Nat - Siemens SIMATIC NET SCALANCE S615 Configuration Manual

The firewall is enabled by default. In the delivery state (factory setting), the configuration of the
predefined IPv4 rules is as follows:
Service
Cloud Connector
DHCP
DNS
HTTP
HTTPS
IPsec VPN
Ping
SMS relay (only with M87x)
SNMP
SSH
System Time
Telnet
VRRP
With SCALANCE M826 and M804PB, only vlan1 is available in the delivery state.
1)
3.5.3

NAT

NAT (Network Address Translation) is a method of translating IP addresses in data packets.
With this, two different networks (internal and external) can be connected together.
A distinction is made between source NAT in which the source IP address is translated and
destination NAT in which the destination IP address is translated.
You will find information on NAT scenarios that are implemented with the device at the following
address: (https://support.industry.siemens.com/cs/gb/en/view/109744660)
IP masquerading
IP masquerading is a simplified source NAT. With each outgoing data packet sent via this
interface, the source IP address is replaced by the IP address of the interface. The adapted
data packet is sent to the destination IP address. For the destination host it appears as if the
queries always came from the same sender. The internal nodes cannot be reached directly
from the external network. By using NAPT, the services of the internal nodes can be made
reachable via the external IP address of the device.
IP masquerading can be used if the internal IP addresses cannot or should not be forwarded
externally, for example because the internal network structure should remain hidden.
You configure masquerading in "Layer 3" > "NAT" > "IP Masquerading (Page 236)".
SCALANCE S615 Web Based Management
Configuration Manual, 11/2019, C79000-G8976-C388-08
Access
Local access (vlan1) to the de‐
vice
1)
✓
✓
✓
✓
✓
--
✓
✓
✓
✓
--
✓
--
Technical basics
3.5 Security functions
External access to the device
M87x, M81x: ppp0/usb0
S615:vlan2
-
✓ (only with S615)
--
--
--
✓
--
--
--
--
--
--
--
45