only outgoing)
Closed Closed No No
HTTP proxy
TCP/variable Open
(only outgoing)
Closed Closed No No
1) Only with SCALANCE M804PB
Security recommendations
SCALANCE S615
14 Operating Instructions, 08/2018, C79000-G8976-C389-04
SCALANCE S615
Operating Instructions, 08/2018, C79000-G8976-C389-04 15
Description of the device
2
2.1
Product characteristics
Interfaces
Functionality
S615
Ethernet interface
5 x RJ-45 10 / 100 Mbps
Digital input/output
1/1
Scope of delivery
The following components ship with the product:
●One device
●1 x 5-terminal block for the power supply
●1 x 2-terminal block for the digital output
●1 x 2-terminal block for the digital input
●Documentation CD
Note
Not included with the product
The following components do not ship with the product:
•
C-PLUG / KEY-PLUG
You will find more detailed information in "C-PLUG and KEY-PLUG (Page 24)".
Article numbers
Type
Description
Article number
SCALANCE S615
Security router
6GK5 615-0AA00-2AA2
Description of the device
2.2 Unpacking and checking
SCALANCE S615
16 Operating Instructions, 08/2018, C79000-G8976-C389-04
2.2
Unpacking and checking
Unpacking and checking
WARNING
Do not use any parts that show evidence of damage
If you use damaged parts, there is no guarantee that the device will function according to
the specification.
If you use damaged parts, this can lead to the following problems:
•Injury to persons
•Loss of the approvals
•Violation of the EMC regulations
Use only undamaged parts.
1. Make sure that the package is complete.
2. Check all the parts for transport damage.
Description of the device
2.3 Accessories
SCALANCE S615
Operating Instructions, 08/2018, C79000-G8976-C389-04 17
2.3
Accessories
You will find further information on the accessories program for the S615 in the Industry Mall
(https://mall.industry.siemens.com/mall/en/WW/Catalog/Products/10034139?tree=CatalogTr
ee#).
Type
Properties
Article number
C-PLUG Exchangeable storage medium (32 MB) for the
configuration data
6GK1900-0AB00
Exchangeable storage medium (256 MB) for the
configuration data
6GK1900-0AB10
KEY-PLUG SINEMA
RC
Exchangeable storage medium (256 MB) to enable
the connection functionality to SINEMA Remote
Connect and for storing configuration data.
6GK5908-0PB00
19" mounting frame SCALANCE M-800 19" mounting frame for installa-
tion in the 19" rack
1 height unit for SCALANCE S615
6GK5898-8MR00
Desktop pedestal SCALANCE M-800 desktop pedestal for table
mounting for SCALANCE M812 / M816 / M874-X /
M876-X / S615
6GK5898-8MD00
Description of the device
2.4 Terminals
SCALANCE S615
18 Operating Instructions, 08/2018, C79000-G8976-C389-04
2.4
Terminals
The device has the following terminal strips.
Connectors and terminal markings
①Input for the power supply
L1, M2, L2, M2
Terminal strip with five screw connectors
②Functional ground
③
Digital input
+DI, -DI
Terminal strip with two screw connectors
④
Digital output
+DO, -DO
Terminal strip with two screw connectors
Terminals ①- ④
Screwdriver blade
0.4 x 2.5 (DIN 5264)
Clamping screw
M2
Tightening torque
0.2 Nm - 0.25 Nm
AWG
28 AWG
16 AWG
Description of the device
2.4 Terminals
SCALANCE S615
Operating Instructions, 08/2018, C79000-G8976-C389-04 19
Terminals ①- ④
Wire end ferrule without plastic collar to DIN
46228/1
0.2 mm21.5 mm2
Wire end ferrule with plastic collar to DIN
46228/4
0.2 mm21.5 mm2
Stripped length
7 mm
7 mm
See also
Grounding (Page 41)
Description of the device
2.5 LED display
SCALANCE S615
20 Operating Instructions, 08/2018, C79000-G8976-C389-04
2.5
LED display
LED
Status
Meaning
F
OFF
No fault/error.
ON
The device is starting up or an error has occurred.
Flashing
The bootloader waits in this state for new firmware file that you can
download by TFTP.
Flashing
at the inter-
val: 2000 ms
on / 200 ms
off
Firmware on PLUG
The device is performing a firmware update or downgrade.
Other manuals for SIMATIC NET SCALANCE S615
2
Table of contents
Other Siemens Firewall manuals
Popular Firewall manuals by other brands
D-Link
D-Link NetDefend DFL-260E manual
McAfee
McAfee Manager Appliance quick start guide
Fortinet
Fortinet FortiGate 500 Installation and configuration guide
Fortinet
Fortinet FortiGate 224B installation guide
Fortinet
Fortinet FortiGate FortiGate-800 install guide
Fortinet
Fortinet FortiGate 3600 quick start guide
PaloAlto Networks
PaloAlto Networks M-300 Hardware reference
H3C
H3C SecPath F5000 Series Compliance and Safety Manual
Freedom9
Freedom9 freeGuard Slim 100 Specifications
Mooltipass
Mooltipass Mini BLE user manual
ZyXEL Communications
ZyXEL Communications ZyWALL 1050 Cli reference guide
Barracuda
Barracuda F100 quick start guide