×
Siemens Industry Online Support
Siemens AG
Entry type: FAQ Entry ID: 34675703, Entry date: 03/20/2009
(0)
Rate

Which firewall rules do you have to define for SCALANCE S in the Security Configuration Tool to allow data traffic between internal and external networks for a specific IP address area?

  • Entry
  • Associated product(s)

Description:
The SCALANCE S serves as a firewall to protect the internal network against influences and disturbances from the external network. By default, all message types that are sent from the internal network to the external network are blocked. All the messages that are sent from the external network to the internal network and SCALANCE S are blocked.

You define the following firewall rules for SCALANCE S in the Security Configuration Tool to allow data traffic for all message types sent from the internal network to the external network for a specific IP address area. In this example, the data traffic is allowed from the internal to the external network for the IP address area of 100.61.0.1 to 100.61.255.255.


Fig. 01: Dialog "Module Properties" -> Tab "Firewall Settings"

The firewall rules shown in Fig. 01 allow the following behavior.


Fig. 02: SCALANCE S behavior
 

No. SCALANCE S behavior  
1 By default, all messages from external to internal are blocked except for the explicitly defined IP address area.
2 By default, all messages from internal to external are blocked except for the explicitly defined IP address area.
3 The "External->Internal" firewall rule allows messages from the external to the internal network if the following conditions are fulfilled:
  • IP address of the sender (source IP) is in the address area of 100.61.0.0 to 100.61.255.255 and
  • IP address of the recipient (destination IP) is in the address area of 100.61.0.0 to 100.61.255.255
4 The "Internal->External" firewall rule allows messages from the internal to the external network if the following conditions are fulfilled:
  • IP address of the sender (source IP) is in the address area of 100.61.0.0 to 100.61.255.255 and
  • IP address of the recipient (destination IP) is in the address area of 100.61.0.0 to 100.61.255.255

Security information
In order to protect technical infrastructures, systems, machines and networks against cyber threats, it is necessary to implement – and continuously maintain – a holistic, state-of-the-art IT security concept. Siemens’ products and solutions constitute one element of such a concept. For more information about cyber security, please visit
http://www.siemens.com/industrialsecurity.