×
Siemens Industry Online Support
Siemens AG
Entry type: FAQ Entry ID: 109744660, Entry date: 08/28/2017
(6)
Rate

What NAT scenarios can be implemented with the SCALANCE S615?

  • Entry
  • Associated product(s)
By supporting the NAT function, the security module enables protection of different network topologies and flexible implementation of security concepts.

Description
The SCALANCE S615 is a module from the security module product line and protects industrial networks and automation systems against unauthorized access. Thanks to its diverse features, the security module enables protection of different network topologies and flexible implementation of security concepts.

Motivation
Use of the SCALANCE S615 as a router and simultaneous support of common NAT mechanisms provide numerous options for accessing the internal network or automation system to be protected:

  • Static routing

  • NAPT

  • NAT

  • NETMAP

  • IP masquerading

Contents of this Document
This document uses selected UseCases to describe the different options. Each UseCase describes the starting situation, discusses the requirement and addresses the advantages / disadvantages.

The aim is to give an overview of the available options and provide an adequate solution for the most common use cases.

The following configurations are looked at in detail:

  1. Two-way communication with gateway (standard routing)
  2. Web server access without gateway (active PC, passive CPU) (NAPT)

  3. PG functions on multiple CPUs without gateway (destination NAT)

  4. NATing entire subnets (destination NAT)

  5. PG functions on multiple CPUs without gateway in series machine manufacturing (destination NAT)

  6. Cross communication for series machinesCross communication for series machines (destination NAT)

  7. Connection to control systems without gateway (CPU as the active part) (source NAT)

  8. Reaction-free communication using VPN tunnel in existing plants (source NAT)

  9. Reaction-free S7 communication in existing plants (source and destination NAT)

Download
  Documentation (1,4 MB) 

Last changes
Add further chapters.


Security information
In order to protect technical infrastructures, systems, machines and networks against cyber threats, it is necessary to implement – and continuously maintain – a holistic, state-of-the-art IT security concept. Siemens’ products and solutions constitute one element of such a concept. For more information about cyber security, please visit
https://www.siemens.com/cybersecurity#Ouraspiration.