Firewall settings
The integrated firewall allows to easily define and apply policies to the VPN traffic. This improves security and reduces traffic between Runtime and the
FactoryTalk Remote Access
Tools. A firewall policy needs to be configured before application. FactoryTalk Remote Access
features a rich pre-defined policy library that is available and maintained at server-level and importable through the domain.A firewall policy includes a set of firewall rules that may come as a pre-set configuration or can be set up as needed.
You can activate a determined and pre-set firewall policy for a domain or a device.
- AccessFactoryTalk Remote Access Managerand theDomain viewsection.
- Click on theAdd resource(circled plusicon) next to the folder or device for which you wish to activate a firewall.
- You can create or import firewall rules, depending on whether you wish to create a policy by customizing rules or use an existing set of rules.
- To import a firewall policy from theFactoryTalk Remote Access Managerserver, click on the circled plus icon next to a folder or a device and selectImport firewall policy.
- Select the firewall policy that you wish to associate with your folder or device.NOTE: Children folders will inherit the firewall policy assigned to the related parent folder.
- To create a firewall policy, click on the circled plus icon next to a folder or a device and selectCreate firewall policy. Then, name the firewall policy and set firewall rules as needed.
TIP:
You can also associate a firewall policy with a folder or device by selecting these latter on the left pane of the
Domain view
section and expand the Firewall
pane on the right. Associate a firewall policy by clicking on the circled plus
icon.In this section, you can also
Allow
or Deny
any transactions coming from inherited firewell policies.Firewall polices transactions are set to
Allow
by default, so you should set any to Deny
as needed. To enhance safety, you can set all the firewall policies transactions to Deny
instead, and set to Allow
only specific protcols and IP addresses.The firewall policies applied to a folder are inherited by the devices stored therein. Flag the
Do not inherit Firewall policies
entry in the firewall section on the right pane to avoid inheritance of the policies associated with the parent folder.You can access any firewall policies assigned to a device or a folder by expanding the lines next to the
shield
symbol in the left pane of the Domain view
section. Click on each firewall policy to see the related firewall rules in the Firewall Rules
pane on the right.
NOTE:
You can edit imported or newly created firewall rules, cancel them or create any new ones by clicking on the
circled plus
, pencil
and bin
icons located at the top of the Firewall Rules
pane on the right.Firewall custom policy
To define a firewall custom policy:
- AccessFactoryTalk Remote Access Managerand theDomain viewsection.
- Select the folder for which you wish to define a firewall policy.
- Click on theAdd resourcebutton and selectCreate firewall policy. Enter the firewall policy name, then selectSave.
- Click onFirewallon the right pane and select thecircled plusiconm to open theAssociate firewall policy.
- Select the newly created firewall policy.
- DefineUser accountorGroupand set toAlloworDeny.
- The policy shows up on the left pane, as a child of the folder that was initially selected. Select it and selectFirewall Ruleson the right pane.
- Slect the circled plus button and theCreate firewall ruleshows up.
- Select theMAC Addressand theEthernet Typefrom the drop-down menu.
The VPN supports data-link layer virtualization, so this integrated firewall allows to define policies operating on several Ethernet packages that are sequentially verified.
Provide Feedback