User Manual

Intended Operation Environment (Including Deployment Options)

Tunneled Network Deployment

26 | 27

A6V11917731_en_b_41

Unauthorized Access and Manipulation of the Security-relevant

PACE Zone

In case of alarm, limited or no evacuation and personal injury due to corrupted

system.

● Create the communication from the MMS to the Cerberus PACE installation

using a secure network connection, for example with VPN.

The following requirements must be met for the components:

MMS

● It must not be part of the PACE zone.

● Establish a VPN connection with the router.

Router with firewall

● Use firewall to protect the PACE zone.

● A

direct

connection is established between the PACE zone with a dedicated

cable.

● VPN must be an endpoint.

NOTICE

Split tunneling must be disabled.

Novigo/Cerberus PACE – Plant

● Physically separated network or standalone station.

● Forms a PACE zone.

● Access to the PACE zone only through an external firewall.

● Configure the computer with PACE-Design as access point to the Cerberus

PACE – Plant.

● Configure a single route to the MMS using the computer with PACE-Design in

all the Ethernet subscribers of Cerberus PACE installation for one extended

network.

Computer with PACE-Design.

● Is part of the PACE zone.

● Has no connection to other networks or systems.

● A

direct

connection is established between the PACE zone and the component

in the protection zone.

● Can be connected to any PN2005.

Direct

means that both devices and their cable connection are visible at the same

time and thus a potential manipulation might be recognizable.