S7 Distributed Safety F系统配置

S7 F-CPU故障安全系统作者：潘志刚来源：《科学导报·学术》2020年第14期摘要：安全工程的目的是通过使用安全为导向的技术安装，尽可能地使对人员和环境的危害最小化。

西门子S7在电气行业中属于重要的一种，具有独立的安全系统-故障安全系统，目前在大工厂的使用已经日益普遍，但在故障安全方面的理解还存在很多问题，本文对分布式故障安全系统阐述，从分布式故障安全的定义、组态以及程序结构进行描述，希望本课题的开展对该领域用户提供参考与借鉴。

关键词：安全;分布式安全;PROFISAFE通信;安全处理器;安全信号模板前言故障安全系统独立于普通的用户程序系统，安全系统关闭后，该系统立刻达到安全状态。

在系统运行中，S7 F-CUP 故障安全系统立即关闭，过程中不会对生命或设备造成任何危害，保护用户不受到损失。

故障安全已经在工业工程方面得到广泛推广，故障安全与传统的继电器相比，具有一个高标准的安全系统，电子控制的集成，通信控制，检测控制都可以体现其优越性。

通过S7软件进行诊断信息，信息内容比较详细，信息内容指定性比较强，当故障安全系统中断，利用改进的检测故障功能和本地用户操作，允许在生产出现有关安全的中断后，迅速可以恢复生产，避免经济损失。

故障安全系统所拥有的特征：用户用一套自动化设备组建一个自动化系统，该系统可以实现一个可靠安全保护功能。

当其中某个自动化设备发生故障，該系统依然能够保持安全功能可靠工作。

1 S7 F-CPU中的故障安全系统1.1 S7工业自动化提供两个故障安全系统1）S7 F-CUP故障安全控制系统用于实现人身和设备的保护和工业过程控制。

2）故障安全容错系统为了增加自动生产的安全性，防止由于S7 F-CUP中的故障安全系统的错误导致的过程故障，S7 F-CUP中的故障安全系统可以配冗余电源、冗余处理器、冗余通讯和冗余输入输出。

可以提高安全系统的稳定性。

1.2 S7 F-CUP中分布式故障安全功能原理故障安全是通过现场硬件与软件程序结构相结合实现的，在现场出现紧急情况，立即执行安全程序，保护现场处于安全状态。

S7 分布式故障安全系统使用入门S7 Distributed Safety System Getting Started摘要 安全工程的目的是通过使用安全为导向的技术安装，尽可能地使对人员和环境的危害最小化。

本文档通过一个简单实例来描述西门子分布式故障安全系统的概念、配置、编程以及通讯，去除掉手册过多的文字性描述，以便用户能够用较短的时间增强对西门子分布式故障安全系统的了解。

关键词 安全，分布式安全，PROFISAFE通信，安全处理器、安全信号模板Key Words Safety, Distributed Safety, PROFISAFE Communication, F-CPU, F-SMA&D Service & Support Page 2-32目录S7 分布式故障安全系统使用入门 (1)1. 故障安全系统概述 (5)1.1什么是故障安全自动化系统 (5)1.2西门子安全集成的概念 (5)1.3SIMATIC S7中的故障安全系统 (5)1.3.1 SIMATIC S7自动化系统提供两种故障安全系统: (5)1.3.2 可实现的安全要求 (6)1.3.3 S7 Distributed Safety 和 S7 F/FH Systems 中的安全功能原理 (6)2．S7 DISTRIBUTED SAFETY 组件 (7)2.1硬件组件 (7)2.2软件组件 (8)3. 分布式故障安全系统的组态和编程 (9)3.1综述 (9)3.1.1 本例程使用的设备结构图 (9)3.1.2 软硬件列表 (10)3.2硬件组态步骤 (10)3.2.1 组态硬件 (10)3.2.2 组态 F-CPU (11)3.2.3 组态 F-IO (12)3.3程序结构 (15)3.4程序实例 (16)3.4.1 配置F-FB (16)3.4.2创建Failsafe Runtime Group (17)3.4.3 在OB35中调用F-CALL (19)3.4.4 编译下载Failsafe程序 (19)3.5程序测试 (20)3.5.1 F_ESTOP1运行结果 (20)3.5.2 急停信号的钝化与去钝 (21)A&D Service & Support Page 3-324. 分布式故障安全系统通信 (23)4.1综述 (23)4.2硬件组态 (24)4.2.1 从站组态 (24)4.2.2 添加从站 (24)4.2.3 组态安全相关的通信地址区 (24)4.2.4 编程通信 (27)4.2.5 通信结果 (29)A&D Service & Support Page 4-321. 故障安全系统概述1.1 什么是故障安全自动化系统故障安全自动化系统（F 系统）用于控制可以在关闭后立即达到安全状态的过程。

