In order to protect the LAN network (machine network) you need to define the LAN addresses that need to be accessible.
▪The first step in creating a protected LAN network is to create the LAN device(s) that has (have) to be accessible.
The path to LAN-device creation is: Ewons > select Ewon from list > Properties > LAN & Firewall > Configure LAN devices & Firewall...
The Devices & Firewall page opens:
▪Click on Add LAN device... (link or button)
The LAN Device page opens.
In this page you give a name to your LAN device, specify its IP address and optionnaly write a description.
For the Port field select if all protocols are open or if only protocol-specific ports will remain open.
To limit the access to a specific protocol, inside the Specific Protocol list select the protocol you want to allow on the device. As for example ISOTCP (Siemens) or EIP (Rockwell).
You can also define custom ports using following syntax:
T405 => TCP port 405
U9600 => UDP port 9600
T443,U1194 => TCP port 443 & UDP port 1194
The Visible in M2Web, defines whether the device will be visible or not using M2Web access.
If the device is visible and depending on the configuration, the "Visible in M2Web" will ask for details regarding
●The protocol to use for this device. The selection can be made between 4 choices: HTTP, HTTPS,VNC or RDP
●The home page which refers to the URL that will be generated when clicking on the device's name in M2Web. Th URL can contain anchors and/or arguments.
In the Permissions area you can define which user group(s) is/are allowed to connect to the device. By default, all users that have access to this Ewon will also have access to this device. But if required you can limit the access for a specific user group only.
After encoding this information, the Firewall slider is automatically shifted to position High because this is the position required to activate the firewall protection at the LAN side.
The new LAN device appears with a closed padlock under the structure of the relevant Ewon:
The properties of the LAN device can be edited afterward by clicking Properties.
PLC Discovery
The LAN Device section is also the place to configure the PLC Discovery.
The PLC discovery feature makes it possible to display devices (in the PLC connection software) that support broadcast or multicast messages and that are connected to a remote network while the user is being connected to this remote network through Talk2M VPN connection.
Note: This feature is available on the Ewon only if its firmware is >= v12
By default, the PLC Discovery feature is activated in eCatcher.
When the firewall is set on Standard, the feature will not be displayed. But if it is changed to High, Enforced or Ultra, a new option lien will appear underneath the LAN heading and will make it possible to disable it.
For more information about the PLC Discovery on the Ewon, please refer to the AUG-070: PLC Discovery through Talk2M