And Over Continuum Net Controler

Andover Continuum
Network Security Configuration Guide

© 2010, Schneider Electric
All Rights Reserved
No part of this publication may be reproduced, read or stored in a retrieval system, or

transmitted, in any form or by any means, electronic, mechanical, photocopying, recording,
or otherwise, without prior written permission of Schneider Electric.
This document is produced in the United States of America.
Product Names are trademarks of Schneider Electric. All other trademarks are the prop-
erty of their respective owners.
Title: Andover Continuum Network Security Configuration Guide
Revision: B
Date: February, 2010
Schneider Electric part number: 30-3001-996
Controller names and version number: NetController II model 9680 version 2.0 and ACX
57x0 first-release firmware.
Software application version number: Andover Continuum CyberStation Version 1.8
The information in this document is furnished for informational purposes only, is subject
to change without notice, and should not be construed as a commitment by Schneider Elec-
tric. Schneider Electric assumes no liability for any errors or inaccuracies that may appear
in this document.
Schneider Electric
One High Street
North Andover, MA 01845
Phone: (978) 975-9600
Fax: (978) 975-9782
http://www.schneider-electric.com/buildings
Network Security Configuration
Guide
30-3001-996
Revision B
February, 2010
About this Manual
What’s in this Manual

This manual contains the following content:
z Chapter 1, Network Security Configuration Overview, describes the

steps required for establishing network security on both the
controller and the CyberStation workstations that communicate
with the controller.
z Chapter 2, Configuring the Controller, presents the procedures to
configure network security on the controller
z Chapter 3, Configuring the Workstation, presents the procedures to
configure security on the CyberStation workstations that
communicate with the controller.
z Chapter 4, Activating Network Securing for the Controller, presents
procedures to activate the network security configuration on both
existing and new controllers.
Network Security Configuration Guide 5

About this Manual
Related Documentation
For additional or related information, refer to these documents.
Document Document
Number
NetController II Installation Instructions 30-3001-994
NetController II Operation and Technical Reference Guide 30-3001-995
ACX 57xx Series Controller Installation Instructions TBD
ACX 57xx Controller Operation and Technical Reference TBD
Guide
Andover Continuum CyberStation Configurator’s Guide 30-3001-781
See also the Continuum CyberStation online help.
Symbols Used
The Notes, Warnings and Cautions used in this manual are listed
below.
Note: Contains additional information of interest to the user.
CAUTION or WARNING
Type of hazard
How to avoid hazard.
Failure to observe this precaution can result in injury or equipment
damage.
6 Schneider Electric
Contents
Chapter 1 Security Configuration Overview ........................................ 5

Securing IP Controllers Overview .................................................. 6
Before Getting Started .................................................................... 7
Chapter 2 Configuring the Controller ................................................... 9

Determining if the Network Security Option is Enabled .............. 10
Configuring a Controller for Secure Communication ................... 11
Accessing the Network Security Configuration Web Page ......... 12
Configuring the Controller for the Preferred Security ............... 13
Peer to Peer Security Configuration .......................................... 13
Network Security Options .......................................................... 14
Web Server Security Options ..................................................... 14
Submit the Changes for Network Security Configuration ......... 15
Chapter 3 Configuring the Workstation ............................................... 17

Importing the IPSec Security Policy .............................................. 18
Editing the Imported Security Policy ............................................ 22
Assigning the Imported Security Policy ........................................ 25
Exporting the Modified Security Policy ......................................... 26
Chapter 4 Activating Network Security for the Controller .................. 29

Setting the Network Security Attribute of an Existing Controller 30
Creating a New Controller in CyberStation .................................. 32

Contents
Chapter 1
Security Configuration
Overview
This chapter presents a brief overview of the major steps for

establishing network security on a new network controller, such as the
NetController II 9680 or the ACX 57x0, and it provides the
requirements checklist for hardware, software, communication, and
access privileges.
Topics include:
z Securing IP Controller Overview

z Before Getting Started

Chapter 1: Security Configuration Overview
Securing IP Controllers Overview

The communication between the controller and workstation is secured
using Internet Protocol Security (IPSec) and the Internet Key
Exchange Protocol (IKE).
IPSec, a set of extensions to the IP protocol family, ensures data

authentication, integrity, and encryption or authentication and
integrity only of IP packets.
IKE securely negotiates the properties of the security associations of

IPSec enabled peers, such as Andover Continuum controllers and
workstations, once all of the following tasks have been addressed.
Configuring Network security for the newest generation of Schneider

