Experion

Honeywell Modbus TCP Firewall

User Guide
EP-DCX595 Release Independent 05/2008

Notices and Trademarks

Copyright 2008 by Honeywell International Inc. Release Independent, May 2008

While this information is presented in good faith and believed to be accurate, Honeywell disclaims the implied warranties of merchantability and fitness for a particular purpose and makes no express warranties except as may be stated in its written agreement with and for its customers. In no event is Honeywell liable to anyone for any indirect, special or consequential damages. The information and specifications in this document are subject to change without notice. Honeywell, PlantScape, Icon Series, and TotalPlant are registered trademarks of Honeywell International Inc. Experion is a trademark of Honeywell International Inc. Other brand or product names are trademarks of their respective owners.

Honeywell International Process Solutions 2500 West Union Hills Drive Phoenix, AZ 85027

ii

Honeywell Modbus TCP Firewall User Guide Honeywell

05/2008 Release Independent

About This Document

Release Information
Document Name Honeywell Modbus TCP Firewall User Guide Document ID EP-DCX595 Release Number Release Independent Publication Date Initial Issue

References
The following list identifies all documents that may be sources of reference for material discussed in this publication.
Document Title Experion Control Hardware Planning Guide (general planning information) Fault Tolerant Ethernet Overview and Implementation Guide (information about switches and their configuration) Doc ID EP-DCXX25 EP-DSX245

05/2008 Release Independent

Honeywell Modbus TCP Firewall User Guide Honeywell

iii

38BSupport and Other Contacts

Support and Other Contacts

United States and Canada
Contact: Phone: Honeywell Solution Support Center 1-800-822-7673 (outside Arizona) 602-313-5558 (in Arizona) Calls are answered by dispatcher between 6:00 am and 4:00 pm Mountain Standard Time. Emergency calls outside normal working hours are received by an answering service and returned within one hour. 602-313-3293 Honeywell TAC, MS P13 2500 West Union Hills Drive Phoenix, AZ, 85027

Facsimile: Mail:

Europe
Contact: Phone: Facsimile: Mail: Honeywell TAC-EMEA +32-2-728-2732 +32-2-728-2696 TAC-BE02 Hermes Plaza Hermeslaan, 1H B-1831 Diegem, Belgium

Pacific
Contact: Phone: Facsimile: Mail: Honeywell Global TAC Pacific 1300-300-4822 (toll free within Australia) +61-8-9362-9559 (outside Australia) +61-8-9362-9564 Honeywell Limited Australia 5 Kitchener Way Burswood 6100, Western Australia [email protected]

Email:

iv

Honeywell Modbus TCP Firewall User Guide Honeywell

05/2008 Release Independent

38BSupport and Other Contacts

India
Contact: Phone: Facsimile: Mail: Honeywell Global TAC India +91-20- 6603-9400 +91-20- 6603-9800 Honeywell Automation India Ltd 56 and 57, Hadapsar Industrial Estate Hadapsar, Pune 411 013, India [email protected]

Email:

Korea
Contact: Phone: Facsimile: Mail: Honeywell Global TAC Korea +82-2-799-6317 +82-11-9227-6324 +82-2-792-9015 Honeywell Co., Ltd 17F, Kikje Center B/D, 191, Hangangro-2Ga Yongsan-gu, Seoul, 140-702, Korea [email protected]

Email:

Peoples Republic of China

Contact: Phone: Mail: Honeywell Global TAC China +86- 21-5257-4568 Honeywell (China) Co., Ltd 33/F, Tower A, City Center, 100 Zunyi Rd. Shanghai 200051, Peoples Republic of China [email protected]

Email:

Singapore
Contact: Phone: Facsimile: Mail: Honeywell Global TAC South East Asia +65-6580-3500 +65-6580-3501 +65-6445-3033 Honeywell Private Limited Honeywell Building 17, Changi Business Park Central 1 Singapore 486073 [email protected]

Email:

