Table of Contents
Advertisement
The firewall is enabled by default. In the delivery state (factory setting), the configuration
of the predefined IPv4 rules is as follows:
Service
DHCP
DNS
HTTP
HTTPS
IPsec VPN
Ping
SNMP
SSH
System time
Telnet
VRRP
The security functions of the device include a stateful inspection firewall. This is a
method of packet filtering or packet checking.
The IP packets are checked based on firewall rules in which the following is specified:
• The permitted protocols
• IP addresses and ports of the permitted sources
• IP addresses and ports of the permitted destinations
If an IP packet fits the specified parameters, it is allowed to pass through the firewall.
The rules also specify what is done with IP packets that are not allowed to pass through
the firewall.
Simple packet filter techniques require two firewall rules per connection.
• One rule for the query direction from the source to the destination.
• A second rule for the response direction from the destination to the source
Stateful Inspection Firewall
You only need to specify one firewall rule for the query direction from the source to the
destination. The second rule is added implicitly. The packet filter recognizes when, for
example, computer "A" is communicating with computer "B" and only then does it allow
replies. A query by computer "B" is therefore not possible without a prior request by
computer "A".
SCALANCE SC-600 Web Based Management (WBM)
Configuration Manual, 10/2021, C79000-G8976-C475-03
Access
Local access (vlan1) to the
device
1)
✓
✓
✓
Is rerouted to HTTPS
✓
--
✓
✓
✓
--
✓
--
Technical basics
3.8 Security functions
External access (vlan2) to
the device
✓
For the DHCP client function
--
--
--
✓
--
--
--
--
--
--
55
- Quick Links:
- Function
- Ip Address
Hide quick links:
Advertisement
Table of Contents
