Rockwell Automation Publication 1783-UM010C-EN-P - June 2019 27
Industrial Firewall Use Cases Chapter 2
• Ingress and egress traffic-source and destination-host
communications. For example, IP addresses of controllers, HMI,
engineering workstations, and all communications that enter or leave
the machine/skid must be known so firewall and DPI security
policies can be configured.
• Ingress and egress traffic source and destination protocols must be
known to configure the firewall and DPI rules.
• Ingress and egress traffic volume (refer to performance subsections
within the Industrial Firewall Deployment Considerations
section)
• Redundancy and availability requirements. For example, when
considering high availability, one must consider the security
considerations while in hardware bypass mode.
• Hardware bypass is only supported when the IFW is placed inline
with an access link. When the IFW is placed inline with a trunk link,
hardware bypass is not supported.
To Next Page
Loading...