05/2008 Release Independent

Honeywell Modbus TCP Firewall User Guide Honeywell

38BSupport and Other Contacts

Taiwan
Contact: Phone: Facsimile: Mail: Honeywell Global TAC Taiwan +886-7-536-2567 +886-7-536-2039 Honeywell Taiwan Ltd. 17F-1, No. 260, Jhongshan 2nd Road. Cianjhen District Kaohsiung, Taiwan, ROC [email protected]

Email:

Japan
Contact: Phone: Facsimile: Mail: Honeywell Global TAC Japan +81-3-6730-7160 +81-3-6730-7228 Honeywell Japan Inc. New Pier Takeshiba, South Tower Building, 20th Floor, 1-16-1 Kaigan, Minato-ku, Tokyo 105-0022, Japan [email protected]

Email:

Elsewhere
Call your nearest Honeywell office.

World Wide Web

Honeywell Solution Support Online: http://www.honeywell.com/ps

Training Classes
Honeywell Automation College: http://www.automationcollege.com

vi

Honeywell Modbus TCP Firewall User Guide Honeywell

05/2008 Release Independent

Contents
1.
1.1 1.2

INTRODUCTION ............................................................................9
Modbus TCP Firewall pre-configuration .................................................................................9 Europe .................................................................................................................................10 USA ......................................................................................................................................10 Canada.................................................................................................................................11 Connecting to a Cisco switch ...............................................................................................13

About the Honeywell Modbus TCP Firewall ................................................. 9 Modbus TCP Firewall Certification .............................................................. 10

1.3

Modbus TCP Firewall in the Experion Network ......................................... 12

2.
2.1

INSTALLING MODBUS TCP FIREWALL ....................................15

Unpacking ............................................................................................................................15 Tools and Equipment ...........................................................................................................15

Preparing for installation.............................................................................. 15

2.2 2.3 2.4 2.5

Mounting the Modbus TCP Firewall ............................................................ 16 Wiring for DC Power ..................................................................................... 16 Starting up the Modbus TCP Firewall ......................................................... 17 Adding the Modbus TCP Firewall to the Network ...................................... 17

Network requirements ..........................................................................................................17 Connecting the firewall to the network .................................................................................18 About firmware and configuration files .................................................................................19 Updating configuration or firmware ......................................................................................19 Saving diagnostic information ..............................................................................................20

2.6

Updating firmware or configuration information ....................................... 19

3.
3.1 3.2 3.3

MONITORING MODBUS TCP FIREWALL ..................................21

Identifying the Modbus TCP Firewall ....................................................................................21 Modbus TCP Firewall alarm description ...............................................................................22 Modbus TCP Firewall status ................................................................................................24 Honeywell Modbus TCP Firewall User Guide Honeywell vii

Modbus TCP Firewall in Configuration Studio........................................... 21 Modbus TCP Firewall in Station Displays .................................................. 22 Modbus TCP Firewall faceplate and detail displays .................................. 23

05/2008 Release Independent

36BContents

Modbus TCP Firewall port statistics .................................................................................... 25

4.
4.1

TROUBLESHOOTING MODBUS TCP FIREWALL .................... 27

LED descriptions ................................................................................................................. 27 Load/Save LED Activity ....................................................................................................... 28

Diagnosing issues using the LED indicators .............................................27

viii

Honeywell Modbus TCP Firewall User Guide Honeywell

05/2008 Release Independent

1. Introduction
1.1 About the Honeywell Modbus TCP Firewall
The Honeywell Modbus Firewall is designed to be deployed between a Honeywell Experion system and other MODBUS/TCP devices for the protection of the Experion system. Modbus TCP Firewall pre-configuration To protect the Experion system, the Modbus TCP Firewall is preconfigured to block unnecessary traffic on both its secured and unsecured ports. The firewall allows MODBUS/TCP traffic through on TCP Port 502, which is the only port allowed for the Experion system connection. It further ensures that MODBUS Master Command traffic is only allowed from the Experion system, blocking any unsolicited traffic from MODBUS devices. Additionally, the Modbus TCP Firewall only allows Ethernet management traffic that is necessary for keeping the network operational, and limits that traffic to a rate of 1mbit per second.

