Tab: Communication Settings

On this tab of the generic device editor, you define the connection between CODESYS and the device on which your application(s) should run. This includes security settings such as encrypted communication and signing.

Tip

If you prefer the classic mode of display for the dialog, then select it in the CODESYS Options in the Device editor category.

You select a gateway and a target device from the list boxes. The possible selections depend on the entries in the Manage Gateways and Manage Favorite Devices dialogs (see the Gateway menu).

You can also specify the target directly with the IP address (example: "192.168.101.109"), the device address (example: [056D]), or the device name (example: MyDevice). After the device is entered, CODESYS searches for the device in the network of the gateway.

Tip

The option of searching by device name requires unique device names in the network.

The solid circle on the lower right corner of the gateway symbol provides information about the connection status:

Red: CODESYS cannot establish the connection.
Green: The connection is established.
Black: The connection status is unknown.

Tip

Some communication protocols allow regular checking of the gateway so that the status cannot be displayed.

Clicking the solid circle of the target device starts a network scan for the device. This works only if the network is not already being scanned.

Scan Network

This button opens the Select Device dialog. It lists all configured gateways with the associated devices. You can select one target device from this list. If the name of the selected device is unique, then the name will be used in the connection settings. Otherwise, the unique device address is applied.

The displayed parameters are defined in the SysTarget component in the runtime system and essentially represent the type plate of the controller. The device name can be changed using the Device → Rename Active Device command.

Option: Hide non-matching devices, filter by Target ID:

standard icon : The display is limited on the devices that have the same target ID as the current device configured in the project.

: All available devices in the network are displayed. Double-clicking the entry of a device, which has a different target system ID than the device configured in the project, opens a dialog box. This dialog box allows you to update the device description of the device in the project to the one matching the selected device. Note: This kind of update is possible only with devices which have different IDs, not for those which only have different versions. The update also requires that the device description is already installed in the repository.

Gateway

This menu includes the following commands:

Add New Gateway: Opens the Gateway dialog for defining a new gateway channel
Manage Gateways: Opens the Manage Gateways dialog with an overview of all gateways. Here you can add, delete, or edit entries or change their order.
Configure Local Gateway: Opens the Gateway Configuration dialog. You can configure the block drivers for the local gateway.

Device

This menu includes the following commands:

Options:
- Add Current Device to Favorites: Adds the currently set device to the list of favorite devices
- Manage Favorite Devices: Opens the favorites dialog with a list of all preferred devices. In this dialog, you can add or delete entries or change their order. The top device is the default.
- Confirmed Online Mode:
  : For security reasons, CODESYS requires a confirmation from you when calling the following online commands: Force Values, Write Values, Multiple Loading, Release Force List, Single Cycle, Start, Stop.
- Store Communication Settings in Project:
  : CODESYS saves the communication settings in the project for reuse on the same computer.
  Note: If you use the project on another computer, then you need to reset the active path.
  : CODESYS saves the communication settings in the options of the local installation for reuse on the same computer.
  Note: When using CODESYS SVN, the option should be cleared in order to prevent a lock on the device object.
Rename Active Device:
Opens a dialog for changing the device name
Wink Active Device: Devices that support this function react by blinking.
Send Echo Service: CODESYS sends five echo services to the controller. These are used to test the network connection, similar to the "ping" function. The services are sent first without a payload and then with a payload. The scope of the payload depends on the communication buffer of the PLC. A message view opens with information about the average echo service delay and the scope of the sent payload.
Encrypted Communication:
: The communication to this controller is encrypted. A certificate of the controller is required in order to log in to the controller. If the certificate is not available, then an error message opens prompting whether or not the certificate should be displayed and installed.
If the Enforce encrypted communication option is selected as the Security level in the Security Screen view, then the Encrypted Communication command is disabled here.
Change Runtime Security Policy
Opens the Change Runtime Security Policy dialog for changing the device setting for the encryption of communication
Change Runtime Password Policy
Opens the Change Runtime Password Policy dialog to change the settings for the password policy and the login lock
Security Settings: This command is available only if CODESYS Security Agent >= 1.3.0.0 is installed. It opens the Device Security Settings dialog. The current security settings on the connected device are displayed. You can change the settings in the Value column and click OK to write them to the device.
For example, you will find the settings for device user management and password policy under the CmpUserMgr node (see also further below).

