Firewall settings

The integrated firewall allows to easily define and apply policies to the VPN traffic. This improves security and reduces traffic between Runtime and the
FactoryTalk Remote Access
Tools. A firewall policy needs to be configured before application.
FactoryTalk Remote Access
features a rich pre-defined policy library that is available and maintained at server-level and importable through the domain.
A firewall policy includes a set of firewall rules that may come as a pre-set configuration or can be set up as needed.
You can activate a determined and pre-set firewall policy for a domain or a device.
  1. Access
    FactoryTalk Remote Access Manager
    and the
    Domain view
    section.
  2. Click on the
    Add resource
    (
    circled plus
    icon) next to the folder or device for which you wish to activate a firewall.
  3. You can create or import firewall rules, depending on whether you wish to create a policy by customizing rules or use an existing set of rules.
    1. To import a firewall policy from the
      FactoryTalk Remote Access Manager
      server, click on the circled plus icon next to a folder or a device and select
      Import firewall policy
      .
      1. Select the firewall policy that you wish to associate with your folder or device.
        NOTE: Children folders will inherit the firewall policy assigned to the related parent folder.
    2. To create a firewall policy, click on the circled plus icon next to a folder or a device and select
      Create firewall policy
      . Then, name the firewall policy and set firewall rules as needed.
TIP:
You can also associate a firewall policy with a folder or device by selecting these latter on the left pane of the
Domain view
section and expand the
Firewall
pane on the right. Associate a firewall policy by clicking on the
circled plus
icon.
In this section, you can also
Allow
or
Deny
any transactions coming from inherited firewell policies.
Firewall polices transactions are set to
Allow
by default, so you should set any to
Deny
as needed. To enhance safety, you can set all the firewall policies transactions to
Deny
instead, and set to
Allow
only specific protcols and IP addresses.
The firewall policies applied to a folder are inherited by the devices stored therein. Flag the
Do not inherit Firewall policies
entry in the firewall section on the right pane to avoid inheritance of the policies associated with the parent folder.
You can access any firewall policies assigned to a device or a folder by expanding the lines next to the
shield
symbol in the left pane of the
Domain view
section. Click on each firewall policy to see the related firewall rules in the
Firewall Rules
pane on the right.
NOTE: You can edit imported or newly created firewall rules, cancel them or create any new ones by clicking on the
circled plus
,
pencil
and
bin
icons located at the top of the
Firewall Rules
pane on the right.

Firewall custom policy

To define a firewall custom policy:
  1. Access
    FactoryTalk Remote Access Manager
    and the
    Domain view
    section.
  2. Select the folder for which you wish to define a firewall policy.
  3. Click on the
    Add resource
    button and select
    Create firewall policy
    . Enter the firewall policy name, then select
    Save
    .
  4. Click on
    Firewall
    on the right pane and select the
    circled plus
    iconm to open the
    Associate firewall policy
    .
  5. Select the newly created firewall policy.
  6. Define
    User account
    or
    Group
    and set to
    Allow
    or
    Deny
    .
  7. The policy shows up on the left pane, as a child of the folder that was initially selected. Select it and select
    Firewall Rules
    on the right pane.
  8. Slect the circled plus button and the
    Create firewall rule
    shows up.
  9. Select the
    MAC Address
    and the
    Ethernet Type
    from the drop-down menu.
The VPN supports data-link layer virtualization, so this integrated firewall allows to define policies operating on several Ethernet packages that are sequentially verified.
Provide Feedback
Have questions or feedback about this documentation? Please submit your feedback here.