05/2008 Release Independent

Honeywell Modbus TCP Firewall User Guide Honeywell

1. Introduction 1.2. Modbus TCP Firewall Certification

1.2
Europe

Modbus TCP Firewall Certification

Standard EN 60079-15:2005 Approved for II 3G Ex nA nC IIC T4 40C Ta +70C. Certificate No. MTL07ATEX9211X

Authority MTL

Conditions for safe use 1) The apparatus must be installed in an enclosure or an environment that provides a degree of protection not less than IP54. 2) The module must not be inserted or removed unless either: the area in which the apparatus is installed is known to be non-hazardous, or the circuit to which it is connected has been de-energized.

3) The 9-32V supply that provides the input to the module must be derived from a regulated power supply complying with the requirements of European Community Directives.

USA
Authority FM Standard FM 3600, FM 3611 FM 3810 Approved for NI/1/2/ABCD/T4 Ta = 70C 1/2/AEx nC/IIC/T4 Ta = 70C Certificate No. 3029914

Equipment Ratings: Non-incendive for Class I, Division 2, Groups A, B, C and D; Zone 2, AEx nC IIC T4 Ta =70C; in accordance with Control Drawing No. SCI-1032, indoor hazardous (classified) locations. Special Condition of Use: 1) In Class I, Division 2 installations, the subject equipment shall be mounted within a toolsecured enclosure which is capable of accepting one or more of the Class I, Division 2 wiring methods specified in the National Electrical Code (ANSI/NFPA 70). 2) In Class I, Zone 2 installations, the subject equipment shall be mounted within a tool-secured enclosure which is capable of accepting one or more of the Class I, Zone 2 wiring methods specified in the National Electrical Code (ANSI/NFPA 70). Where installed in outdoor or potentially wet locations, the enclosure shall, at a minimum, meet the requirements of IP54. Where installed in dry indoor locations, the enclosure shall, at a minimum, meet the requirements of IP4X.

10

Honeywell Modbus TCP Firewall User Guide Honeywell

05/2008 Release Independent

1. Introduction 1.2. Modbus TCP Firewall Certification

Canada
Authority FM Standard CAN/CSA E60079-0 CAN/CSA E60079-15 C22.2 No. 1010-1 Approved for IPA/1/2/ABCD/T4 Ta = 70C 1/2/Ex nL/IIC/T4 Ta = 70C Certificate No. 3029914C

Equipment Ratings: Non-sparking for Class I, Division 2, Groups A, B, C and D; Zone 2, Ex nL IIC T4 Ta =70C; in accordance with Control Drawing No. SCI-1032, hazardous indoor locations. Special Condition of Use: 1) In Class I, Division 2 installations, the subject equipment shall be mounted within a tool secured enclosure which is capable of accepting one or more of the Class I, Division 2 wiring methods specified in the Canadian Electrical Code (C22.2). 2) In Class I, Zone 2 installations, the subject equipment shall be mounted within a tool-secured enclosure which is capable of accepting one or more of the Class I, Zone 2 wiring methods specified in the Canadian Electrical Code (C22. 1). Where installed in outdoor or potentially wet locations, the enclosure shall, at a minimum, meet the requirements of IP54. Where installed in dry indoor locations, the enclosure shall, at a minimum, meet the requirements of IP4X. 3) The user shall take necessary measures to ensure that the supply voltage transients do not exceed 45V. 4) The user shall ensure that the field wiring insulation temperature is rated for 70C. 5) The material used in the construction of the final enclosure, shall not contain, by mass, more than 7.5% magnesium. 6) It is the responsibility of the manufacturer to provide warning markings in French where required by local jurisdictions.

05/2008 Release Independent

Honeywell Modbus TCP Firewall User Guide Honeywell

11

1. Introduction 1.3. Modbus TCP Firewall in the Experion Network

1.3

Modbus TCP Firewall in the Experion Network

The Modbus TCP Firewall can only connect to the Experion network through a Cisco Level 2 switch.

