Technical basics
3.8 Security functions
SCALANCE SC-600 Web Based Management (WBM)
Configuration Manual, 10/2021, C79000-G8976-C475-03
55
The firewall is enabled by default. In the delivery state (factory setting), the configuration
of the predefined IPv4 rules is as follows:
Service
Local access (vlan1) to the
1)
External access (vlan2) to
For the DHCP client function
The security functions of the device include a stateful inspection firewall. This is a
method of packet filtering or packet checking.
The IP packets are checked based on firewall rules in which the following is specified:
• The permitted protocols
• IP addresses and ports of the permitted sources
• IP addresses and ports of the permitted destinations
If an IP packet fits the specified parameters, it is allowed to pass through the firewall.
The rules also specify what is done with IP packets that are not allowed to pass through
the firewall.
Simple packet filter techniques require two firewall rules per connection.
• One rule for the query direction from the source to the destination.
• A second rule for the response direction from the destination to the source
Stateful Inspection Firewall
You only need to specify one firewall rule for the query direction from the source to the
destination. The second rule is added implicitly. The packet filter recognizes when, for
example, computer "A" is communicating with computer "B" and only then does it allow
replies. A query by computer "B" is therefore not possible without a prior request by
computer "A".
To Next Page
Loading...