STEP7 中S7-300F CPU与ET200S安全模块的配置例程ET200S 分布式 IO系统除了标准模块外，还包含故障安全模块。

具有 PROFINET接口的安全 CPU 与配有故障安全模块的 ET200S IO设备可以实现安全功能。

配置过程与标准系统中一样，通过在硬件组态中进行网络连接，并在在线状态下分配从站的设备名称。

ET200S上的故障安全模块还需要设置安全目标地址拨码。

在本例程中，将CPU 317F-2PN/DP 作为IO 控制器，ET200S 作为IO设备，在上面配置安全IO模块，通过两个设备的 PN 口进行连接。

1 示例所使用的软硬件环境l STEP7 V5.5 SP4l STEP7 Distributed Safety V5.4 SP5 Upd1 （S7 F ConfigurationPack V5.5 SP12）l CPU317F-2PN/DP V3.2 订货号6ES7 317-2FK14-0AB0l IM151-3PN HF V7.0 订货号6ES7 151-3BA23-0AB0l ET200S PM-E订货号6ES7 138-4CA01-0AA0l ET200S F-DI 订货号6ES7 138-4FA05-0AB0l ET200S F-DO 订货号6ES7 138-4FB04-0AB02 硬件配置1.点击“新建项目”输入项目名称（CPU317F_ET200S），点击“OK”，完成项目创建，如图2-1所示。

图2-1 创建项目2.插入S7-300站，将名字修改为：CPU317F；如图2-2所示。

图2-2 插入站3.双击硬件组态配置界面，从右侧产品列表中找到CPU317F-2PN/DP，拖入到项目中。

如图2-3所示。

图2-3 硬件组态4.双击CPU硬件组态，在CPU属性页面中设置CPU密码保护及安全程序密码，如图2-4，2-5所示。

图2-4 设置CPU保护等级和密码之后，激活安全功能图2-5 设置安全密码5.设置IP地址及工业以太网网络（通过以太网编程下载），如图2-6所示。

1介绍在S7分布式安全中，F-CPU 的安全程序之间可以通过S7 连接进行安全相关的通讯。

与在标准程序中相同，这个S7连接是在NetPro连接表中创建的，而且仅允许使用在工业以太网上S7 连接。

必须是集成PN接口的F-CPU或者是S7-400 F-CPU 通过CP443-1 Advanced 创建的S7连接，并且安全相关的通讯不能使用未指定伙伴的S7 连接。

同样，与在标准程序中相同，通过S7 连接进行的安全相关通讯需要在安全程序中调用应用程序块发送和接收安全数据，分别是在Distributed Safety F 库(V1)中F_SENDS7和F_RCVS7两个F应用程序块。

可以使用这些F应用程序块发送指定数量的BOOL、INT、WORD 和TIME数据类型的安全数据。

通讯的安全数据必须存储在创建的F-DB中。

2配置通过S7连接进行的安全通信本文通过一个示例项目介绍F-CPU 安全程序之间如何通过S7 连接进行安全相关的通讯。

随文档附带了示例程序，文件名为“F-s7.zip”供读者在应用时参考。

示例程序中的F-CPU硬件密码都为1，安全程序密码都为2。

2.1示例所使用的软件和硬件环境∙STEP7 V5.5+SP3∙S7 Distributed Safety Programming V5.4+SP5∙S7 F ConfigurationPack V5.5+SP9+Upd1∙CPU 317F-2PN/DP订货号6ES7 317-2FK14-0AB0 V3.2∙CPU 416F-3PN/DP订货号6ES7 416-3FR05-0AB0 V5.32.2通过S7连接进行安全通信的组态2.2.1组态CPU新建一个项目，分别插入一个SIMATIC 300站和一个SIMATIC 400站，选择对应的型号配置机架和CPU。

