Firewall - Siemens SIMATIC NET SCALANCE S615 Configuration Manual

Technical basics
3.5 Security functions
3.5.2

Firewall

3.5.2.1 Firewall
The security functions of the device include a stateful inspection firewall. This is a method of
packet filtering or packet checking.
The IP packets are checked based on firewall rules in which the following is specified:
● The permitted protocols
● IP addresses and ports of the permitted sources
● IP addresses and ports of the permitted destinations
If an IP packet fits the specified parameters, it is allowed to pass through the firewall. The rules
also specify what is done with IP packets that are not allowed to pass through the firewall.
Simple packet filter techniques require two firewall rules per connection.
● One rule for the query direction from the source to the destination.
● A second rule for the response direction from the destination to the source
Stateful Inspection Firewall
You only need to specify one firewall rule for the query direction from the source to the
destination. The second rule is added implicitly. The packet filter recognizes when, for example,
computer "A" is communicating with computer "B" and only then does it allow replies. A query
by computer "B" is therefore not possible without a prior request by computer "A".
You configure the firewall in "Security > Firewall".
Note
IP packets via layer 2 (within the same VLAN)
If the IP packets from the device are sent via a switch port (layer 2), these IP packets are not
checked based on firewall rules. The firewall has no effect on packets forwarded at the layer 2
level.
42
SCALANCE S615 Web Based Management
Configuration Manual, 11/2019, C79000-G8976-C388-08