Technical Basics - Siemens SIMATIC NET System Manual

SCALANCE network components
4.8 SCALANCE S Industrial Security Appliance
Figure 4-52
4.8.2

Technical basics

Internal and external network nodes
The SCALANCE S Industrial Security Appliances divide networks into two areas:
● Internal network: Protected areas with the "internal nodes"
Internal nodes are the nodes protected by a SCALANCE S device.
● External network: Unprotected areas with the "external nodes"
External nodes are all the nodes located outside the protected areas.
The internal network is considered to be secure and trustworthy. Connect an internal
network segment with external network segments only via a SCALANCE S Industrial
Security Appliance. Further connection paths between the internal and external networks
may not exist.
Configuration and administration
With the TIA Portal, all SIMATIC NET security products can be configured and diagnosed
from a central location. The configuration of individual devices is possible in Web Based
Management (WBM), Command Line Interface (CLI) or by using SNMP.
The configuration of a SCALANCE S device encompasses the IP parameters and the
configuration of the firewall rules. With the SCALANCE SC642-2C and SCALANCE SC646-
2C devices, it is also possible to configure IPsec tunnels, if necessary.
The SINEMA Remote Connect management platform is used for secure remote
maintenance that enables the setup and management of the tunnel connections (VPN). A
direct access to the company network is not required. The SINEMA Remote Connect server
takes on the function of an agent between the communication nodes.
262
Example of a topology: Protection of an automation cell with a SCALANCE SC646-2C
System Manual, 09/2019, C79000-G8976-C242-10
Industrial Ethernet