The WAN (corporate network) and LAN (machine network) side of the CloudVPN router are separated by its internal firewall. However, when you are on-site you may, for example, need internet access to look up user manuals or to have the machine send e-mails. You may also need access to the corporate network, for example, when a PLC needs to store data on a local FTP server.
You can then choose to:
- Allow ALL access to corporate network
- Allow ALL access to internet
- Allow LIMITED access to corporate network and internet
Allow all access to corporate network or internet
Allow all devices, on the LAN of the CloudVPN router, full access to either the corporate network or the internet:
- Go to Fleet Manager > Devices and click on your device name.
- In the left menu, go to Network > Firewall.
- Under LAN to WAN, at Full access, toggle the desired option (details below).
Option Description Allow access to corporate network All incoming LAN traffic with the corporate network as destination (i.e. any private IP address other than the CloudVPN router's LAN) will be allowed through the firewall. Allow access to internet All incoming LAN traffic with the internet as destination (i.e. any public IP address) will be allowed through the firewall.
You do not need to turn on "access to corporate network" for internet access to work. - In the top right corner, click on Push config to device.
- The device may temporarily disconnect and LAN communication may be temporarily interrupted while it's applying the new settings. This only takes a moment.
Tip: Wi-Fi hotspot
Allow limited access to corporate network and internet
To ensure a safe and protected network within the machine, you may not want to give full internet access to all devices on the LAN of the CloudVPN router, but rather only give internet access to devices that actually need it. Available in all CloudVPN models running firmware 3.22 or higher.
Limited access gives access to both the corporate network and the internet. It allows you to specify a source device (IP address or MAC address), a protocol, and a destination port. A source or destination is required.
If Allow all access and Allow limited access are both configured, then Allow all access will have priority over Allow limited access. As a result, all devices will have access to the internet or corporate network, regardless of the access list from Allow limited access.
- Go to Fleet Manager > Devices and click on your device name.
- In the left menu, go to Network > Firewall.
- Under LAN to WAN, at Limited access, add limited access.
- Enter the requested information (details below) and click on Add.
Field Description Source IP address* The source device's IP address. Source MAC address* The source device's MAC address. Protocol Select a protocol to allow or select all to allow all protocols. Destination port* Enter the allowed port or leave empty to allow traffic over all ports. Description Enter a description for this rule. * A source IP/MAC address or destination port is required.
- Repeat step 4 for every device, protocol, or port you want to grant access.
- In the top right corner, click on Push config to device.
- The device may temporarily disconnect and LAN communication may be temporarily interrupted while it's applying the new settings. This only takes a moment.
Comments
0 comments
Article is closed for comments.