Manualshelf

User Documentation

ManualsBrandsWeidmueller ManualsAutomation & SoftwareIE-SR-4TX-LTE/4G-EU
71727374757677787980
Version 1.2 / August 2020 Page 80 / 102
A4 Firewall application example: Securing the access to Modbus TCP
devices by Layer-2 firewall rules
Task: The communication between Modbus Master devices and Modbus slave devices inside of the same
switched network shall be controlled and secured by Firewall rules.
The Router shall act as a Layer-2 firewall (controlling MAC-based Ethernet frames) and being trans-
parent for the devices inside of the switched network.
Figure 15: Example network topology
Communication requirements / restrictions:
1. Access from each Modbus Master to any Modbus Slave is allowed (based on Protocol TCP / Port 502,
independent of used IP addresses).
2. The PTP communication (precision time protocol) - initiated from devices at LAN port side shall be al-
lowed (Protocol UDP / Ports 319 and 320).
3. Any NTP communication (network time protocol) initiated from devices connected at LAN or WAN port
shall be allowed (Protocol UDP / Port 123).
4. Any other communication shall be blocked.
Starting situation:
- The router is set to factory default values.
- The configuration PC is connected to Router’s LAN port.
- Router is accessible via IP address 192.168.1.110 (User: admin, PW: Detmold).
Figure 16: Display of initial web page after login (Menu System state)