Electric controllers includes the following steps:
Task 1: Determine if network security is enabled for the controller
Task 2: Configure controller for secure communication
Task 3: Configure network security on the workstation
Task 4: Activate network security for the controller
The following table provides a brief overview of the configuration

process and the major tasks defined in this manual.
Task Configured In Description

Task 1 CyberStation software Determines whether or not your site
(Chapter 2) has purchased the network security
option for this NetController II 9680
or ACX 57x0 controller.
Task 2 Controller Configured network security
(Chapter 2) settings inside the controller.
Task 3 Workstation Imports, edits, assigns, and exports
(Chater 3) the local Schneider Electric network
security policy on the workstation.
Task 4 CyberStation sofware Sets the Network Security attributes
(Chapter 4) for an existing controller or a new
controller.
Before Getting Started

Before you start configuring your controllers and workstations, make
sure you have the required hardware and software to configure
network security successfully.
Table 1 Required Hardware and Software

WorkStation Continuum CyberStation v1.8 (and higher)
Software Windows XP SP2, Windows 2000 SP4,
Windows Server 2003
Controller NetController II 9680
Hardware ACX 57x0 series
Access Administrative privileges on the workstation
Privileges to configure the Local Secity Policy.
Administrative privileges on the controller to
logon to the Web configuration pages and
configure Network Security Properties.
Network IP You must know the static IP address for each
Addresses workstation.
You must have an available static IP address
for each controller.
Note: You may need to contact your Network Administrator to get the
IP addresses.
Note: Older versions of Andover Continuum controllers do not support

network security. However, the new versions of CyberStation
and the new controllers, such as NetController II 9680 and ACX
57x0, can be configured to communicate with controllers that do
not support network security.

Chapter 2
Configuring the Controller
This chapter presents the procedures for configuring network security

on the controllers.
Topics include:
z Determining if the Network Security Option is Enabled

z Configuring a Controller for Secure Communication
z Configuring a Controller for Secure Communication in FIPS 140-2
Validated Mode

Chapter 2: Configuring the Controller
Determining if the Network Security Option is Enabled

To determine if the Network Security option is enabled on the
controller, complete this procedure
Note: On Andover Continuum controllers, Network Security is not

enabled by default and must be purchased as a separately sold
option from Schneider Electric.
Step 1: From the Continuum Explorer, edit the online controller
Step 2: Select the Options tab on the Infinity Controller editor and
check the value of the Network Security option.
If the Network Security option value is “Enabled,” proceed to:
Configuring a Controller for Secure Communication. If the
Network Security option value says “Disabled,” continue with
the next step.
Step 3: Click the Update OS button, and load the appropriate UPD
file, which was provided when you purchased the Network
Security option from Schneider Electric, to enable the Network
Security option for this controller.
Step 4: When you have completed the update, verify that the
controller has returned online.
Step 5: Select the Options tab on the Infinity Controller editor and
verify that the Network Security option is set to “Enabled.”
Configuring a Controller for Secure Communication

To configure a controller, complete the steps in the following sections.

Note: If a controller has the Network Security option enabled, you

must access and configure the controller using a Web browser.
Accessing the Network Security Configuration Web Page

To access the controller's Web configuration page, log in as an
administrative user and navigate to the Network Security
Configuration Web page. For instructions on logging in and
navigating, see the NetController II Operation and Technical Reference
Guide 30-3001-995, or the ACX 57xx Series Controller Operation and
Technical Reference Guide, 30-3001-999
Configuring the Controller for the Preferred Security

When you are configuring the controller on the Network Security
Configuration Web page, you can set the following security options:
z Peer to Peer Security Configuration-- These options allow each

workstation and controller to communication with each other and
authenticate each other’s identity using the same Shared
Authorization Secret.
z Network Security Options -- These options allow for different
levels of network security, including no security (the factory
default), a network security policy requiring that all Andover
Continuum traffic be authenticated, or a network security policy
requiring that all Andover Continuum traffic be authenticated and
encrypted.
z Web Server Security Options -- This option allows for applying
the network security level selected under Network Security Options
to the controllers Web Server. The network security level will be
applied to all of the Web Configuration and Plain English Web
pages if this option is turned on.
Peer to Peer Security Configuration
To configure Peer to Peer Security, complete this procedure:
Step 1: In the Enter Code field, enter an Authentication Secret

