Controls Network Security; Remote Access; Local Access - AutomationDirect StrideLinx SE-SL30011 User Manual

Linx
Appendix E: StrideLinx Network Security
this mode include all standard Cloud functionality except VPN connection. The user has
access to the router, but not to the LAN devices behind the router. So, programming software
and other tools that require being on the local area network will not work in this mode. Two
features that are supported in clientless access mode are VNC server & web server access by
creating a shortcut on the Info tab of the router. This shortcut creates a secure port forward
from the LAN port to the VPN tunnel. The shortcut allows users to access all of the features
included on the LAN devices' VNC or web servers in a secure manner. Clientless access mode
is protected by TLS1.2, but does not pass through the VPN tunnel from the cloud server to
the remote user.
The second option for users to connect is by PC/laptop to the Cloud by VPN, allowing full
local area network access. This method requires users log in to the Cloud through a web
browser and have the VPN client installed on their PC. Upon a verified request from the
remote user, the VPN client connects to the cloud server, providing a full VPN connection
from remote user (PC) to the router. Once both connections have been made, all data passing
through this VPN tunnel is secure.

Controls Network Security

Remote access

The StrideLinx router is equipped with a built-in firewall that completely separates the WAN
port (company network) from the LAN ports (controls network). The firewall blocks all
communication except for authorized and encrypted data verified by a valid certificate. This
means that only authorized users can access the controls network via our StrideLinx Cloud.

Local access

Default settings allow for zero communication from the company network to the controls
network (and vice versa). The StrideLinx router is configurable to allow communication from
the controls network to the company network, to the internet, or both. Authorization under
this scenario is by means of the firewall section of the Configuration in the StrideLinx Cloud.
There are three types of port forwarding supported in the StrideLinx router: LAN→WAN,
WAN→LAN, VPN→LAN.
• LAN→WAN options allow access from the LAN to the corporate network or the
internet. This option is needed if you are accessing an FTP or mail server on the
corporate network or cloud. This option maintains good security practice if the corporate
router is in place with strong security measures.
• WAN→LAN options allow access by port forwarding to incoming traffic.
• VPN→LAN port forwarding provides a secure port forward inside the encrypted VPN
tunnel so that S trideLinx users can access the HTTP server or VNC server of their
control network devices by shortcut services in the StrideLinx Cloud. This feature
allows the clientless access mode for mobile & PC users as described in the "Solutions
Explained" section above.
StrideLinx™ Cloud 2.0 Industrial VPN Routers User Manual
WARNING: This is usually not recommended as it opens specific ports to anyone on the internet
and could make the control network unsecure.
1st Edition Rev. C
E-4