Siemens SIMATIC NET SCALANCE S615 Configuration Manual page 48

Technical basics
3.5 Security functions
These IP rules allow the IP data traffic for all devices for the specified direction.
NAT rule
Ac‐ Fro
tion m
①
Ac‐ vlan
cep 1
t
(in‐
ter‐
nal)
②
Ac‐ vlan
cep 2
t (ex‐
ter‐
nal)
Example 2:
These IP rules restrict the IP data traffic to a specific device.
NAT rule
Ac‐ Fro
tion m
①
Ac‐ vla
cep n1
t
(in‐
ter‐
nal
)
②
Ac‐ vla
cep n2
t (ex
ter‐
nal
)
48
IP rules
To Source (Range)
vlan 192.168.1.0/24
2
(Source IP sub‐
(ex‐ net)
ter‐
nal)
vlan 192.168.1.0/24
1
(Translated Des‐
(in‐ tination IP Sub‐
ter‐ net)
nal)
IP rules
To Source (Range)
vlan 192.168.1.20/32
2
(Source IP sub‐
(ex‐ net)
ter‐
nal)
vlan 192.168.1.20/32
1 (in‐
(Translated Des‐
ter‐
tination IP Sub‐
nal)
net)
Destination Ser
(Range) vic
e
10.10.10.0/24 all
(Destination IP sub‐
net)
10.100.1.0/24 all
(Destination IP sub‐
net)
Destination Ser
(Range) vic
e
10.10.10.0/24 all
(Destination IP sub‐
net)
10.100.1.0/24 all
(Destination IP sub‐
net)
Configuration Manual, 11/2019, C79000-G8976-C388-08
Description
All packets sent from vlan1 (internal) to
vlan2 (external) are allowed to pass.
This IP packet filter rule applies to the devi‐
ces connected to vlan1.
All packets sent from vlan2 (external) to
vlan1 (internal) are allowed to pass.
Description
Only packets sent to vlan2 (external) from
the IP address 192.168.1.20 are allowed to
pass.
Only packets sent from vlan2 (external) to
the IP address 192.168.1.20 are allowed to
pass.
SCALANCE S615 Web Based Management