1、分别为两个CPU分配IP地址和以太网（如图2-1、2-2所示）2、将两个CPU都组态为F-CPU（如图2-3所示）–必须输入F-CPU的密码–必须选中“CPU包含安全程序”（CPU contains safety program）选项图2-1分配IP地址和以太网图2-2分配IP地址和以太网图2-3分别将两个CPU组态为F-CPU2.2.2组态S7连接打开SIMATIC Manager界面选择Options—>Configure Network进入NetPro，右键点中CPU317-2PN/DP，弹出的对话框中选择“插入一个新连接”。

SIMATICProcess Control System PCS 7 Configuration Symantec Endpoint Protection V14Commissioning Manual03/2018A5E44395521-AALegal informationWarning notice systemThis manual contains notices you have to observe in order to ensure your personal safety, as well as to preventdamage to property. The notices referring to your personal safety are highlighted in the manual by a safety alertsymbol, notices referring only to property damage have no safety alert symbol. These notices shown below aregraded according to the degree of danger.DANGERindicates that death or severe personal injuryWARNINGindicates that death or severe personal injury may result if proper precautions are not taken.CAUTIONindicates that minor personal injury can result if proper precautions are not taken.NOTICEindicates that property damage can result if proper precautions are not taken.If more than one degree of danger is present, the warning notice representing the highest degree of danger will beused. A notice warning of injury to persons with a safety alert symbol may also include a warning relating to propertydamage.Qualified PersonnelThe product/system described in this documentation may be operated only by personnel qualified for the specifictask in accordance with the relevant documentation, in particular its warning notices and safety instructions. Qualifiedpersonnel are those who, based on their training and experience, are capable of identifying risks and avoidingpotential hazards when working with these products/systems.Proper use of Siemens productsNote the following:WARNINGSiemens products may only be used for the applications described in the catalog and in the relevant technicaldocumentation. If products and components from other manufacturers are used, these must be recommended orapproved by Siemens. Proper transport, storage, installation, assembly, commissioning, operation andmaintenance are required to ensure that the products operate safely and without any problems. The permissibleambient conditions must be complied with. The information in the relevant documentation must be observed. TrademarksAll names identified by ® are registered trademarks of Siemens AG. The remaining trademarks in this publicationmay be trademarks whose use by third parties for their own purposes could violate the rights of the owner. Disclaimer of LiabilityWe have reviewed the contents of this publication to ensure consistency with the hardware and software described.Since variance cannot be precluded entirely, we cannot guarantee full consistency. However, the information inthis publication is reviewed regularly and any necessary corrections are included in subsequent editions.Siemens AGDivision Process Industries and DrivesPostfach 48 4890026 NÜRNBERGGERMANYA5E44395521-AAⓅ 05/2018 Subject to changeCopyright © Siemens AG 2018.All rights reservedTable of contents1Security information (5)2Preface (7)3Configuration (9)3.1Introduction (9)3.2Notice (9)3.3Overview of SEP modules and functions (10)3.4SEP modules and functions (11)3.4.1General information (11)3.4.2Virus and Spyware Protection (11)3.4.3Intrusion Prevention (13)3.4.4Host Integrity (13)3.4.5Application and Device Control (13)3.4.6LiveUpdate (13)3.4.7Network Application Monitoring (14)Configuration Symantec Endpoint Protection V14Commissioning Manual, 03/2018, A5E44395521-AA3Table of contentsConfiguration Symantec Endpoint Protection V14 4Commissioning Manual, 03/2018, A5E44395521-AASecurity information1 Siemens provides products and solutions with industrial security functions that support thesecure operation of plants, systems, machines, and networks.In order to protect plants, systems, machines and networks against cyber threats, it isnecessary to implement – and continuously maintain – a holistic, state-of-the-art industrialsecurity concept. Siemens’ products and solutions constitute one element of such a concept.Customers are responsible for preventing unauthorized access to their plants, systems,machines and networks. Such systems, machines and components should only be connectedto an enterprise network or the internet if and to the extent such a connection is necessaryand only when appropriate security measures (e.g. firewalls and/or network segmentation) arein place.For additional information on industrial security measures that may be implemented, pleasevisit:https:///industrialsecuritySiemens’ products and solutions undergo continuous development to make them more secure.Siemens strongly recommends that product updates are applied as soon as they are availableand that the latest product versions are used. Use of product versions that are no longersupported, and failure to apply the latest updates may increase customer’s exposure to cyberthreats.To stay informed about product updates, subscribe to the Siemens Industrial Security RSSFeed underhttps:///industrialsecurity.Configuration Symantec Endpoint Protection V14Commissioning Manual, 03/2018, A5E44395521-AA5Security informationConfiguration Symantec Endpoint Protection V14 