5 Firewall configuration using the example of a SCALANCE SC632-2C
Service Bridge – Setup and Configuration
Entry ID: 109747975, V1.4, 05/2019
Siemens AG 2019 All rights reserved
5 Firewall configuration using the example
of a SCALANCE SC632-2C
The purpose of the firewall is to protect the plant bus against unauthorized access
from the field. In the section below, the SCALANCE SC632-2C is thus configured
in such a way that it only allows communication if is initiated by selected sources in
the plant bus (e.g. the ES). This means that all the message frames stemming from
the field bus are rejected with the exception of response message frames.
5.1 Connecting the SCALANCE SC632-2C
SCALANCE SC632-2C has two interfaces, each of which is handled differently: In
this application example, the upper interface P1 is configured for the internal
protected network and the lower interface P2 is configured for the external network:
Interface P1
– Internal network, i.e. a network protected by SCALANCE SC.
Interface P2
– External network, i.e. unprotected network sector
To protect the system against unauthorized access from the plant bus, the plant
bus is defined as a protected network (internal network), i.e., connected to
Interface P1 (1), whereas the field bus is considered an unprotected network
(External Network), i.e., connected to Interface P2 (2).
Figure 5-1