12

Honeywell Modbus TCP Firewall User Guide Honeywell

05/2008 Release Independent

1. Introduction 1.3. Modbus TCP Firewall in the Experion Network

Connecting to a Cisco switch Connect the protected side of the Modbus TCP Firewall to a Cisco Level 2 switch.

The interface connected to on the Cisco Level 2 switch must be an uplink with the speed and duplex settings configured to auto. The Modbus switch must be configured as a Level 1 switch, and the interface connected to must be an uplink with the speed and duplex settings configured to auto.

When you connect a Modbus device directly to a Cisco switch, the switch must be configured as a Level 1 switch or as a Level 1/Level 2 split switch with the devices connected to the Level 1 side. This affords the protection of a Level 1 switch with the interfaces already configured as auto speed. Modbus devices work most universally with auto speed configured. When Modbus devices connect to a Cisco switch which connects to a Level 2 switch through the Modbus TCP Firewall, only one level of switch is allowed under the Modbus TCP Firewall.

05/2008 Release Independent

Honeywell Modbus TCP Firewall User Guide Honeywell

13

1. Introduction 1.3. Modbus TCP Firewall in the Experion Network

14

Honeywell Modbus TCP Firewall User Guide Honeywell

05/2008 Release Independent

2. Installing Modbus TCP Firewall

2.1 Preparing for installation
Unpack the Modbus TCP Firewall and check it for damage. Do not use any parts that show evidence of damage. Tools and Equipment To install the Modbus TCP Firewall, you need: A 3mm straight blade screwdriver 9...32V DC supply with 350mA current (@24V) per firewall. A second (redundant) supply is optional. (Note: 22V DC minimum is required for 18V power fail detection option) Wire for DC power & power-fail connections Two ScTP Cat5, Cat5e or Cat6 cables to connect the Modbus TCP Firewall between the network and the equipment being protected A suitable 35mm DIN rail location to mount the firewall (optional - see mounting details) Unpacking

05/2008 Release Independent

Honeywell Modbus TCP Firewall User Guide Honeywell

15

2. Installing Modbus TCP Firewall 2.2. Mounting the Modbus TCP Firewall

2.2

Mounting the Modbus TCP Firewall

Use the following procedure to mount the firewall.
Step 1 2 Action At the back of the firewall, push out the mounting clips - top and bottom. Press the firewall firmly onto the DIN rail and push mounting clips back in. Check that the firewall grips the rail securely. Note: An alternative fixing method is to use M4 screws through the holes in the clips (152mm between canters - see diagram) for mounting the firewall to a panel. 3 Record the ID number (see label) & the installation location for future reference.

2.3

Wiring for DC Power

Note: These two plugs use cage-clamp screw terminals to accept a stripped wire, ranging in size from 24 to 12 AWG (0.2 - 2.5mm2). One or two DC power supplies may be connected to the Modbus TCP Firewall using the four-position connector plug (5-8) at the bottom of the Modbus TCP Firewall. Two power supplies will not share the current; the higher voltage supply will take the load. Power fail signals from the supplies may be used by connecting them to the connector plug (pins 1 & 2) at the top of the firewall device ground returns go to pin 3.

Power-Fail Connector

Power Connector

16

Honeywell Modbus TCP Firewall User Guide Honeywell

05/2008 Release Independent

2. Installing Modbus TCP Firewall 2.4. Starting up the Modbus TCP Firewall

2.4

Starting up the Modbus TCP Firewall

Power on the firewall and allow it to complete its startup sequence before you add it to the network. The Modbus TCP Firewall will not pass network traffic until it has executed its startup sequence. At power ON, all four LED indicators light up. At the end of the startup sequence, (after approximately 1 minute) the Fault and Event LED indicators will be extinguished to show the sequence is complete.