6Commissioning Manual, 03/2018, A5E44395521-AAPreface2 This documentation describes the settings of Symantec Endpoint Protection (SEP) that needto be changed for use in an industrial plant.The configuration represents an extract of the settings from SEP which were used in thecompatibility test with PCS 7 and WinCC.Important information about this whitepaperNoteThe recommended settings for these virus scanners have been chosen to ensure that thereliable real-time operation of PCS 7 is not adversely affected by the virus scanner software.These recommendations describe the currently known, best-possible compromise betweenthe objective of maximizing the detection and neutralization of virus software and malware andguaranteeing a highly deterministic time behavior of the PCS 7 process control system in alloperating phases.If you choose different settings for the virus scanner, this could have negative effects on thereal-time behavior.Purpose of the documentationThis documentation describes the recommended settings for virus scanner software incombination with PCS 7 and WinCC following the virus scanner installation.Required knowledgeThis documentation is aimed at persons involved in the engineering, commissioning, andoperation of automated systems based on SIMATIC PCS 7 or WinCC. Knowledge ofadministration and IT techniques for Microsoft Windows operating systems is assumed.In addition, readers should be familiar with the PCS 7 & WinCC security concept.Additional information is available on the Internet at the following address:Security concept (https:///WW/view/en/60119725) Configuration Symantec Endpoint Protection V14Commissioning Manual, 03/2018, A5E44395521-AA7PrefaceScope of the documentationThis documentation applies to process control systems that are realized with the correspondingPCS 7 or WinCC product version.NoteNote that certain virus scanners are only approved for certain product versions. Additionalinformation is available on the Internet at the following address:Compatibility tool (https:///kompatool)Configuration Symantec Endpoint Protection V14 8Commissioning Manual, 03/2018, A5E44395521-AAConfiguration3 3.1IntroductionSymantec Endpoint Protection (SEP) activates additional functions going beyond thetraditional virus scanner. The following configurations refer to the centrally managed SEPvariant, which is configured using the SEP Manager. The use of a local, non-managedinstallation is allowed, but is not described. In addition, only an English installation is referredto. All the configurations described are deviations from the default configurations, i.e. anysettings not described are not changed.3.2NoticeThe following setting is essential for stable operation of PCS 7.Under "Clients->My Company->Policies->External Communication Settings:UncheckClient Submission Send anonymous data to Sy‐mantecUncheckClient Queries Allow Insight lookups for threaddetectionWhen this option is active, the virus scanner attempts to contact Symantec Server directly onthe Internet during each file scan. There is a significant delay if the virus scanner cannot reachthe server. This makes the stable operation of PCS 7 impossible.All other check boxes under Submission Settings should also be cleared so that no internalinformation, even if it is anonymous, is sent to Symantec. The other options do not have anegative effect on PCS 7, however.Client RestartClients should never be restarted automatically. You should disable an automatic restart intwo places.Under "Clients->My Company->Policies->General:Restart Settings Restart method No restartGenerate a new policy under Install Packages->Client Install Settings:Restart Settings Restart method No restartConfiguration Symantec Endpoint Protection V14Commissioning Manual, 03/2018, A5E44395521-AA93.3Overview of SEP modules and functions SEP has the following configurable modules that can be configured with policies (available in the SEP under "Policies"):●Virus and Spyware Protection ●Firewall ●Intrusion Prevention ●Application and Device Control ●Host Integrity ●LiveUpdate ●Exceptions Additional settings (available in the SEP Manager under Clients > Policies > Location- independent Policies and Settings):●Custom Intrusion Prevention ●System Lockdown ●Network Application Monitoring The following modules and settings are recommended and are tested for compatibility for use in a PCS 7 and WinCC environment:●Virus and Spyware Protection ●Intrusion Prevention ●Device Control ●Host Integrity (provisional)●LiveUpdate ●Network Application Monitoring The following modules and settings are not recommended and are not checked in the compatibility test:●Firewall – Only the Windows Firewall is released for use with PCS 7 and WinCC as this is configured automatically depending on the product installed.●Application Control – This involves computer-specific settings that cannot be checked.●Exceptions – This involves system-specific settings that cannot be checked.●Custom Intrusion Prevention – This involves plant-specific settings that cannot be checked.