LAPP ETHERLINE NF04T Скачать руководство пользователя страница 31

Страница: 31 / 52

ETHERLINE

ACCESS NF04T | Version 1 | 04/16/20

In the bridge mode, all ports are initially blocked for “WAN-to-LAN” data transfer for security reasons!

In order to enable access, packet filter rules must be created
or the default action for the packet filters be set to “Accept”.
See the following chapter.

The “LAN to WAN” data transfer is initially always released but can also be
limited by packet filters or the default action.

7.3

Packet filter “WAN to LAN”

The packet filters enable the limitation of access between the

production network (WAN) and the machine network (LAN).

For example, it can be configured that only certain participants from the

production network may exchange data with defined participants from

the automation cell.

The following filter criteria on layers 3 and 4 are available: IPv4 addresses, protocol (TCP/UDP), and ports.

Note: The packet filters are always also available in the direction “LAN to WAN”, see chapter XX.

Select the “WAN to LAN” menu point in the “Packet Filter” menu.

With the “Default Option” you can set whether all frames are generally allowed (“Accept”) and only special packets

are filtered (“Blacklisting”), or whether all frames are generally prohibited (“Reject” / “Drop”) and only those frames

are allowed to pass through that correspond with the filter rules (“Whitelisting”).

If you initially don’t wish to filter, set the default action to “Accept”.

In order to limit access to the machine network to certain participants in the WAN, set the default action to “Reject”

or “Drop”. In the case of prohibited frames from the WAN, “Reject”

sends an error message in response, while “Drop” rejects the frame

without sending an error message.

Содержание ETHERLINE NF04T

Страница 1: ...itzsch Stra e 25 70565 Stuttgart Phone 49 0 711 7838 01 Fax 49 0 711 7838 2640 info lappkabel de www lappkabel com ETHERLINE ACCESS NF04T Industrial NAT Gateway und Firewall Manual Version 1 16 04 20...

Страница 2: ...nt license conditions We can send you the corresponding license conditions including a copy of the complete license text together with the product They are also provided in our download area of the re...

Страница 3: ...ranty 9 2 Security recommendations 10 3 Overview 11 3 1 Setup 11 3 2 Connection of the power supply 12 3 3 LEDs status information 12 4 Initial access to the web interface 13 4 1 Initial registration...

Страница 4: ...1 Application with step 7 38 10 2 Use in the TIA portal 39 11 Other functions 41 11 1 DHCP server for LAN 41 11 2 Host name WAN 42 11 3 Syslog server 42 11 3 1 Syslog local 42 11 3 2 Syslog remote 43...

Страница 5: ...figuration execution and operating errors can interfere with the proper operation of the ETHERLINE ACCESS NF04T and result in personal injury as well as material or environmental damage Only suitably...

Страница 6: ...of people from electrical voltage If the hazard warning is ignored there is a probable danger to life and health of people from electrical voltage If the hazard warning is ignored people can be injure...

Страница 7: ...situations on machinery and systems Successful and safe operation of the device requires proper transport storage setup assembly installation commissioning operation and maintenance The ambient condit...

Страница 8: ...ousing to discharge static electricity Only work with discharged tools Do not touch components and assemblies on contacts 1 6 4 Overcurrent protection Overcurrent protection isn t necessary as the dev...

Страница 9: ...lity for any printing errors or other inaccuracies that may appear in the operating manual unless there are serious errors of which U I Lapp GmbH was already demonstrably aware Beyond the instructions...

Страница 10: ...the ICS Security Compendium of the Federal Office for Information Security BSI https www bsi bund de SharedDocs Downloads DE BSI ICS ICS Security_kompendium_pdf html Physical access Limit physical ac...

Страница 11: ...ifferent networks for this purpose Features of the ETHERLINE ACCESS NF04T NAT Basic NAT SNAT NAPT and port forwarding for network segmentation Bridge functionality for securing network areas with iden...

Страница 12: ...ockets are switched and are for the connection of the internal network The inputs IN1 and IN2 do not yet have a function in the current firmware version but will be available in a later firmware versi...