2.5

Adding the Modbus TCP Firewall to the Network

Use the information in this section to add the Modbus TCP Firewall to the network. This assumes you have already started up the firewall and allowed it to complete its startup sequence.

Network requirements The following table summarizes the requirements for adding a Modbus TCP Firewall to the network.
Requirement Use the unsecured Modbus TCP Firewall port. Configure each switch to prevent loops from causing network storms Further information Connects to a Modbus device network switch or, less commonly, directly to a Modbus device. Shutdown all uplink ports not in use (likely the only uplink will be the one to which the Modbus TCP Firewall is attached. Add the following command to all non-uplink ports: spanning-tree bpduguard enabled If connecting to a Modbus device level switch, configure it correctly. Use the secured Modbus TCP Firewall port. Verify that Modbus devices use a static IP address All Modbus/TCP traffic must communicate on TCP Port 502. If connecting to a Level 2 switch, configure it correctly. Use a Level 1 configured switch with the uplink speed and duplex settings configured to auto. Connects to a Level 2 switch. The firewall blocks downstream communication, including DHCP. This is preconfigured. Use an uplink or PC switch port with the speed and duplex settings configured to auto

To connect the Modbus Firewall to the Modbus Device network

To connect the Modbus Firewall to the Experion system

05/2008 Release Independent

Honeywell Modbus TCP Firewall User Guide Honeywell

17

2. Installing Modbus TCP Firewall 2.5. Adding the Modbus TCP Firewall to the Network

Connecting the firewall to the network Note: The firewall must have completed its startup before any network connections are made.
Step 1 Action Connect an RJ45 patch cable from the "Unsecured Modbus TCP Firewall port ( ) to an uplink port on the Modbus device network switch or directly to a Modbus device.

Connect an RJ45 patch cable from the Secure Modbus TCP Firewall port ( ) to the Level 2 switch to allow connection to the Honeywell Experion system. Check that the yellow Link activity light is flashing on both of the network sockets to show network traffic.

The green Speed light comes on if the link is operating at 100Mb/s.

18

Honeywell Modbus TCP Firewall User Guide Honeywell

05/2008 Release Independent

2. Installing Modbus TCP Firewall 2.6. Updating firmware or configuration information

2.6

Updating firmware or configuration information

Use the information in this section to update the firewall's firmware or its configuration. While you are performing an update, you can't see any device that is downstream of the Modbus TCP Firewall.

About firmware and configuration files To obtain the firmware and configuration files, contact an authorized Honeywell representative who can help you get the files from Honeywell Online Support. You can determine the firmware version currently on the Modbus TCP Firewall by viewing the FPGA Revision information on the Status Display. See Section 3.3, "Modbus TCP Firewall faceplate and detail displays." Updating configuration or firmware The USB Load function loads files containing firmware or configuration updates from a USB storage device.
Step 1 2 3 Action Ensure the Modbus TCP Firewall has been powered for at least one minute. Insert the USB storage device containing the prepared data into one of its USB ports. Press and hold the Config button for 5 seconds. The Mode-Event-Fault LEDs begin to flash, in an upward sequence, to indicate a Load. 4 5 When the flashing sequence stops (but not before) remove the USB storage device. If the load was successful, the Modbus TCP Firewall goes to OPERATIONAL mode, with the Mode LED showing a steady light.

05/2008 Release Independent

Honeywell Modbus TCP Firewall User Guide Honeywell

19

2. Installing Modbus TCP Firewall 2.6. Updating firmware or configuration information

Saving diagnostic information The USB Save function copies diagnostic files from the Modbus TCP Firewall to the USB storage device. These files can then be sent to the Honeywell Solution Support Center for analysis.
Step 1 2 Action Insert a USB storage device into one of the USB ports. Press and hold the Config button for seconds (but less than 5). The Fault-Event-Mode LEDs begin to flash, in downward sequence, to indicate a Save. 3 4 5 When the flashing sequence stops remove the USB storage device. If the save was successful, the Modbus TCP Firewall LEDs revert to the state they were in prior to performing a save. Send copies of these files to Honeywell Solution Support Center for analysis.