●System Lockdown – This involves computer-specific settings that cannot be checked.For this reason, no policies should be assigned for these modules and the settings should not be switched "On". Any use of modules and settings which are not recommended is the user's own responsibility.Configuration3.3 Overview of SEP modules and functionsConfiguration Symantec Endpoint Protection V1410Commissioning Manual, 03/2018, A5E44395521-AA3.4SEP modules and functions3.4.1General informationThe options for the policies which have to be configured have no locks next to them. Werecommend that you "close" all locks (by clicking on them). This guarantees that theconfiguration of the virus scan client cannot be changed locally.For the same reason we recommend that you, under Clients-> Policies-> Location-specificSettings-> Client User Interface Control Settings: Click Server Control and Customize andclear all the check boxes except for "Display the client" and "Display the notification area icon".3.4.2Virus and Spyware ProtectionThe following configurations relate to a newly created Default Policy.Windows Settings-> ScheduledScans-> Scans->Administrator-De‐fined ScansDaily Scheduled Scan DeleteWindows Settings-> ProtectionTechnology-> Auto-Protect-> Ac‐tions-> Actions (for "Malicious" and"Security Risks")First action Leave alone (log only)Windows Settings-> ProtectionTechnology-> Auto-Protect-> Ac‐tions-> RemediationTerminate processes automatically UncheckWindows Settings-> ProtectionTechnology-> Auto-Protect-> Ac‐tions-> RemediationStop services automatically UncheckWindows Settings-> Protection Technology-> Auto-Protect-> Noti‐fications-> Notifications Display the Auto-Protect result dialogon the infected computerUncheckWindows Settings-> Protection Technology-> Download Protec‐tion-> Download Insight Enable Download Insight to detect po‐tential risk in downloaded files basedon file reputationUncheckWindows Settings-> ProtectionTechnology-> Download Protec‐tion-> Actions-> Malicious filesFirst action Leave alone (log only)Windows Settings-> ProtectionTechnology-> Download Protec‐tion-> Actions-> Unproven filesSpecify action for unproven files Leave alone (log only)Windows Settings-> Protection Technology-> Download Protec‐tion-> Notifications-> Notifications Display a notification message on theinfected computerUncheckWindows Settings-> ProtectionTechnology-> SONAR-> SONARSettingsEnable SONAR UncheckWindows Settings-> Email Scans-> Internet Email Auto-Protect->Scan DetailsEnable Internet Email Auto-Protect UncheckWindows Settings-> Email Scans-> Microsoft Outlook Auto-Protect-> Scan Details Enable Microsoft Outlook Email Auto-ProtectUncheckWindows Settings-> Email Scans-> Lotus Notes Email Auto-Protect-> Scan Details Enable Lotus Notes Email Auto-Pro‐tectUncheckWindows Settings-> Advanced Op‐tions-> Global Scan OptionsDisplay notifications about detections UncheckWindows Settings-> Advanced Op‐tions-> Quarantine-> General-> When New Virus Definitions Arrive Specify how client computers handleitems in the QuarantineDo NothingWindows Settings-> Advanced Op‐tions-> Quarantine-> General-> Quarantined Items Allow client computers to manuallysubmit quarantined items…UncheckWindows Settings-> Advanced Op‐tions-> Quarantine-> Cleanup-> Repaired Files Enable automatic deleting of backupfilesUncheckWindows Settings-> Advanced Op‐tions-> Quarantine-> Cleanup-> Backup Files Enable automatic deleting of repairedfilesUncheckWindows Settings-> Advanced Op‐tions-> Quarantine-> Cleanup-> Quarantined Files Enable automatic deleting of quaran‐tined files that could not be repairedUncheckWindows Settings-> Advanced Op‐tions-> Miscellaneous-> Notifica‐tions-> Notifications Display error messages with a URL toa solutionUncheck3.4.3Intrusion PreventionThe following configurations relate to a newly created Default Policy.No changes required.3.4.4Host IntegrityUsing "Host Integrity" you can monitor the configuration and the behavior of computers. Thismonitoring has to be configured specifically for the plant. Care should be taken to ensure thatno dialog boxes or messages appear on the local client.3.4.5Application and Device ControlThe following configurations relate to a newly created Default Policy.The recommendation is only to use Device Control, in order to prevent the use of USB devicesfor example.All check boxes should be cleared under "Application Control".3.4.6LiveUpdateThe following configurations relate to a newly created Default Policy.The settings for reaching the Symantec Update-Server on the internet or a higher-level updateserver must be adapted to the relevant network topology.Windows Settings-> Schedule-> Live‐Update SchedulingEnable LiveUpdate Scheduling UncheckWindows Settings-> Advanced Set‐tings-> User SettingsAllow the user to manually launch LiveUpdate UncheckWindows Settings-> Advanced Set‐tings-> User Settings Allow the user to modify HTTP, HTTPS, or FTPproxy settings for LiveUpdateUncheck3.4.7Network Application MonitoringThis setting should only be used by administrators with sound network and security knowledgeand in systems that have their own security administration.The setting "Network Application Monitoring" is under "Clients-> My Company-> Policies->Location-independent Policies and Settings-> Network Application Monitoring".The inheritance settings have to be changed here, depending on the company and networktopology.Network Application Monitoring Enable network application monitoring CheckNetwork Application Monitoring When an application change is detected Allow and Log。

