Need help?Do you have a question about the Alstom DS Agile C26 Series and is the answer not in the manual?
Configure the Firewall usage in SCE. Parameter can be set to Yes (Enabled) or No (Disabled).
SCS level sets the value of attributes Firewall Usage, defining access rights and system parameters.
Computer level defines IP addresses for Sbus (ETH1) and Maintenance (ETH2) ports for network configuration.
Details network separation requirements for SBUS and maintenance access points using firewall functionality.
When Firewall is enabled, SBUS network is managed by Eth1. Maintenance features are available on Eth2 or Eth1 depending on boot mode.
When Firewall is disabled, SBUS network is managed by Eth1, and maintenance access is allowed on both Eth1 and Eth2.
Firmware upgrade commands must start in Bootrom boot on Eth1, including Update BootRom, Flash Format, and BootInstall.
The DS Agile C26x is a device that provides network separation and enhances security by enforcing firewall usage. This addendum to the technical manual covers system versions from 5.1.0 to 5.1.7 and provides instructions for installation, commissioning, and operation of the DS Agile C26x. It is crucial to refer to the System Release Notes for new features and to contact Alstom technical sales office for any questions or specific problems, as the guide cannot cover all conceivable circumstances or include detailed information on all topics. Any agreements, commitments, legal relationships, and obligations on the part of Alstom, including settlement of warranties, result solely from the applicable purchase contract and are not affected by the contents of this guide.
The primary function of the DS Agile C26x is to implement network separation through firewall usage, thereby enhancing security and reducing the risk of intrusions. This device utilizes configuration settings within the System Configuration Editor (SCE) to manage the firewall function. The network separation is specifically applied between the Eth 1 Sbus network and the Eth 2 Maintenance access network.
The firewall usage function is activated under specific conditions:
If there is no operational database on the C26x BCU, the firewall function is disabled.
The C26x BCU requires specific network configurations for the firewall usage function:
The firewall usage is configured at two levels within the SCE:
SCS Level: At the SCS (Substation Control System) level, the Firewall Usage attribute can be set to either Yes (Enabled) or No (Disabled). This setting determines the overall firewall status for the system.
Computer Level: The computer level defines the IP addresses for the Sbus port (Eth1) and the Maintenance port (Eth2).
It is critical that the IP addresses for Eth1 and Eth2 are set in different subnets via the CMT (Configuration Management Tool). The configured IP addresses must match those of the C26x BCU.
The DS Agile C26x manages network separation between the SBUS and Maintenance Access Point based on the firewall usage setting:
Firewall Usage Set to YES (Enabled):
Firewall Usage Set to NO (Disabled):
The CMT tool is used for several maintenance-related configurations:
The host IP address provides the C26x BCU with the IP address of the PC containing the C26x software. Software upgrades are only available from Eth1. The host IP address must be defined within the sub-network of Eth1.
The host IP address provides the C26x BCU with the IP address of the PC from which to retrieve settings. This address must be set to the IP address of the PC supporting Micom S1 in the sub-network of Eth2.
The firewall usage function has specific limitations:
Commands for firmware upgrades must initiate in Bootrom boot on Eth1. These commands include:
General| Brand | Alstom |
|---|---|
| Model | DS Agile C26 Series |
| Category | Control Systems |
| Language | English |
To Next Page