Allow Access - Siemens SCALANCE M-800 Getting Started

1.12

Allow access

The firewall is enabled as default. The following access is nor allowed:
● Access from internal to external.
● Access from external to internal.
● Data exchange between different internal VLANs.
● Data exchange with the device from different zones.
You have the following options for allowing access:
● Allow globally
The predefined firewall rules specify which of the zones (VLAN1, VLAN2, ... or PPP) may
access which services of the SCALANCE M-800. With predefined rules it is possible to
permit data exchange between the zones (internal VLAN1 to external PPP0). The firewall
rule for the opposite direction is permitted by stateful packet inspection.
● Allow certain services
Here, you define firewall rules that allow individual services for a single node or all
services for the node for access to the station or network.
In this example, configure the firewall rules that only allow the device with IP address
192.168.100.10 access to the entire Internet. For the access, the services HTTP (TCP
port 80) and DNS (UDP port 53) are required.
Predefined rules
1. Click on "Security > Firewall" in the navigation area and on the "Predefined IPv4 rules"
tab in the content area.
2. Click on "Set Values".
Allow Internet access for a certain device and a certain service (HTTP)
Create HTTP and DNS services
1. Click on "Security > Firewall" in the navigation area and on the "IP Services" tab in the
content area.
2. Under "Service Name", enter e.g. "HTTP" and click "Create". A new entry is created in the
table.
Getting Started, 01/2019, C79000-G8976-C337-07
Connecting SCALANCE M-800 to WAN
1.12 Allow access
43