Firewall control using switches
I/O control for industrial firewalls
Thanks to I/O control the firewall can be controlled directly from the automation environment. This saves coordination effort and time.
Be flexible with problems or maintenance
Managing industrial firewalls can require great effort. This is not only due to the high relevance of an appropriate security level and the corresponding duty of care of those responsible. It is also complicated by the fact that in the event of a problem or maintenance, several players from IT and OT have to react at once. Coordination between these (very different) areas and tying up unnecessary resources can be avoided if firewalls are equipped with I/O control: This is because it enables remote maintenance or other firewall-specific events to be triggered flexibly and quickly via a switch or PLC output. In this way, various actions can be performed directly from the automation environment. The following actions can correspond to the status change of digital inputs of a firewall:
Activate VPN access via PLC output or simple switch
For security reasons, machine operators usually require remote maintenance access to be active only when necessary. When problems arise in familiar processes, support is then needed from the company’s own IT or even externally. In this case, operators can enable (and also restrict) remote access to the machine, for example, by activating a VPN access - only by activating a simple switch.
Switching firewall rule sets
In normal operation, only individual selected firewall releases are active, which, for example, allow an intranet PC to operate a machine with NC programs. If, in a special case, an additional port needs to be enabled for access to the machine configuration, this can also be done directly via a simple switch by the person operating the machine on site. When machines normally operate completely autonomously on a network island to keep the attack surface to a possible minimum, this is also a way to grant and revoke a short-term release for communication with the intranet for a specific purpose.
External visualization of events
For example, to ensure that remote access shutdown is not forgotten, a digital output of the firewall can signal the opening of remote access visually or acoustically.