Страница 13: ...T Start control panel Network and sharing settings Adapter settings LAN connection properties Internet protocol version 4 Now connect a patch cable with the LAN connection of your PC and one of the LA...

Страница 14: ...ue button the password is stored in the device and you will be forwarded to the Overview page of the ETHERLINE ACCESS NF04T The main user is always admin In addition to the main user admin the it user...

Страница 15: ...contains an overview of the most important settings and information of the ETHERLINE ACCESS NF04T The topmost line contains the menu with the functions for configuration Please check at the website of...

Страница 16: ...The web interface is also suitable for use on tablets and smartphones Responsive design Please note that web access to the ETHERLINE ACCESS NF04T is equipped with inactivity monitoring for security r...

Страница 17: ...sic NAT also known as 1 1 NAT or Static NAT is the translation of individual IP addresses or of complete IP address ranges With the help of port forwarding it is possible as an alternative to configur...

Страница 18: ...the separation of part of the production network without using different network addresses If bridge is your planned application case please continue reading in chapter 7 Machine network 10 10 1 0 24...

Страница 19: ...ot indicated 0 0 0 0 then communication of devices in the LAN with the Internet is prevented Optionally the WAN IP settings the DNS server and the standard gateway can also be acquired per DHCP The en...

Страница 20: ...an alternative to entering the IP address a DHCP client can also be activated for the WAN interface The use of the DHCP client presumes that a DHCP server is active in the WAN network The IP settings...

Страница 21: ...ach entry is confirmed with the message Rule added successfully Machine network 192 168 10 0 24 192 168 10 1 192 168 10 2 192 168 10 50 192 168 10 100 192 168 10 5 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 0 1...

Страница 22: ...a rule In the case of a Basic NAT rule all ports for WAN to LAN data transfer are initially blocked for this rule for security reasons In order to enable access packet filter rules must be created or...

Страница 23: ...ine network to certain participants in the WAN set the default action to Reject or Drop In the case of prohibited frames from the WAN Reject sends an error message in response while Drop rejects the f...

Страница 24: ...with one another An IP range can be defined with a dash 10 10 1 10 10 10 1 20 A list of IP addresses is indicated with commas 10 10 1 10 10 10 1 15 10 10 1 20 Action defines whether this rule allows...

Страница 25: ...ough 6 6 Packet filter LAN to WAN In the basic state data traffic is permitted for devices from the machine network LAN to the production network WAN without limitations Default Action Accept In the L...

Страница 26: ...ts needs the ETHERLINE ACCESS NF04T LAN IP as gateway This is a considerable advantage when integrating into existing network structures since the parameters no longer have to be changed here Machine...

Страница 27: ...t gateway for every device connected to LAN If the NAPT option is deactivated the query packets from the LAN are forwarded from the LAN to the WAN with their original sender IP and sender port Machine...

Страница 28: ...IP The IP address to be addressed in the machine network LAN Internal Port The port of the device to be addressed in the machine network LAN Comment Freely definable comment Machine network 192 168 1...

Страница 29: ...and Basic NAT can be used simultaneously in the NAT operating mode If with the packet filters WAN to LAN default action is set to Reject or Drop the corresponding packet filter rules for access must...

Страница 30: ...s is necessary when devices from the LAN should reach the Internet via the ETHERLINE ACCESS NF04T If these are not indicated then communication of devices in the LAN with the Internet is prevented The...

Страница 31: ...omation cell The following filter criteria on layers 3 and 4 are available IPv4 addresses protocol TCP UDP and ports Note The packet filters are always also available in the direction LAN to WAN see c...

Страница 32: ...ield A list of ports is indicated separated by commas 80 443 1194 A port range can be indicated with a colon 4000 5000 or 1 65535 for all ports Combinations of this are also possible 80 443 4000 5000...

Страница 33: ...ction is Accept a block can be defined in the filter rules with Reject or Drop for certain devices Blacklisting A maximum of 128 packet filter rules per direction WAN to LAN and LAN to WAN can be defi...

