I am using Ignition7.8 and the Legacy ControlLogix driver. It is at a remote facility that has a sierra wireless rv50 modem on it. I am not familiar with the AB PLC’s so this is fairly new to me. When I am setting up the device which IP address do I use? I assume I need to use the IP of the rv50 and the slot number, but my assumptions have been wrong so far. Can anyone point me in the right direction?? Thanks Dustin
Depends on the VPN technology the rv50 contains (I’m not familiar with it). Something has to point at the target PLC’s IP address, either Ignition, or an rv50 port map, or an Ethernet/IP connection path.
If the rv50 is connecting a public IP address to your plant without a VPN, I can’t help. AB PLC security isn’t good enough to ever allow that.
As @pturmel pointed out this should only be done on a private network, and I would go further and say that it should be done on a vlan which has been designated for the purpose and is separate from any normal business networks. The WAN should be set up with network mapping of some sort so that there is an IP which will ping directly to the Ethernet Adapter in the rack. Essentially the IP address that you use to go online (via RSLogix 5000) with the processor is the IP which you should use to set up the driver for the device.
Sorry for the delay, I took the weekend off. I understand the security concerns, and the cellular modem does have a VPN option, but its not something I am interested in using at the current moment. For other devices I use the Cell Modems static IP and then map a port inside that has the PLC’s IP address. Then from my opc I use the modems static ip colon port number (example 10.10.10.10:1234). My problem is when I put that syntax into the ignition device, Hostname - Connectivity it replies with an error that states that’s not a valid ip address. I guess I’m looking for more specific help regarding the Sierra Wireless modem configuration and Ignition device setup.
Sorry, but this is incoherent. You describe pinholing from a public static IP directly to other devices. Which means you don't understand the security concerns. I can't participate further in this thread.
What your explaining is a VNC type connection. If you are wanting to be able to program the ControlLogix PLC you will have to use a VPN type connection.
A VPN Tunnel actually creates a bridge between the two different networks and allows access to both just as if they was 1(one) single network. VPN Tunnels are very secure. (If set up correctly)
A VNC connection is only capable if there is a VNC Server that you can log into. So you could have a PC that is connected to the controlLogix and the PC run a VNC Server “app” then you could connect to the PC which you could then run RSLogix5000 and do what ever you need but this is defiantly NOT a secure path.
So after much frustration, I finally found someone to guide me to what I needed. I had to setup the port forwarding in the cell modem as mentioned, but in the Ignition device setup you need to put the static IP of the cell modem and under the connection path is where you put the port. Included is a screen shot of the ignition setup and of the cell modem setup.
If I understand correctly, because you’ve exposed your PLC to controls signals from the open internet, unauthenticated. Anyone with the right IP and port can issue commands to perform real world actions. And port scanners mean security through obscurity simply isn’t a thing - see services like https://www.shodan.io.
I reread the thread again and spotted why @pturmel seems upset. It is not a public IP as he stated, but a private one, I neglected to specify. The IP address of the cell modem is on a private APN through the cell carrier and is only accessible through a certain IP range within my companies network. @PGriffith Does that still pose the same security risks?