Table of Contents
Advertisement
4.7.5.11
Firewall State Sync
On this WBM page, you set the firewall states of two SC600 that are synchronized with
each other via the network.
When the firewall permits passage of a network packet, a firewall state is created for
this event. This firewall state is required so that the reply to a packet can pass through
the firewall without having to create an additional rule for it. Synchronization of the
firewall state transfers this information to another device. In connection with VRRP, this
ensures that an established connection must not be set up again but that the existing
firewall state is being used.
The outgoing queries are logged by the firewall in dynamic state tables. Direct queries
from the external network without previous query, that is, without corresponding entry in
the state table, are automatically blocked.
Note
Protect connections to the Firewall State Sync
The Firewall State Sync does not use any encryption or authentication. The connection
to the synchronization between the two firewalls therefore needs to be specifically
protected.
If possible, connect the two firewalls directly via dedicated VLAN interfaces. If this
connection cannot be protected from external access, create an IPsec VPN connection
for synchronization.
Description of the displayed boxes
The table contains the following columns:
• Activate State Sync
Activates the Firewall State Sync. When you enable this option, a firewall rule is
automatically created.
• Local Interface
Select the interface via which the firewall state is being sent in case of a change.
SCALANCE SC-600 Web Based Management (WBM)
Configuration Manual, 10/2021, C79000-G8976-C475-03
Configuring with Web Based Management
4.7 "Security" menu
323
- Quick Links:
- Function
- Ip Address
Hide quick links:
Advertisement
Table of Contents
