Conduit properties

Use conduit properties to define the endpoints and security settings to apply to communications over this conduit. Endpoints are either a zone, a device, or a port of a device.

Each conduit must be a unique combination of endpoints.

General

Property	Description
Name	Type a name for the conduit.
Description	Type a description for the conduit.

Connection

Property	Description
Endpoint 1	The first endpoint of the conduit. The list is composed of the zones and devices that are identified in FactoryTalk Policy Manager .
Endpoint 2	The second endpoint of the conduit.

CIP Security Communication

Property	Description
Authentication Method	Determines how the conduit verifies the identity of the assigned devices and/or zones. Trusted IP Devices and zones are trusted for communications based on their IP address. No additional security checks are performed. Certificate Devices and zones are trusted by presenting a certificate that establishes their identity. With this setting selected, configure the I/O Data Security and Messaging Security settings. TIP: If an endpoint is a zone and the conduit uses certificate authentication, devices in that zone that do not support CIP Security will not use the certificate for communication. The CIP Security capable devices will trust the non- CIP Security devices using Trusted IP.
I/O Data Security	Determines the type of security check performed on the input and output data. Integrity Only This option checks if the data was altered. If detected, rejects altered data. Integrity & Confidentiality Checks integrity and encrypts the data so the corresponding decryption key is required to read the data. Rejects altered and/or untrusted data. None With this option, no security checks are performed on input and output data. This setting is available when you choose Certificate as the Authentication Method .
Messaging Security	Determines the type of security check performed on messages received by assets in the zone. Integrity Only This option checks if the data in the message was altered. If detected, rejects altered data Integrity & Confidentiality This option checks if the data in the message was altered and that the message was sent by a trusted entity. Rejects the data if it was altered or if it originated from an untrusted entity. This setting is available when you choose Certificate as the Authentication Method .

Conduits

Provide Feedback

Have questions or feedback about this documentation? Please submit your feedback here.