In order to protect the LAN network (machine network) you need to define the LAN addresses that need to be accessible.
▪The first step in creating a protected LAN network is to create the LAN device(s) that has (have) to be accessible.
The path to LAN-device creation is: eWONs > select eWON from list > Properties > LAN & Firewall > Configure LAN devices & Firewall...
The Devices & Firewall page opens:
▪Click on Add LAN device... (link or button)
The LAN Device page opens.
In this page you give a name to your LAN device, specify its IP address and optionnaly write a description.
For the Port field select if all protocols are open or if only protocol-specific ports will remain open.
To limit the access to a specific protocol, inside the Specific Protocol list select the protocol you want to allow on the device. As for example ISOTCP (Siemens) or EIP (Rockwell).
You can also define custom ports using following syntax:
T405 => TCP port 405
U9600 => UDP port 9600
T443,U1194 => TCP port 443 & UDP port 1194
The Visible in M2Web, defines whether the device will be visible or not using M2Web access.
In the Permissions area you can define which user group(s) is/are allowed to connect to the device. By default, all users that have access to this eWON will also have access to this device. But if required you can limit the access for a specific user group only.
After encoding this information, the Firewall slider is automatically shifted to position High because this is the position required to activate the firewall protection at the LAN side.
The new LAN device appears with a closed padlock under the structure of the relevant eWON:
The properties of the LAN device can be edited afterward by clicking Properties.