Страница 34: ...N with devices in the production network WAN can be completely prohibited or be blocked or allowed for particular devices 7 6 ICMP Traffic LAN to WAN With the ICMP Traffic option you can generally all...

Страница 35: ...ers in the ETHERLINE ACCESS NF04T As soon as the first MAC address is entered in the MAC filter mode Whitelist only frames from this MAC address are allowed through irrespective of all other packet fi...

Страница 36: ...e 2 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 Internal External Machine 1 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 Internal...

Страница 37: ...can also function in adapted form for other applications Maschinennetzwerk 192 168 10 0 24 192 168 10 1 192 168 10 2 192 168 10 50 192 168 10 100 192 168 10 5 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 0 1 2 3...

Страница 38: ...outer for the CPU in the project In order to be able to reach a CPU via an alternative IP address this can be entered in the menu Destination system in the dialog Access address This address remains a...

Страница 39: ...device in the menu under Online or where necessary Connect expanded online Click on Access Address and enter the WAN IP address specified for the device CPU in the ETHERLINE ACCESS NF04T in Basic NAT...

Страница 40: ...4T with NAPT and port forwarding only one CPU can be reached as the Simatic Manager TIA portal always accesses the CPU with the non adjustable port 102 The search via the Siemens function reachable pa...

Страница 41: ...at can be used by the DHCP server Lease Time s Time in seconds until the DHCP entry is rejected when the device is no longer logged in The Standard Lease Time is 86 400 seconds 1 day The Lease Time ca...

Страница 42: ...unction the DHCP lease is approved and a new one requested 11 3 Syslog server The Syslog server installed in the ETHERLINE ACCESS NF04T logs all user and system events with time of day and date User e...

Страница 43: ...ning The IP address of the host and the port can be indicated here 11 4 Change password User management In the Password menu the password of the administrator admin can be changed the additional users...

Страница 44: ...hange password of the it user Edit date and time settings All other settings are ReadOnly machine user access rights Access to the ETHERLINE ACCESS NF04T exclusively via the LAN interface Change to th...

Страница 45: ...up of the ETHERLINE ACCESS NF04T configuration website in addition to the HTTPS encoding is also trustworthy 11 6 Allow web interface access over WAN network Web Interface Access For security reasons...

Страница 46: ...f day can be set either manually or be derived automatically from a SNTP server Simple Network Time Protocol The manually set time of day is not saved in the event of a power failure SNTP should be us...

Страница 47: ...n existing configuration for a new ETHERLINE ACCESS NF04T with a similar application The configuration files have the file ending CFG Example of a ETHERLINE ACCESS NF04T configuration file general rou...

Страница 48: ...d checked in the ETHERLINE ACCESS NF04T If the content is correct the firmware is burned into the program memory and a restart of the ETHERLINE ACCESS NF04T takes place Operation of the ETHERLINE ACCE...

Страница 49: ...in the process 13 1 Resetting to factory settings via the website Select the menu point Factory Reset in the Device menu Press the Factory Reset button and confirm with the confirmation prompt 13 2 R...

Страница 50: ...AT operating mode the LAN address of the ETHERLINE ACCESS NF04T must be entered in the CPU as a router in order that the answers of the CPU find their way back to the PC in the WAN You can find more i...

Страница 51: ...APT Packet filter IPV4 addresses protocol TCP UDP ports WAN to LAN and LAN to WAN separate MAC addresses black whitelisting Status indicator 4 LEDs function status 8 LEDs Ethernet status Voltage suppl...

Страница 52: ...ETHERLINE ACCESS NF04T Version 1 04 16 20 52 15 2 Dimensioned drawing...

Результаты поиска

Содержание ETHERLINE NF04T

Отзывы:

Похожие инструкции для ETHERLINE NF04T

Бренды по названию

Популярные бренды

LAPP ETHERLINE NF04T, Руководство пользователя

Результаты поиска

Содержание ETHERLINE NF04T

Отзывы:

Похожие инструкции для ETHERLINE NF04T

Бренды по названию

Популярные бренды