Access to multiple devices behind the firewall

Tutorial: Access to multiple devices behind the firewall

Related Documents:

Example:

Both PLCs should be accessible via PC2 via their own IP addresses. Port forwarding (DNAT) is not possible here because especially with a Siemens PLC, the port assignment cannot be made in PC2.

 

1. Settings of the devices

2. Settings of mbNETFIX NF1


1. Settings of the devices

  • SPS1: IP: 192.168.0.112/24, Gateway: -----
  • SPS2: IP: 192.168.0.114/24, Gateway: -----
  • PC2: IP: 172.25.15.74/16, Gateway: -----

2. Settings of mbNETFIX NF1

  1. Set it to Gateway Mode.
  2. Set IP-Addresses LAN and WAN.
  3. Activate the WAN to LAN function at SNAT. This replaces the sender address of each IP packet that goes from WAN to LAN with the LAN IP address.
  4. Enter a Simple-NAT assignment for each PLC device and use only available WAN IP addresses. Thereby, the destination address is rerouted to another destination address.
    Specifically for the above case, each packet that has the destination address 172.25.15.91 is rerouted or changed to the destination address 192.168.0.112. The same occurs for 172.25.15.92 to 192.168.0.114.
    In this way, the PLCs can be directly accessed via a WAN IP address in the WAN network.
  5. As soon as you have added and activated an Simple-NAT assignment, the rule for this assignment is automatically entered and activated under "Packet filter > Rules > WAN > LAN". Please check whether the two newly added rules meet your requirements.

 

Revision: V1.0