20

Honeywell Modbus TCP Firewall User Guide Honeywell

05/2008 Release Independent

3. Monitoring Modbus TCP Firewall

3.1 Modbus TCP Firewall in Configuration Studio
For the initial release of the Modbus TCP Firewall, it appears in the list of Control Firewalls, mapped by its MAC address, the same as a Honeywell Control Firewall (CF9) within Configuration Studio. The Configuration Studio tools for the Modbus TCP Firewall are the same as those used for the Control Firewall and can be used in the same manner. Identifying the Modbus TCP Firewall The MAC address for each Modbus TCP Firewall is located on a label on the front of the device. For this initial release of the Modbus TCP Firewall, the device description appears as Control Firewall within Configuration Studio and on any displays. You can distinguish between a Honeywell Control Firewall and a Honeywell Modbus TCP Firewall by looking at the MAC addresses displayed in Configuration Studio:

Honeywell Control Firewall MAC addresses start with 00-40-84 Honeywell Modbus TCP Firewall MAC addresses start with 00-80-66

In the following figure, the first and fourth devices are Control Firewalls; the second and third devices are Modbus TCP Firewalls.

05/2008 Release Independent

Honeywell Modbus TCP Firewall User Guide Honeywell

21

3. Monitoring Modbus TCP Firewall 3.2. Modbus TCP Firewall in Station Displays

3.2

Modbus TCP Firewall in Station Displays

From Station, the Modbus TCP Firewall appears in the System Status Network Tree under Devices the same as a Honeywell Control Firewall (CF9).

Modbus TCP Firewall alarm description Modbus TCP Firewall alarms include conditional alarms for Port link down and when the Control Firewall can no longer be heard (65 second timeout). Port link up generates an event. Modbus TCP Firewall alarm descriptions are formatted as follows: <Switch Name> <Display name> (MAC Address) port-id message For example: TID0000118DAF32 Boiler#2Y (address 00-80-66-04-63-FD) port 0 link status is up
Name Switch Name Description of value Hardcoded identifier reported by the Modbus TCP Firewall. The identifier consists of the constant characters TID plus the 12 character unique hardware identifier printed on the front label of the Modbus TCP Firewall. Name mapped to the Modbus TCP Firewall MAC Address in Configuration Studio. This is the name displayed in the Network tree. MAC Address printed on the label on the front of the Modbus TCP Firewall. If the alarm is for Port 0 (unsecured upper), 'uplink' appears in the alarm description. If the alarm is for Port 1 (secured lower), 'no longer being heard by the FTE' appears in the alarm description. This occurs when the Control Firewall cannot be heard for longer than 65 seconds. This is expected because when the secured port is removed, the firewall no longer has a path to the server.

Display Name MAC Address Port-id

22

Honeywell Modbus TCP Firewall User Guide Honeywell

05/2008 Release Independent

3. Monitoring Modbus TCP Firewall 3.3. Modbus TCP Firewall faceplate and detail displays

3.3

Modbus TCP Firewall faceplate and detail displays

For the initial release of the Modbus TCP Firewall, it appears in faceplates and detail displays as a Honeywell Control Firewall (CF9) with 1 uplink port and 8 additional ports as shown in the following figure.

05/2008 Release Independent

Honeywell Modbus TCP Firewall User Guide Honeywell

23

3. Monitoring Modbus TCP Firewall 3.3. Modbus TCP Firewall faceplate and detail displays

Modbus TCP Firewall status The following table describes the Modbus TCP values as they are displayed on the Status faceplate.
Faceplate Label Uplink* Description Corresponds to the top Ethernet port on the Modbus TCP Firewall, which is the Unsecure port. This port connects to the Modbus Device network, usually through the uplink port on a Cisco switch. Corresponds to the bottom Ethernet port on the Modbus TCP Firewall, which is the Secure port. This port connects to the Experion system through the Level 2 switch. Revision letter for the Modbus TCP Firewall firmware. Revision letter for the Modbus TCP Firewall firmware. Always report "Unknown," but the value is the same as that reported by FPGA and Micro.