for Key Negotiation. The secret may be any ASCII string up
to 32 characters.
Note: The default secret from the factory is “itsasecret”. You must
remember the secret that you enter here for later use. All
controllers and CyberStations that need to communicate
securely must be configured with the same secret.
Step 2: You must re-enter the same secret in the Confirm Code field
to confirm your secret.
Step 3: If this controller will be required to communicate with legacy

controllers that do not support network security or controllers
that have network security disabled on the same logical

network, select Allow communication with unsecured

controllers.
Step 4: If this controller will only communicate with secure peers,

select Do not allow communication with unsecured
controllers.
Network Security Options
To configure the Network Security Options, complete this

procedure:
Step 1: Keeping the default selection, No Network Security, allows

this controller to communicate unsecurely, without network
security.
Step 2: Selecting Authentication Only authenticates packets only.

Choosing this option will allow packet snooping of the
Schneider Electric Andover Continuum Protocol on the wire.
However, packets may not be replayed to the controller and
the controller will disregard any packets that have had their
data altered by an intrusive third party.
Step 3: Selecting Authentication and Encryption authenticates

and encrypts packets. Choosing this option does not allow
snooping of the Schneider Electric Andover Continuum
Protocol on the wire, as the data are encrypted. Packets may
not be replayed to the controller and the controller will
disregard any packets that have had their data altered by an
intrusive third party.
Note: You must remember the option you selected for later use. All
controllers and CyberStations that will communicate securely
MUST be configured with the same option.
Web Server Security Options
To configure the Web Server Security Options, complete this procedure:
Step 1: Selecting Do not apply Security to Web pages will allow all
Web communication to be unsecured and allows sniffing of the
http protocol.
Step 2: Selecting Apply Security to Web Pages secures the Web

communication with the selected Network Security Option.
Note: If this option is selected, it is recommended that the default Web

port be changed from TCP Port 80, to Port 33920. You can make
this change on the controller’s Controller Network
Configuration Web page. Refer to the NetController Operation
and Technical Reference Guide, 30-3001-995, and the ACX 57xx
Series Controller Operational and Technical Reference Guide,
30-3001-999. Submit the Changes for Network Security
Configuration
Submit the Changes for Network Security Configuration

To submit changes, follow this procedure.
Step 1: Review all changes.

Note: After submitting changes, informational messages that signify

the configuration changes are displayed on the bottom of the
page.
Step 2: To commit the changes and restart the controller, navigate to

the Commit Changes page and then click Commit
Changes/Restart Controller.
Changes take effect when the controller restarts.
Configuring a Controller for Secure Communication in

FIPS 140-2 Validated Mode
To configure a controller for Secure Communication in FIPS 140-2
validated mode, complete the steps in the following sections.
In order to configure the controller to operate in a FIPS 140-2 validated

mode, the controller must have the “Network Security - FIPS 140-2
validated” option enabled.
To verify the FIPS 140-2 option is enabled:
Step 1: Navigate to the controller’s Web configuration page.
Step 2: Log in as an administrator
Note: For instructions on logging in and navigating, refer to the

NetController II Operation and Technical Reference Guide, 30-
3001-995, or the ACX 57xx Series Controller Operation and
Technical Reference Guide, 30-3001-999.
Step 3: Select “Option Settings” from the menu. The Network Security
option should be listed as “Enabled - FIPS 140-2”

Accessing the Network Security Configuration Web Page

When configuring the controller to operate in FIPS 140-2 validated
mode, specific steps must be taken for the initial security configuration.
In order to complete these steps you must connect directly from your
laptop or PC’s Ethernet port to the controller’s Ethernet port using a
RJ-45 cable.
Perform the following steps to start the initial configuration.
Step 1: Be sure to have a copy of the

TACEncryptAndAuthenticatePolicy.ipsec file on the laptop or
PC that you will be using to configure the controller. This file
can be found at: <install drive>:\Program
Files\Continuum\Network Security\
Step 2: Set your laptop or PC’s IP address to an address in the range

of 169.254.1.2-254
Step 3: Directly connect an RJ-45 cable between your laptop or PC and

the controller’s Ethernet port.
Step 4: Access the controller’s Web configuration page using a Web

browser on your laptop or PC by navigating to the controller’s
default IP address at http://169.254.1.1
Step 5: Log in as an administrative user and navigate to the Network

Security Configuration Web page.
Note: For instructions on logging in and navigating, refer to the

NetController II Operation and Technical Reference Guide, 30-
3001-995, or the ACX 57xx Series Controller Operation and
Technical Reference Guide, 30-3001-999.

