Skip to Content
Skip over Language Selection
Skip over Primary Navigation
Skip over secondary navigation
Publishers Area
Skip over Contact, Sitemap
Skip over Search
[Advanced]
http://www2.sea.siemens.com | FAQ - Security | 2007-10-01
print
A: The firewall functionality of SCALANCE S has the task of protecting the internal network from influences or disturbances from the external network. This means that; depending on the configuration, only certain previously specified communication relations between network nodes from the internal network and network nodes from the external network are allowed.
All network nodes located in the internal network segment of a SCALANCE S are protected by its firewall. The firewall functionality can be configured for the following protocol levels:
IP firewall with stateful packet inspection
Firewall also for Ethernet "non-IP" frames according to IEEE 802.3; (Layer 2 frames)
Firewall rules for data traffic in the following directions:
from the internal to the external network and vice versa
from the internal network into an IPSec tunnel and vice versa (S612/S613)
A: Yes. the Scalance S602 works as a router. With the Scalance S602 in the routing mode, one can separate the internal network from the external network based on the analysis of the IP addresses. The internal network separated by SCALANCE S602 therefore becomes a separate subnet.
Packets intended for an existing IP address in the subnet (internal or external) are forwarded. The firewall rules for the direction of transmission also apply. For this mode, you must also configure an IP address for the internal subnet.
NAT/NAPT routing
In this mode, the IP addresses are also converted. The IP addresses of the devices in the internal subnet are mapped to external IP addresses and are therefore not "visible" in the external network. For this mode, you configure the address conversion in a list. One can assign an external IP address to an internal address. Depending on the method one may want to use, the following applies to the assignment:
NAT (Network Address Translation) The following applies here: Address = IP address
NAPT (Network Address Port Translation) The following applies here: Address = IP address + port number
A: Yes, the Scalance S602 can work as a DHCP server. One can operate SCALANCE S on the internal network as a DHCP server. This allows IP addresses to be assigned automatically to the devices connected to the internal network. The IP addresses are assigned either dynamically from an address band you have specified or you can select a specific IP address for a particular device.
A: The Scalance Security appliance (S612 & S613) can be used to connect two or more internal networks to each other. This happens physically over the external network in such a way that messages from a protected device to another one are sent over the unprotected external network through a secure tunnel. In order to safeguard the confidentiality of the data, the security module can build up a VPN tunnel based on IPsec. When several bilateral tunnels are combined we call the resulting network a VPN. For the communication over a VPN the security appliances are collected in groups. For each VPN there is a so called network certificate with corresponding private key that identifies the VPN. Each security appliance that belongs to the VPN holds a certificate which is signed with the private key of the network certificate.. The VPNs are based on IPsec and use the IKE protocol for the key management.
Contact & Local Partner
Pre-sales Information
Support
Technical Information
Training