Firewall Rules - Weidmuller IE-SR-2GT-LAN Manual

A3 - Configuring the Router to connect 2 networks with different IP ad-
dress ranges and additional firewall rules
This Technical Note applies to the Weidmüller Industrial Router IE-SR-2GT-LAN and IE-SR-2GT-UMTS/3G
Application requirements:
There are 2 industrial Ethernet networks which are connected by a Router. Each network has its own IP address range.
All Ethernet nodes in both networks shall have the possibility to communicate with each other except that devices B and
C of network 1 cannot be accessed by a ping request (ICMP protocol).
Solution:
Configure firewall rules to prohibit ping requests from devices of network 2 to devices B and C of network 1.
In this example the IP address ranges are set to
192.168.10.0 / 255.255.255.0 for Network 1 and
192.168.20.0 / 255.255.255.0 for Network 2
The Router interfaces will be set to
192.168.10.254 / 255.255.255.0
192.168.20.254 / 255.255.255.0
Network diagram of below described application scenario
Network 1: 192.168.10.0 / 24
(Class C)
Ping Device A
allowed to
Device A
192.168.10.100
255.255.255.0
GW 192.168.10.254
Ping Device B
prohibited
to Device B
192.168.10.101
255.255.255.0
GW 192.168.10.254
Ping
Device C
prohibited
to Device C
192.168.10.102
255.255.255.0
GW 192.168.10.254
Copyright © 2013 Weidmüller Interface GmbH & Co. KG
All rights reserved. Reproduction without permission is prohibited.
for LAN interface and
for WAN interface
Communication between
devices of network 1 and 2
allowed, but ping requests from
network 2 to devices B and C
of network 1 are prohibited
WAN-Port
192.168.20.254
255.255.255.0
LAN-Port
192.168.10.254
255.255.255.0
Configuration PC
Network 2: 192.168.20.0 / 24
(Class C)
Device E
192.168.20.100
255.255.255.0
GW 192.168.20.254
Device F
192.168.20.101
255.255.255.0
GW 192.168.20.254
Device G
192.168.20.102
255.255.255.0
GW 192.168.20.254
59 / 103