1. Manuals
  2. Brands
  3. Siemens Manuals
  4. Control Unit
  5. SCALANCE S615
  6. Manual

Firewall And Nat - Siemens SCALANCE S615 Manual

Nat variants
Hide thumbs Also See for SCALANCE S615:
Table of Contents

Advertisement

3 Valuable Information
3.1.4

Firewall and NAT

Firewall
The security functions of the SCALANCE S615 include a stateful inspection
firewall. This is a packet filtering / packet inspection method. The IP packets are
inspected based on firewall rules that define the following:
Allowed protocols
IP addresses and ports of the allowed sources
IP addresses and ports of the allowed destinations
If an IP packet matches the specified parameters, it is allowed to pass through the
firewall. The rules also specify what to do with IP packets that are not allowed to
pass through the firewall.
Simple packet filtering methods require two firewall rules per connection.
One rule for the request direction from the source to the destination.
And a second rule for the reply direction from the destination to the source.
Stateful inspection firewall
In contrast, when using a stateful inspection firewall, you only need to specify one
firewall rule for the request direction from the source to the destination. The second
rule is added implicitly. The packet filter remembers when, for example, computer
"A" communicates with computer "B" and allows replies only when this is the case.
A request from computer "B" is therefore not possible without a prior request from
computer "A".
Firewall and NAT
When configuring NAT, there is no automatic enable in the firewall. The NAT router
settings and the firewall rules must be matched such that message frames with a
translated address can pass through the firewall.
What is important is the order in which the message frames pass through NAT and
the firewall as IP addresses/ports are changed depending on the NAT used.
When using destination NAT, the destination IP address and/or destination port are
translated before passing through the firewall.
Accordingly, the firewall rules must be created with the IP addresses and ports that
have already been changed.
When using source NAT, the source IP address is translated after passing through
the firewall.
The IP address that has already been changed can no longer be filtered in the
firewall.
Note
For the SCALANCE S615, the number of firewall and NAT rules is limited to 64.
The rules do not add up; consequently, 64 NAT and 64 firewalls rules are
possible at the same time.
NAT_S615
Entry ID: 109744660,
V1.1,
08/2017
32

Advertisement

Table of Contents
loading

Related Manuals for Siemens SCALANCE S615

Related Content for Siemens SCALANCE S615

Table of Contents