GE Multilin D400 Instruction Manual page 144

Substation gateway

Hide thumbs Also See for Multilin D400:

Hardware user manual (124 pages)

Quick start manual (3 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

page of 192

/ 192
Contents
Table of Contents
Bookmarks

Table of Contents

144

Network interfaces can operate in one of two modes:

•

Internal

The Internal mode permits traffic from known protocols and should only be enabled

on interfaces connected to known devices only. The Internal mode is the default mode

for Net1 and would typically be used when the interface is connected to the

substation LAN.

•

External

The External mode offers a stricter set of rules and is the default mode for all

interfaces except Net 1. The External mode would typically be used when the interface

is connected to a WAN.

By default, the firewall allows outbound traffic on internal interfaces and blocks all

outbound traffic except outbound SSH on external interfaces. If you want the firewall to

allow outbound traffic for a particular protocol on an external interface you must create a

"custom" rule. See section: "Add/Edit/Remove Custom Rules" on page 145.

By default, the firewall blocks inbound traffic on both internal and external interfaces. The

D400 automatically generates rules allowing inbound traffic on internal interfaces for all

configured services. If you want the firewall to allow inbound traffic on an external

interface, you may modify the associated "generated" rule to allow the traffic on ALL

interfaces rather than only the "Internal" interface. See section: "Add/Edit/Remove Custom

Rules" on page 145.

Table 34: Service traffic through the firewall

Service Name

Modbus/TCP Server (Inbound)

DNP/UDP Server (Inbound)

DNP/TCP Server (Inbound)

DNP/TCP Client (Inbound)

DNP/UDP Client (Inbound)

IEC 60870-5-104 Server (Inbound)

Terminal Server (Inbound)

DCA Pass-Through (Inbound)

Secure Connection Relay (Inbound)

Secure DCA Pass-Through (Inbound) SSL/TLS Enabled

Secure Terminal Server (Inbound)

SNMP Client (Inbound)

LogicLinx Executor (Inbound)

HTTP (Inbound)

HTTPS (Inbound)

DHCP Client (Inbound)

Telnet Server (Inbound)

FTP Client/Server (Active & Passive,

Inbound)

SSH/SFTP/SCP Server (Inbound)

TFTP Client (Inbound)

NTP Client (Inbound)

NTP Server (Inbound)

SSH/SFTP/SCP (Outbound)

All other services (Outbound)

GE INFORMATION

CHAPTER 12: USING THE D400 LOCAL CONFIGURATION UTILITY

Notes

Dual Endpoint Enabled

SSL/TLS Disabled

SSL/TLS Enabled

When enabled in d400cfg

When enabled in d400cfg,

see note below

When enabled in d400cfg

When enabled in d400cfg,

see note below

When enabled in d400cfg

Don't Care

D400 SUBSTATION GATEWAY INSTRUCTION MANUAL

External Mode Internal Mode

Deny

Allow

Deny

Allow

Deny

Allow

Deny

Allow

Deny

Allow

Deny

Allow

Deny

Allow

Deny

Allow

Deny

Allow

Deny

Allow

Deny

Allow

Deny

Allow

Deny

Allow

Deny

Allow

Deny

Allow

Deny

Allow

Deny

Allow

Deny

Allow

Deny

Allow

Deny

Allow

Table of Contents

Show Quick Links

Quick Links:
Upgrade Your D400 Firmware

Hide quick links:

Table of Contents

GE Multilin D400 Instruction Manual page 144

Hide quick links:

Related Manuals for GE Multilin D400

Related Products for GE Multilin D400

Table of Contents