Configuring the Controller for the Preferred Security
When configuring the controller on the Network Security Configuration

Web page, you can set the following security options:
z Peer to Peer Security Configuration - These options allow each

workstation and controller to communicate with each other and
authenticate each other’s identity using the same Shared
Authorization Secret.
z Network Security Options - These options allow for different
levels of network security, including no security (the factory
default), a network security policy requiring that all Andover
Continuum traffic be authenticated, or a network security policy
requiring that all Andover Continuum traffic be authenticated and
encrypted.
z Web Server Security Options - This option allows for applying
the network security level selected under Network Security Options
to the controller’s Web server. The network security level will be
applied to all of the Web Configuration and Plain English Web
pages if this option is turned on. Select this option when the
controller is being configured to run in FIPS 140-2 validated mode.
Peer to Peer Security Configuration
To configure Peer to Peer Security, complete this procedure:
Step 1: In the Enter Previous Code field, enter an Authentication

Secret for Key Negotiation. The secret may be any ASCII
string with a minimum length of 8 characters and a maximum
of 32 characters.
Note: The default secret from the factory is “itsasecret”. You must
remember the secret that you enter here for later use. All
controllers and CyberStations that need to communicate
securely must be configured with the same secret.
Note: The first time the controller is configured for Network Security
in FIPS 140-2 validated mode, the connection to the controller is
unsecured. After configuring the controller for Network Security
in FIPS 140-2 validated mode for the first time, you may then go
back and change the Authentication Secret from the factory
default to a more secure secret of your choice.
Step 2: You must re-enter the same secret in the Enter New Code
field.
Step 3: You must re-enter the same secret in the Confirm New Code
field.
Step 4: If this controller will be required to communicate with legacy

controllers that do not support the network security or
controllers that have network security disabled on the same
logical network, select Allow communication with
unsecured controllers.
Step 5: If this controller will only communicate with secure peers,

select Do not allow communication with unsecured
controllers.

Network Security Options
To configure the Network Security Options, complete this

procedure:
Step 1: Keeping the default selection, No Network Security, allows

this controller to communicate unsecurely, without network
security. In this configuration, FIPS 140-2 validated mode will
be disabled.
Step 2: Selecting Authentication Only authenticates packets only.

Choosing this option will allow packet snooping of the
Schneider Electric Andover Continuum Protocol on the wire.
However, packets may not be replayed to the controller and
the controller will disregard any packets that have had their
data altered by an intrusive third party.
Step 3: Selecting Authentication and Encryption authenticates

and encrypts packets. Choosing this option does not allow
snooping of the Schneider Electric Andover Continuum
Protocol on the wire, as the data are encrypted. Packets may
not be replayed to the controller and the controller will
disregard any packets that have had their data altered by an
intrusive third party.
Note: You must remember the option you selected for later use. All
controllers and CyberStations that will communicate securely
MUST be configured with the same option.
Web Server Security Options
To configure the Web Server Security Options, complete this

procedure:
Step 1: Selecting Do not apply Security to Web Pages will allow

all Web communication to be unsecured and allow sniffing of
the http protocol.
Step 2: Selecting Apply Security to Web Pages secures the Web

communication with the selected Network Security Option.
Note: This option should be selected when the controller is being

configured to run in FIPS 140-2 validated mode. If this option is
selected, it is recommended that the default Web port be
changed from TCP Port 80 to Port 33920. You can make this
change on the controller’s Controller Network
Configuration Web page. Refer to the NetController Operation
and Technical Reference Guide, 30-3001-995, and the ACX 57xx
Series Controller Operational and Technical Reference Guide,
30-3001-999.
Submit the Changes for Network Security Configuration

To submit the changes, follow this procedure:
Step 1: Review all changes.
Note: After submitting changes, informational messages that signify

the configuration changes are displayed on the bottom of the
page.

