28 Rockwell Automation Publication 1783-UM010C-EN-P - June 2019
Chapter 2 Industrial Firewall Use Cases
Redundant Star Cell/Area
Zone Protection
When a redundant star network configuration is required to meet redundancy
requirements, the IFW can be built in a manner to support redundant Layer 2
EtherChannel links. In Figure 9
, the IFW is placed between the distribution
switch and the plant floor equipment. This architecture is typically used when
the IFW monitors or blocks traffic at a higher level in the network
architecture, and a redundant star network is designed or deployed.
Figure 9 - Industrial Firewall Placement for Redundant Star Cell/Area Zone Protection
Considerations
Before implementing the IFW in a redundant star architecture, we recommend
that the designer understands and documents:
• Ingress and egress traffic-source and destination-host
communications. For example, IP addresses of controllers, HMI,
engineering workstations, and all communications that enter or leave
the machine/skid must be known so firewall and DPI security
policies can be configured.
• Ingress and egress traffic source and destination protocols must be
known to configure the firewall and DPI rules.
• Ingress and egress traffic volume (refer to performance subsections
within the Industrial Firewall Deployment Considerations
section)
To Next Page
Loading...