Table 32. Dialog: Change Runtime Security Policy

When you select a new communication policy in this dialog, the configuration in the runtime system is changed.
Communication Settings
Current policy	Shows the currently selected policy for the encryption of communication with the device
New policy	List box for the new policy for encryption No encryption: The device does not support encrypted communication. Optional encryption: The device supports encrypted and unencrypted communication. Enforced encryption: The device supports encrypted communication only.
Code Signing
Current policy	Display of the code signing policy which is currently set in the runtime system
New policy	All: All types of application code are accepted. Enforced signing: Only signed application code is accepted (preventing loading an application from untrusted sources).
Device User Management
Current policy	Shows the currently selected policy for user management
New policy	Optional user management: It is the responsibility of the user to enable user management on the device or leave the device unprotected. Enforced user management: The user management on the device is enabled and cannot be disabled by the user. Corresponding entry in the Security Settings: `CmpUserMgr` `UserMgmtEnforce`.
Allow anonymous login	: Specific registered components (for example, OPC UA) can connect to the controller without the providing any credentials. Even if anonymous access to the OPC UA is permitted, the created device user management for the controller remains active. Corresponding entry in the Security Settings of the device: `CmpUserMgr` `UserMgmt.AllowAnonymous`.

Table 33. Dialog: Change Runtime Password Policy

The runtime system password policy configured here is checked in advance in the programming system when the password for a new device user is entered or when the existing password of a device user is changed. Important If a limited validity period for a password is configured in the password policy, then the user is prompted to set a new password when logging in after this period has elapsed. Note: To change a password before it expires, a user currently still requires read permission for the device user management.
Password policy is active	Password policy is active: The policy is enabled by default. The Password settings can be changed and are used when a password for the device user management is created. The corresponding entries in the Security Settings of the device are located under the `CmpUserMgr` node (`UserMgmt.PasswordPolicy.<..>`). In the configuration file of CODESYS Control, this corresponds to the CmpUserMgr section. Example: [CmpUserMgr] SECURITY.UserMgmt.PasswordPolicy=ENABLED . Password settings Minimum length Default setting: 8 Number of unique characters Default setting: 4 Requires lowercase letter Default setting: enabled Requires uppercase letter Default setting: enabled Requires digit Default setting: enabled Requires special character Default setting: enabled Must not contain username Default setting: enabled The following rules for the password always apply, even when the rules are partially or completely disabled: The password must not be blank. The password must not contain the user name.
Password expiration is active	: The Password expiration settings can be modified and are applied at login. Corresponding entries in the Security Settings of the device: Under the `CmpUserMgr` node (`Password.Expiration.<...>`). Password expiration settings: Scope: ADMINS: The settings apply to users who have administrator permissions. NONADMINS: The settings apply to all users who do not have administrator permissions. ALL: The settings apply to all users. Timeout [days]: Validity period of the password in days. When this time is exceeded, it is no longer possible to log in with the previous password. In this case, you will immediately be prompted to set a new password.
Login lock is active	: The Login lock settings are applied at login. Corresponding entries in the Security Settings of the device: Under the `CmpUserMgr` node (`UserLogin.<...>`). . Login lock settings Scope ADMINS: The settings apply to users who have administrator permissions. NONADMINS: The settings apply to all users who do not have administrator permissions. ALL: The settings apply to all users. Maximal Retries: When the number of login attempts specified here is exceeded, the user will be locked out for the amount of time which is specified in the Lock duration field. The user cannot log in again until the lock is removed by an administrator or the lockout time has expired. Lock duration [s]: Lock time (in seconds) For information about unlocking a locked user, see: Handling of Device User Management

Communication Settings – Classic Mode

In the CODESYS options, you can activate the classic mode of the Tools → Options dialog in the "Device editor" category).

Select the network path to the controller

Gateway channel for the connection

Select the channel from the lower part of the view.

