26 Rockwell Automation Publication 1783-UM010C-EN-P - June 2019
Chapter 2 Industrial Firewall Use Cases
Figure 8 - Industrial Firewall Placement for Machine/Skid Protection
Routed Mode
NAT
The ASAFirePOWER module supports the use of NAT in both transparent
and routed mode. In most IACS environments, NAT is only be applied when
the IFW is configured for routed mode, which is used when the interfaces are
assigned to different networks. In most IACS NAT applications, the designer
wants to assign different networks to the ingress and egress interfaces because
they wish to reuse the inside or private IP addresses.
Address translation substitutes the real address in a packet with a mapped
address that is routable on the destination network. NAT is composed of two
steps: the process by which a real address is translated into a mapped address,
and the process to undo translation for returned traffic.
The IFW translates an address when a NAT rule matches the traffic. If no NAT
rule matches, processing for the packet continues
Considerations
Before implementing the IFW in a machine/skid protection architecture, we
recommended that the designer understand and document:
To Next Page
Loading...