SIMATICSIMATIC S7 中的安全工程系统手册安全技术提示 为了您的人身安全以及避免财产损失，必须注意本手册中的提示。

人身安全的提示用一个警告三角表示，仅与财产损失有关的提示不带警告三角。

警告提示根据危险等级由高到低如下表示。

危险表示如果不采取相应的小心措施，将会导致死亡或者严重的人身伤害。

警告表示如果不采取相应的小心措施，可能导致死亡或者严重的人身伤害。

小心带有警告三角，表示如果不采取相应的小心措施，可能导致轻微的人身伤害。

小心不带警告三角，表示如果不采取相应的小心措施，可能导致财产损失。

注意表示如果不注意相应的提示，可能会出现不希望的结果或状态。

当出现多个危险等级的情况下，每次总是使用最高等级的警告提示。

如果在某个警告提示中带有警告可能导致人身伤害的警告三角，则可能在该警告提示中另外还附带有可能导致财产损失的警告。

合格的专业人员仅允许安装和驱动与本文件相关的附属设备或系统。

设备或系统的调试和运行仅允许由合格的专业人员进行。

本文件安全技术提示中的合格专业人员是指根据安全技术标准具有从事进行设备、系统和电路的运行，接地和标识资格的人员。

按规定使用请注意下列说明：警告设备仅允许用在目录和技术说明中规定的使用情况下，并且仅允许使用西门子股份有限公司推荐的或指定的其他制造商生产的设备和部件。

设备的正常和安全运行必须依赖于恰当的运输，合适的存储、安放和安装以及小心的操作和维修。

商标所有带有标记符号 ® 的都是西门子股份有限公司的注册商标。

标签中的其他符号可能是一些其他商标，这是出于保护所有者权利的目地由第三方使用而特别标示的。

责任免除我们已对印刷品中所述内容与硬件和软件的一致性作过检查。

然而不排除存在偏差的可能性，因此我们不保证印刷品中所述内容与硬件和软件完全一致。

印刷品中的数据都按规定经过检测，必要的修正值包含在下一版本中。

Siemens AGAutomation and Drives Postfach 48 4890437 NÜRNBERG A5E00887402-01 Ⓟ02/2007 Ⓟ Copyright © Siemens AG 2006.本公司保留技术更改的权利前言系统说明的用途此系统说明概述了 S7 Distributed Safety 和 S7 F/FH Systems 故障安全自动化系统。