Siemens SIMATIC NET SCALANCE SC-600 Configuration Manual page 56

Technical basics
3.8 Security functions
You configure the firewall in "Security > Firewall".
Note
IP packets via layer 2 (within the same VLAN)
If the IP packets from the device are sent via a switch port (layer 2), these IP packets are
not checked based on firewall rules. The firewall has no effect on packets forwarded at
the layer 2 level.
Communication directions
from
vlan x
Device
SINEMA RC
IPsec (all)
IPsec <Connection
Name>
Firewall factory setting
Service
HTTP
HTTPS
DNS
SNMP
56
to Meaning
vlan x Access from IP subnet vlan x to IP subnet vlan x.
Example:
vlan1 (INT) → vlan2 (EXT)
Access from the local IP subnet to the external IP subnet.
Device Access from the IP subnet to the device.
SINEMA RC Access from the IP subnet to the SINEMA RC connection.
IPsec (all) Access from the IP subnet to the VPN tunnel partners that can be
reached via all VPN connections (all) or via a certain VPN connection
IPsec <Connection
<Connection Name>.
Name>
vlan x Access from the device to the IP subnet.
SINEMA RC Access from the device to the SINEMA RC connection.
IPsec (all) Access from the device to the VPN tunnel partners that can be
reached via all VPN connections(all) or via a certain VPN connection
IPsec <Connection
(<Connection Name>).
Name>
vlan x Access from SINEMA RC connections to the IP subnet.
Device Access from SINEMA RC connections to the device.
IPsec (all) Access from the SINEMA RC server to the tunnel partners that can be
reached via all VPN connections (all) or via a certain VPN connection
IPsec <Connection
<Connection Name>.
Name>
vlan x Access via VPN tunnel partners to the IP subnet.
Device Access via VPN tunnel partners to the device.
SINEMA RC Access via VPN tunnel partners to the SINEMA RC connection.
Access
from internal (vlan1) to the
device
yes, is rerouted to HTTPS
yes
yes
yes
SCALANCE SC-600 Web Based Management (WBM)
Configuration Manual, 10/2021, C79000-G8976-C475-03
from external (vlan2) to the
device
No
No
No
No