Firewall
Application
With the control you can set up a firewall for the primary network interface, and for a sandbox if needed. You can block incoming network traffic for specific senders and services.
Related topics
- Existing network connection
- SELinux security software
Description of function
To navigate to this function:
Settings Network/Remote Access Firewall
If you activate the firewall, the Firewall settings window displays a symbol at the bottom right of the taskbar. The control displays the following symbols, depending on the security level:
Icon | Meaning |
---|---|
Firewall protection does not yet exist although it has been activated. Example: A dynamic IP address is used in the network interface configuration, but the DHCP server has not yet assigned an IP address. | |
Firewall active with medium security level. | |
Firewall active with high security level. All services except for SSH are blocked. |
Firewall settings
The Firewall settings window contains the following settings:
Setting | Meaning |
---|---|
Active | Activate or deactivate firewall |
Interface | Select the interface
If a control has two Ethernet interfaces, then by default the DHCP server for the machine network is active for the second interface. With this setting you cannot activate the firewall for eth1 because the firewall and DHCP server mutually exclude each other. |
Report other inhibited packets | Activate the firewall with a high security level All services except for SSH are blocked. |
Inhibit ICMP echo answer | If this check box is selected, the control does not respond to a ping request. |
Service | Brief designation of services configured with the firewall. You can change the settings even if the services are not started.
|
Method | Configure accessibility
|
Log | The control shows the following messages when transmitting network packets:
|
Computer | IP address or host name of the computers with access rights. Separated by commas, if there are multiple computers The control converts the host name to an IP address when the control starts. If the IP address changes, you must restart the control or change the setting. The control issues an error message if it cannot convert the host name to an IP address. Only for the Permit some method |
Advanced options | Only for network specialists |
Set standard values | Reset the settings to the default values recommended by HEIDENHAIN |
Notes
- Have your network specialist check and, if necessary, change the standard settings.
- When user administration is active, you can set up only secure network connections via SSH. The control automatically disables the LSV2 connections via the serial interfaces (COM1 and COM2) and the network connections without user authentication.
- The firewall does not protect the second network interface eth1. Connect only trustworthy hardware to this interface, and do not use this interface for Internet connections.