Table 34. View displaying configured gateway channels and network devices

Left side of view

Tree structure of the configured gateway channels with the connected devices in the local network:

Note: CODESYS saves these entries on the local system, not in the project.

The device entries are preceded by a device symbol. Entries with a target ID that are different from those currently configured in the project are displayed in gray.

Click Scan Network to refresh the list.

Note: If you created the first project on the local system, then the local gateway is listed as an entry in the tree by default. CODESYS starts this gateway automatically on system boot.

The solid circle on the lower right corner of the gateway symbol provides information about the connection status:

Red: CODESYS Development System cannot establish the connection.
Green: The connection is established: .
Black: The connection status is unknown.
Note: Some communication protocols allow regular checking of the gateway so that the status cannot be displayed.

Each of the device entries in the tree consists of a symbol followed by the <device name> [device address]. On the right side of the view, you also see the Target ID, Target Name, Target Type, Target Vendor, and Target Version.

Right side of view

Information about the gateway channel of device selected on the left side of the view

When a gateway channel is selected in the left view, the following information is displayed: Device name, IP address, Port, Driver

When a device is selected in the left view, the following information is displayed (depending of the device): Device name, Device address, Number of channels, Block driver, Serial number, Encrypted communication, Target vendor, Target ID, Target name, Target type, Target version.

Table 35. Filter and sorting functions on the right side of the dialog

Filter	You can reduce the displayed list of devices that have the same Target ID as the current device configured in the project.
Sorting order	You can sort the list by Name or Device Address in alphabetical or ascending order.

Table 36. Command buttons on the right side of the dialog

Set Active Path	The command sets the selected communications channel as active. Double-clicking the entry in the channel tree achieves the same result.
Add Gateway	The command opens the Gateway dialog where you can define a gateway which CODESYS should add to the current configuration.
Add Device	The command opens the Add Device dialog. Here you can manually define a device that is to be inserted under the gateway entry currently selected in the tree. Note the functionality of Scan Network as well.
Scan Network	The command starts a search for available devices in the local network. The configuration tree of the gateway is refreshed accordingly.

Table 37. Commands in the context menu of the gateway tree and device tree in the dialog

Scan for Device by Address	The command searches the network for devices with a unique address as given in the configuration tree. CODESYS displays the detected devices with the given address below the gateway. The search always applies to the devices below the selected gateway or below the selected entry.
Scan for Device by Name	The command searches the network for devices with the same name as given in the configuration tree. Capitalization is ignored. CODESYS displays the detected devices below the gateway with the given name together with its unique device address. The search always applies to the devices below the selected gateway or below the selected entry.
Scan for Device by IP Address	The command searches the network for devices with a unique IP address as given in the configuration tree. CODESYS displays the detected devices with the given address below the gateway together with its name. The search always applies to the devices below the selected gateway or below the selected entry.
Send Echo Service	CODESYS sends five echo services to the controller. These are used to test the network connection, similar to the "ping" function. The services are sent first without a payload and then with a payload. The scope of the payload depends on the communication buffer of the PLC. A message view opens with information about the average echo service delay and the scope of the sent payload.
Delete Selected Device	The command deletes the selected device from the channel tree.
Edit Gateway	The command opens the Gateway dialog for editing the settings for the selected gateway.
Configure the Local Gateway	The command opens a dialog for configuring a local gateway. This provides an alternative to manually editing the `Gateway.cfg` file.

Table 38. Options in the lower part of the dialog

Don't store communication settings in project

: CODESYS saves the communication settings in the options of the local installation for reuse on the same computer.
Note: When using CODESYS SVN, the option should be selected in order to prevent a lock on the device object.
: CODESYS saves the communication settings in the project for reuse on the same computer.
Note: If you use the project on another computer, then you need to reset the active path.

Confirmed Online Mode

standard icon : For security reasons, CODESYS requires a confirmation from you when calling the following online commands: Force Values, Write Values, Multiple Loading, Release Force List, Single Cycle, Start, Stop.

Tab: Communication Settings

Tip

Tip

Tip

Important

Communication Settings – Classic Mode