1. Manuals
  2. Brands
  3. Siemens Manuals
  4. Switch
  5. SIMATIC NET SCALANCE SC-600
  6. Configuration manual

Nat And Firewall - Siemens SIMATIC NET SCALANCE SC-600 Configuration Manual

Industrial ethernet security web based management (wbm)
Hide thumbs Also See for SIMATIC NET SCALANCE SC-600:
Table of Contents

Advertisement

Technical basics
3.8 Security functions
The options are available for port translation:
from
a single port
a single port
a port range
a port range
Port forwarding can be used to allow external nodes access to certain services of the
internal network e.g. FTP, HTTP.
You configure NAPT in "Layer 3" > "NAT" > "NAPT (Page 264)".
Source NAT
As with masquerading, in source NAT the source address is translated. In addition to
this, the outgoing data packets can be restricted. These include limitation to certain IP
addresses or IP address ranges and limitation to certain interfaces.
Source NAT can be used if the internal IP addresses cannot or should not be forwarded
externally, for example because a private address range such as 192.168.x.x is used.
You configure source NAT in "Layer 3" > "NAT" > "Source NAT (Page 266)".
NETMAP
With NETMAP it is possible to translate complex subnets to a different subnet. In this
translation, the subnet part of the IP address is changed and the host part remains. For
translation with NETMAP only one rule is required. NETMAP can translate both the
source IP address and the destination IP address. To perform the translation with
destination NAT and source NAT, numerous rules would be necessary. NETMAP can
also be applied to VPN connections.
You configure NETMAP in "Layer 3" > "NAT" > "NETMAP (Page 268)".
3.8.5

NAT and firewall

The firewall and NAT router support the "Stateful Inspection" mechanism. If the IP data
traffic from internal to external is enabled, internal notes can initiate a communications
connection into the external network.
The reply frames from the external network can pass through the NAT router and firewall
without it being necessary for their addresses to be included extra in the firewall rule
and the NAT address translation. Frames that are not a reply to a query from the internal
network are discarded without a matching firewall rule.
58
to
Response
the same port
If the ports are the same, the frames will be forwarded without
port translation.
a single port
The frames are translated to the port.
a single port
The frames from the port range are translated to the same port
(n:1).
the same port
If the port ranges are the same, the frames will be forwarded
range
without port translation.
SCALANCE SC-600 Web Based Management (WBM)
Configuration Manual, 10/2021, C79000-G8976-C475-03
Show Quick Links

Hide quick links:

Advertisement

Table of Contents
loading

Related Manuals for Siemens SIMATIC NET SCALANCE SC-600

Related Content for Siemens SIMATIC NET SCALANCE SC-600

This manual is also suitable for:

Simatic net scalance sc622-2cSimatic net scalance sc632-2cSimatic net scalance sc636-2cSimatic net scalance sc642-2cSimatic net scalance sc646-2c

Table of Contents