Step 2: To commit the changes and restart the controller, navigate to

the Commit Changes page and then click Commit
Changes/Restart Controller. Changes take effect when the
controller restarts.
Step 3: Follow the procedure in Chapter 3 “Configuring the

Workstation”, being sure to configure the workstation for Web
Security. Once the workstation has been configured for
Network Security, access the controller’s Web configuration
pages again. You will now be accessing the controller’s Web
pages securely and the controller will be operating in FIPS
140-2 validated mode.
Step 4: Log in to the controller’s Web page as an administrative user

and navigate to the Network Security Configuration page.
Validate that the controller displays that all Encryption
Algorithm Known Answer Tests have passed and that the
controller is running in FIPS 140-2 validated mode.
Note: Since security is now applied to the Web pages and the default
Web port changed from 80 to 33920, the following format must
be used to access the controller’s Web page securely:
http://<ip address>:<web port>/
Step 5: At this time you may securely enter an authorization secret of

your choosing.
Step 6: Now that the controller is operating in FIPS 140-2 validate

mode, you may configure the controller to use an IP address
that is appropriate for your network. Once the appropriate IP
address has been entered, you may disconnect your laptop or
PC from the controller and connect the controller to your
network.

Chapter 3
Configuring the Workstation
This chapter describes the procedures for configuring a CyberStation

workstation’s local security policy. The security configuration for each
workstation that communicates with a Schneider Electric network
controller must match the controller’s security configuration.
Topics include:
z Importing the IPSec Security Policy

z Editing the Imported Security Policy
z Assigning the Imported Security Policy
z Exporting the Modified Security Policy
Note: These procedures must be performed by a system administrator

and they must be performed on each CyberStation workstation
with which the controller will communicate.

Chapter 3: Configuring the Workstation
Importing the IPSec Security Policy

To import IPSec Security Policies, complete this procedure:
Step 1: From the Windows Control Panel, double click on

Administrative Tools.”
Step 2: From the Administrative Tools display, double click Local

Security Policy.
Step 3: From the Local Security Settings dialog, right click on IP

Security Policies on Local Computer.

Step 4: Select All Tasks from the popup menu, then select Import
Policies from the submenu.
Step 5: From the Open dialog, navigate to the Network Security

Policy folder: <install drive>:\Program
Files\Continuum\Network Security. If you installed
Continuum to another directory other than the default, the
files will reside at: <install path>\Network Security.
Step 6: If you configured the controller for Authentication Only,

select the TACAuthenticatePolicy.ipsec file. If you configured
the controller for Authentication and Encryption, select
the TACEncryptAndAuthenticatePolicy.ipsec file.
Step 7: Click Open to import the policy.
Step 8: Verify that the appropriate policy--TAC Encrypt and

Authenticate or TAC Authenticate--is now available under
Local Security Settings.

Editing the Imported Security Policy

To edit imported security policies, complete this procedure:
Step 1: Double click the name of the imported security policy. The
TAC Encrypt and Authenticate Properties dialog
appears.
Step 2: If you configured the controller for Web Security, enable the
TAC Web Server Filter in the IP Security rules list by
checking the check box on the Rules tab. If you did not
configure the controller for Web Security, leave the check box
unchecked.
Step 3: For each TAC rule in the list, click Edit. For each, the Edit
Rule Properties dialog appears.
Step 4: Select the Authentication Methods tab, select the

Preshared Key method, and click Edit.

Step 5: In the Edit Authentication Method Properties dialog,

enter the same secret here that was entered in the controller.
Step 6: Repeat setting the Authentication Secret for each rule in the
list
Note: The secret entered here is not a hidden field. Access to the Local
Security Policy tool is restricted to users with administrative
privileges on the machine. In order to protect access to the
shared secret, all other users of the machine that will run
CyberStation should be restricted to Windows “Power Users.”
Assigning the Imported Security Policy

To assign imported security policies, complete this procedure:
Step 1: Right click on TAC Encrypt and Authenticate or TAC

Authenticate, depending on which Security Policy you
imported, and select Assign.
Step 2: IPSec Security Policy is now enabled, and the workstation can
communicate to security enabled controllers.

Exporting the Modified Security Policy

For installations where there are multiple CyberStation workstations,
the edited security policy may be exported for use on other
CyberStations. This will allow for importing the modified policy on the
other CyberStation workstations without having to edit the policy on
each.
Step 1: From the Local Security Settings dialog, right click on IP

Security Policies on Local Computer.
Step 2: Select All Tasks from the popup menu, then select Export
Policies from the submenu.
Step 3: From the Save As dialog, select an appropriate directory, or

create a new directory, to which the modified policy will be
exported.
Step 4: Provide an appropriate file name for the modified policy to be

exported and click the Save button.
Step 5: Import the exported IPSec policy file to the other

CyberStations that are installed, and assign the policy.

