Configuration
Configuring the Ethernet connections
6
35
Building Technologies
A6V10403182_a_en
Fire Safety & Security Products
30.09.2014
6.5
Configuring the Ethernet connections
1. In the Firewall folder, expand the subtree of the NK8237 node.
2. Select the Ethernet #1 node (ETH1 external network), to be used for the
external network and the configuration download from NS8011 BACnet driver.
3. Select the Node tab.
4. In the form on the right pane, you must enter:
- IP address.
- Subnet mask.
- Default gateway (optional, it may be left = “0.0.0.0” if not used).
- If NAT (Network Address Translation) is used on the network, enable it and
enter the external IP address (NAT address) of the NK8237.
5. Repeat steps 2 through 4 for the Ethernet #2 node (ETH2 internal network), to
be used for the internal network.
6.6
Configuring the firewall
1. Select the NK8237 node.
2. In the Firewall tab, select the Enable Firewall check box.
3. Select the firewall configuration from the Select the configuration drop-down
list.
- Stand Alone Firewall: a single NK8237 is protected from intrusions coming
from the external network. The router functionality is not enabled.
- Edge Firewall (ETH1 as ext network) or Edge Firewall (ETH2 as ext
network): the selected Ethernet port (ETH1 or ETH2) acts as external
network, the other Ethernet port (ETH2 or ETH1, respectively) acts as
internal network. This means that the NK8237 units are protected from
intrusions coming from the external network, while all the traffic from the
internal network to the firewall and to the external network is allowed. In
this case the router functionality is automatically enabled. This
configuration can be used with two separated networks connected to the
NK8237 unit.
- Edge Firewall (ETH1 as ext network) advanced or Edge Firewall (ETH2 as
ext network) advanced: the Edge Firewall
advanced configurations allow to
customize the standard Edge Firewall configuration by specifying additional
options.
4.
(optional) Configure additional options (available for Edge Firewall (ETH1 as
ext network) advanced and Edge Firewall (ETH2 as ext network) advanced
configurations):
- Enable NK823X Ports, to enable the required predefined ports (snmp,
https, DMS8000, DMS8000 RPT, Modbus, BACnet), otherwise all ports are
closed by default.
- Custom Ports, to add additional custom UDP or TCP ports (you can
add/delete custom ports by using the Add and Delete buttons).
- Source IP Address and Destination IP Address, to add IP addresses from
devices on the external network (as source) and from devices on the
internal network (as destination) and allow such devices to communicate
(from source to destination). Note that an empty list means that all IPs are