User Guide
Table Of Contents
Intended Operation Environment
Tunneled Network Deployment
4
A6V11979523_en_b
23 | 26
Component requirements
MMS
● Is not part of the NK823x Protected Zone.
● Is at the same time connected with an untrusted network (for example, a
WAN).
● A direct connection with a dedicated cable is done with the router of the
untrusted network.
● Initiates a VPN connection to the NK823x zone border protection component.
Zone Boundary Protection
● Use firewall to protect the Protected Zone.
● A direct connection with a dedicated cable is done from the router of the
untrusted network to boundary of the NK823x Protected Zone.
NK823x Device
● Physically separated network or stand-alone station.
● Forms a Protected Zone.
● Protected Zone is accessed only through an external firewall.
● The computer with MMS must be configured as access point to the NK823x
device
● A single route to the MMS must be configured using the computer with MMS in
all the Ethernet subscribers of NK823x device for one extended network.
Direct means that both devices and their cable connection are visible at the same
time and thus a potential manipulation might be recognizable.
NOTICE
Split tunneling must be disabled.