Chapter 4
Activating Network Security
for the Controller
When a CyberStation workstation has the local security policy that

allows it to communicate securely with the controller's devices, the
security attribute of the existing controllers can be turned on, or a new
controller with the security attribute can be created. This chapter
describes the following procedures.
Topics include:
z Setting the Network Security Attribute of an Existing Controller

z Creating a New Controller in CyberStation

Chapter 4: Activating Network Security for the Controller
Setting the Network Security Attribute of an Existing

Controller
In CyberStation, set the Network Security attribute of an existing
controller, complete the procedure:
Step 1: Enter offline editing mode in CyberStation.
Step 2: Bring up the InfinityController editor for that controller.
Step 3: Check the Network Security check box, and click Apply.
Step 4: Enter online editing mode.
Step 5: Verify that the controller is online.
Step 6: Teach the controller.
For more information on configuring controllers in CyberStation and

the teach function, please see the Continuum online help and the
Andover Continuum CyberStation Configurator’s guide, 30-3001-781.

Creating a New Controller in CyberStation

To create a new controller in CyberStation, complete this procedure:
Step 1: In the Continuum Explorer, create a new InfinityController

object.
Step 2: On the General tab, select 9680 from the Controller Type
dropdown menu.
Step 3: Enter the appropriate ACCNetID.
Step 4: Check the Network Security checkbox.
Step 5: On the Network tab, enter the appropriate network settings.
Step 6: Click Apply.
Step 7: Verify that the controller is online.
Step 8: Teach the controller.
For more information on configuring controllers in CyberStation and

the teach function, please see the Continuum online help and the
Andover Continuum CyberStation Configurator’s guide, 30-3001-781.

Network Security Configuration Guide
Document Number 30-0001-996
Revision B

And Over Continuum Net Controler

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

And Over Continuum Net Controler

Uploaded by

Copyright:

Available Formats

Andover Continuum

Network Security Configuration Guide

All Rights Reserved

No part of this publication may be reproduced, read or stored in a retrieval system, or

This document is produced in the United States of America.

Title: Andover Continuum Network Security Configuration Guide

Date: February, 2010

Schneider Electric part number: 30-3001-996

Software application version number: Andover Continuum CyberStation Version 1.8

What’s in this Manual

z Chapter 1, Network Security Configuration Overview, describes the

Network Security Configuration Guide 5

See also the Continuum CyberStation online help.

Note: Contains additional information of interest to the user.

Chapter 1 Security Configuration Overview ........................................ 5

Chapter 2 Configuring the Controller ................................................... 9

Chapter 3 Configuring the Workstation ............................................... 17

Chapter 4 Activating Network Security for the Controller .................. 29

Network Security Configuration Guide 1

This chapter presents a brief overview of the major steps for

z Securing IP Controller Overview

Network Security Configuration Guide 3

Securing IP Controllers Overview

IPSec, a set of extensions to the IP protocol family, ensures data

IKE securely negotiates the properties of the security associations of

Configuring Network security for the newest generation of Schneider

Task 1: Determine if network security is enabled for the controller

Task 2: Configure controller for secure communication

Task 3: Configure network security on the workstation

Task 4: Activate network security for the controller

The following table provides a brief overview of the configuration

Task Configured In Description

Before Getting Started

Table 1 Required Hardware and Software

Note: Older versions of Andover Continuum controllers do not support

Network Security Configuration Guide 5

This chapter presents the procedures for configuring network security

z Determining if the Network Security Option is Enabled

Network Security Configuration Guide 7

Determining if the Network Security Option is Enabled

Note: On Andover Continuum controllers, Network Security is not

Step 1: From the Continuum Explorer, edit the online controller

Configuring a Controller for Secure Communication

Network Security Configuration Guide 9

Note: If a controller has the Network Security option enabled, you

Accessing the Network Security Configuration Web Page

Configuring the Controller for the Preferred Security

z Peer to Peer Security Configuration-- These options allow each

Peer to Peer Security Configuration

To configure Peer to Peer Security, complete this procedure:

Step 1: In the Enter Code field, enter an Authentication Secret

Step 3: If this controller will be required to communicate with legacy

Network Security Configuration Guide 11

network, select Allow communication with unsecured

Step 4: If this controller will only communicate with secure peers,

Network Security Options

To configure the Network Security Options, complete this

Step 1: Keeping the default selection, No Network Security, allows

Step 2: Selecting Authentication Only authenticates packets only.

Step 3: Selecting Authentication and Encryption authenticates

Web Server Security Options

To configure the Web Server Security Options, complete this procedure:

Step 2: Selecting Apply Security to Web Pages secures the Web

Note: If this option is selected, it is recommended that the default Web