Modbus Tcp Over Internet


SpyrosABB

Recommended Posts

Hello everyone,

I have an apllication where I need to poll with modbus TCP some devices which are located to sollar plants and have

access to the internet.

How is this going to be implemented? Do I need static IP to address to the devices or can I use a dynamic DNS service?

Link to comment
Share on other sites

You really should use VPN or some other secure method to protect your devices. Exposing a Modbus TCP device to the internet is just asking for troubles. So, the answer is: yes, you need a static IP (not dynamic DNS), but that static IP should be a non-routable, local IP address (i.e. 192.168.x.x or 10.x.x.x) and you should use VPN to get from one location to the other.

Link to comment
Share on other sites

You really should use VPN or some other secure method to protect your devices. Exposing a Modbus TCP device to the internet is just asking for troubles. So, the answer is: yes, you need a static IP (not dynamic DNS), but that static IP should be a non-routable, local IP address (i.e. 192.168.x.x or 10.x.x.x) and you should use VPN to get from one location to the other.

thank you
Link to comment
Share on other sites

  • 8 months later...

You are really getting outside the realm of what we can advise on.  Network security is very complicated, and with SCADA systems it really must be done correctly.  That is why I recommend DAQConnect.com since using this service eliminates the issues of opening up firewalls to give external access.

 

Just because a lot of sites might use openVPN doesn't make it the best solution.  And those sites were hopefully setup by IT professionals and not the system integrator.  Its kind of like demolitions.  You really want to let the professionals that do it all the time handle the dynamite, not the general contractor.  Don't assume that you have a secure system.  Get professional help when you want to grant external access or use a product like DAQConnect that does not require opening holes.

 

And, most importantly, whether you are providing external access or not: make sure you have safety systems in place that are completely independent of all logic.  That means not connected through any PLC's or computers.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.