Port 1*

FPGA Revision Micro Revision Hardware Revision

* Only these two ports are significant for the Modbus TCP Firewall.

24

Honeywell Modbus TCP Firewall User Guide Honeywell

05/2008 Release Independent

3. Monitoring Modbus TCP Firewall 3.3. Modbus TCP Firewall faceplate and detail displays

Modbus TCP Firewall port statistics Statistics are only available for the Uplink port and Port 1. Port 2 through Port 8 display bad-quality data. Additionally the Transmit and Receive statistics available for the Modbus TCP Firewall are a subset of those available for the Control Firewall (CF9). Unavailable statistics display 0. Following are the available statistics:
Transmit TX_OCTETS TX_DROP TX_MULTICAST TX_COLLISION TX_SINGLE_COLLISION TX_MULTI_COLLISION TX_DEFERRED TX_LATE_COLLISION Receive RX_OCTETS RX_UNDERSIZE RX_OVERSIZE RX_ALIGN_ERROR RX_FCS_ERROR RX_DROPPED

05/2008 Release Independent

Honeywell Modbus TCP Firewall User Guide Honeywell

25

3. Monitoring Modbus TCP Firewall 3.3. Modbus TCP Firewall faceplate and detail displays

26

Honeywell Modbus TCP Firewall User Guide Honeywell

05/2008 Release Independent

4. Troubleshooting Modbus TCP Firewall

Use the information in this section to help you troubleshoot the device.

4.1

Diagnosing issues using the LED indicators

The Modbus TCP Firewall has LEDs on the front of the device that indicate normal and other modes of operation.
LED Pwr Description for LED state Off: Indicates power less than 9V dc On: Indicates power is greater than or equal to 9V dc Fault Off: Normal function On: Indicates a hardware problem and is unable to start. Short flash of .5 seconds: Indicates the Loadable Security Module (LSM), which occurs with a USB Configuration Loading or Diagnostic Saving fault. Long flash of 2 seconds: Indicates the Modbus TCP Firewall OS did not start properly. Event On but steady: Normal function Flashing: Event or alarm generated details sent to CMP Mode On: Normal function

LED descriptions

05/2008 Release Independent

Honeywell Modbus TCP Firewall User Guide Honeywell

27

4. Troubleshooting Modbus TCP Firewall 4.1. Diagnosing issues using the LED indicators

Load/Save LED Activity Use the information in this table to diagnose the fault from the number of Fault LED flashes and determine the appropriate course of action.
No. of Flashes 1 During Load Sequence The USB ports are disabled Contact Honeywell Solution Support Center. No USB storage device in the USB port or the USB storage device is not formatted with the standard Fat32 format. The files on the USB storage device are not valid. The Modbus TCP Firewall was unable to read the configuration files. The files may be corrupt. The Modbus TCP Firewall was unable to decrypt the files. The Modbus TCP Firewall was unable to shut down the USB port. Contact Honeywell Solution Support Center. During Save Sequence No USB storage device in the USB port or the USB storage device is not formatted with the standard Fat32 format. The Modbus TCP Firewall was unable to create the diagnostics files. Contact Honeywell Solution Support Center. The Modbus TCP Firewall was unable to encrypt the diagnostic files. Contact Honeywell Solution Support Center. The Modbus TCP Firewall was unable to copy the encrypted diagnostics files to the USB storage device. The USB storage device may be full. The Modbus TCP Firewall was unable to shut down the USB port. Contact Honeywell Solution Support Center. N/A

28

Honeywell Modbus TCP Firewall User Guide Honeywell

05/2008 Release Independent

4. Troubleshooting Modbus TCP Firewall 4.1. Diagnosing issues using the LED indicators

05/2008 Release Independent

Honeywell Modbus TCP Firewall User Guide Honeywell

29

Process Solutions 2500 West Union Hills Phoenix, AZ 85027