100 Rockwell Automation Publication 1783-UM010C-EN-P - June 2019
Chapter 8 Firewall Modes
Considerations
Before implementing the IFW in a redundant star architecture, it is
recommended that the designer understands and documents the following.
• Ingress and egress traffic source and destination host communications.
For example, IP addresses of controllers, HMI, engineering
workstations, and all communications that enter or leave the
machine/skid must be known so firewall and DPI security policies can
be configured.
• Ingress and egress traffic source and destination protocols must be
known to configure the firewall and DPI rules.
• Ingress and egress traffic volume.
• Redundancy and availability requirements. For example, when the IFW
is configured with trunk ports, then hardware bypass mode is not
available in this architecture.
Ring Cell/Area Zone Protection
The ring cell/area zone protection use case is used to monitor and apply
security policies to a ring. As shown in Figure 28
, two Transparent Mode
firewalls are placed between the distribution switches and the ring.
To Next Page
Loading...